[jboss-jira] [JBoss JIRA] Commented: (JBAS-3029) DatabaseServerLoginModule improvement

Felix Ho?feld (JIRA) jira-events at lists.jboss.org
Sat Mar 17 08:29:32 EDT 2007 

    [ http://jira.jboss.com/jira/browse/JBAS-3029?page=comments#action_12356443 ] 
            
Felix Ho?feld commented on JBAS-3029:
-------------------------------------

This is unnecessary because you can simply change your query:

SELECT * FROM (
         SELECT 'User', 'Roles' FROM USERS
         UNION
        SELECT 'Administrator','Roles' FROM ADMINISTRATORS)
WHERE username=?

The query optimizer of any sane database will notice the where clause and apply it to each select statement so there is no perfomance impact.

I vote against this issue and suggest it is closed.

Regards

Felix 

> DatabaseServerLoginModule improvement
> -------------------------------------
>
>                 Key: JBAS-3029
>                 URL: http://jira.jboss.com/jira/browse/JBAS-3029
>             Project: JBoss Application Server
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Security
>            Reporter: YCS WYW
>            Priority: Optional
>
> I would like to configure "org.jboss.security.auth.spi.DatabaseServerLoginModule" with complex SQL statements on "principalsQuery" and "rolesQuery" 
> (like: SELECT 'User', 'Roles' FROM USERS WHERE username=?  
>          UNION SELECT 'Administrator','Roles' FROM ADMINISTRATORS WHERE username=?  )
> But the SQL statements are executed by "java.sql.PreparedStatement" with only 1 parameter value for the first "?" (username). And the SQL statements that contains more than 1 "username" parameter doesn't work.
> I may be solved with the next modifications:
> In class "org.jboss.security.auth.spi.Util" :
> -----------------------------------------------------------------
> Changing "ps.setString(1, username);" of third "getRoleSets" method with these other statements:
>            int index = 0;
>            int param = 1;
>            while( (index = rolesQuery.indexOf("?", index)) >= 0) {
>                ps.setString(param++, username);
>                index++;
>            }
> And in class "org.jboss.security.auth.spi.DatabaseServerLoginModule":
> ---------------------------------------------------------------------------------------------------------------
> Changing "ps.setString(1, username);" of method "getUsersPassword" with these other statements:
>         int index = 0;
>         int param = 1;
>         while( (index = principalsQuery.indexOf("?", index)) >= 0) {
>             ps.setString(param++, username);
>             index++;
>         }
> Thanks.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list