exo-jcr SVN: r3123 - jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc. - exo-jcr-commits

Thursday, 16 September 2010


Author: sergiykarpenko
Date: 2010-09-16 11:01:49 -0400 (Thu, 16 Sep 2010)
New Revision: 3123

Modified:
  
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc/SingleDBCleaner.java
Log:
EXOJCR-939: DBCleaner security updated

Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc/SingleDBCleaner.java
===================================================================
---
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc/SingleDBCleaner.java	2010-09-16
14:44:28 UTC (rev 3122)
+++
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc/SingleDBCleaner.java	2010-09-16
15:01:49 UTC (rev 3123)
@@ -16,8 +16,11 @@
  */
 package org.exoplatform.services.jcr.impl.util.jdbc;
 
+import org.exoplatform.services.jcr.impl.util.SecurityHelper;
+
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.PrivilegedExceptionAction;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -96,7 +99,7 @@
       // Remove only child nodes in cycle, till all nodes will be removed.
       // Such algorithm used to avoid any constraint violation exception related to
foreign key.
       PreparedStatement getChildItems = null;
-      Statement removeItems = connection.createStatement();
+      final Statement removeItems = connection.createStatement();
 
       try
       {
@@ -108,7 +111,16 @@
 
          do
          {
-            ResultSet result = getChildItems.executeQuery();
+            final PreparedStatement getChildIds = getChildItems;
+            ResultSet result =
+               (ResultSet)SecurityHelper.doPriviledgedSQLExceptionAction(new
PrivilegedExceptionAction<Object>()
+               {
+                  public Object run() throws Exception
+                  {
+                     return getChildIds.executeQuery();
+                  }
+               });
+
             StringBuilder childListBuilder = new StringBuilder();
             if (result.next())
             {
@@ -123,8 +135,15 @@
                childListBuilder.append(" , '" + result.getString(1) +
"'");
             }
             // now remove nodes;
-            String q = REMOVE_ITEMS.replace("?", childListBuilder.toString());
-            removeItems.executeUpdate(q);
+            final String q = REMOVE_ITEMS.replace("?",
childListBuilder.toString());
+            SecurityHelper.doPriviledgedSQLExceptionAction(new
PrivilegedExceptionAction<Object>()
+            {
+               public Object run() throws Exception
+               {
+                  removeItems.executeUpdate(q);
+                  return null;
+               }
+            });
          }
          while (true);
       }
@@ -138,7 +157,6 @@
          if (removeItems != null)
          {
             removeItems.close();
-            removeItems = null;
          }
       }
    }


    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

exo-jcr SVN: r3123 - jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc.