[jboss-jira] [JBoss JIRA] Commented: (JBAS-3029) DatabaseServerLoginModule improvement
Felix Ho?feld (JIRA)
jira-events at lists.jboss.org
Sat Mar 17 08:29:32 EDT 2007
[ http://jira.jboss.com/jira/browse/JBAS-3029?page=comments#action_12356443 ]
Felix Ho?feld commented on JBAS-3029:
-------------------------------------
This is unnecessary because you can simply change your query:
SELECT * FROM (
SELECT 'User', 'Roles' FROM USERS
UNION
SELECT 'Administrator','Roles' FROM ADMINISTRATORS)
WHERE username=?
The query optimizer of any sane database will notice the where clause and apply it to each select statement so there is no perfomance impact.
I vote against this issue and suggest it is closed.
Regards
Felix
> DatabaseServerLoginModule improvement
> -------------------------------------
>
> Key: JBAS-3029
> URL: http://jira.jboss.com/jira/browse/JBAS-3029
> Project: JBoss Application Server
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Security
> Reporter: YCS WYW
> Priority: Optional
>
> I would like to configure "org.jboss.security.auth.spi.DatabaseServerLoginModule" with complex SQL statements on "principalsQuery" and "rolesQuery"
> (like: SELECT 'User', 'Roles' FROM USERS WHERE username=?
> UNION SELECT 'Administrator','Roles' FROM ADMINISTRATORS WHERE username=? )
> But the SQL statements are executed by "java.sql.PreparedStatement" with only 1 parameter value for the first "?" (username). And the SQL statements that contains more than 1 "username" parameter doesn't work.
> I may be solved with the next modifications:
> In class "org.jboss.security.auth.spi.Util" :
> -----------------------------------------------------------------
> Changing "ps.setString(1, username);" of third "getRoleSets" method with these other statements:
> int index = 0;
> int param = 1;
> while( (index = rolesQuery.indexOf("?", index)) >= 0) {
> ps.setString(param++, username);
> index++;
> }
> And in class "org.jboss.security.auth.spi.DatabaseServerLoginModule":
> ---------------------------------------------------------------------------------------------------------------
> Changing "ps.setString(1, username);" of method "getUsersPassword" with these other statements:
> int index = 0;
> int param = 1;
> while( (index = principalsQuery.indexOf("?", index)) >= 0) {
> ps.setString(param++, username);
> index++;
> }
> Thanks.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list