OPENJPA-1678: add printParameters property to prevent SQL parameter values from being logged in exceptions or trace

git-svn-id: https://svn.apache.org/repos/asf/openjpa/branches/1.0.x@955062 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Michael Dick 2010-06-15 21:44:35 +00:00
parent f90ea1c743
commit 7a369b49e5
3 changed files with 192 additions and 1 deletions

View File

@ -84,6 +84,7 @@ public class LoggingConnectionDecorator implements ConnectionDecorator {
private int _warningAction = WARN_IGNORE;
private SQLWarningHandler _warningHandler;
private boolean _trackParameters = true;
private boolean _printParameters = false;
/**
* If set to <code>true</code>, pretty-print SQL by running it
@ -141,6 +142,21 @@ public class LoggingConnectionDecorator implements ConnectionDecorator {
return _trackParameters;
}
/**
* <p>
* Whether parameter values will be printed in exception messages or in trace. This is different from
* trackParameters which controls whether OpenJPA will track parameters internally (visible while debugging and used
* in batching).
* </p>
*/
public boolean getPrintParameters() {
return _printParameters;
}
public void setPrintParameters(boolean printParameters) {
_printParameters = printParameters;
}
/**
* What to do with SQL warnings.
*/
@ -1129,7 +1145,12 @@ public class LoggingConnectionDecorator implements ConnectionDecorator {
if (_params != null && !_params.isEmpty()) {
paramBuf = new StringBuffer();
for (Iterator itr = _params.iterator(); itr.hasNext();) {
if(_printParameters) {
paramBuf.append(itr.next());
} else {
paramBuf.append("?");
itr.next();
}
if (itr.hasNext())
paramBuf.append(", ");
}

View File

@ -0,0 +1,60 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.openjpa.persistence.exception;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.Version;
/**
* A Simple entity for testing. Has a version field for testing optimistic
* concurrent usage.
*
* @author Pinaki Poddar
*
*/
@Entity
public class PObject {
@Id
private long id;
private String name;
@Version
private int version;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public void setId(long id) {
this.id = id;
}
public long getId() {
return id;
}
public int getVersion() {
return version;
}
}

View File

@ -0,0 +1,110 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.openjpa.persistence.exception;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.util.regex.Pattern;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.EntityTransaction;
import javax.persistence.RollbackException;
import org.apache.openjpa.persistence.test.PersistenceTestCase;
public class TestParameterLogging extends PersistenceTestCase {
String _regex = ".*params=.*1,.*]";
/*
* Persist the same row twice in the same transaction - will throw an exception with the failing SQL statement
*/
private RollbackException getRollbackException(Object... props) {
EntityManagerFactory emf = createEMF(props);
EntityManager em = emf.createEntityManager();
EntityTransaction tran = em.getTransaction();
PObject p1, p2;
p1 = new PObject();
p2 = new PObject();
p1.setId(1);
p2.setId(1);
try {
tran.begin();
em.persist(p1);
em.persist(p2);
tran.commit();
em.close();
fail("Expected a RollbackException");
return null;
} catch (RollbackException re) {
return re;
} finally {
if (tran.isActive()) {
tran.rollback();
}
if (em.isOpen()) {
em.close();
}
if (emf.isOpen()) {
emf.close();
}
}
}
/*
* Ensure that parameter values are not included in exception text by default.
*/
public void testNoParamsByDefault() {
RollbackException e = getRollbackException(PObject.class, CLEAR_TABLES);
assertFalse(Pattern.matches(_regex, e.toString()));
Throwable nested = e.getCause();
while (nested != null) {
if (Pattern.matches(".*INSERT.*", nested.toString())) {
// only check if the message contains the insert statement.
assertFalse(Pattern.matches(_regex, nested.toString()));
}
nested = nested.getCause();
}
}
/*
* If the EMF is created with PrintParameters=true the parameter values will be logged in exception text.
*/
public void testParamsEnabledByConfig() {
RollbackException e =
getRollbackException(PObject.class, CLEAR_TABLES, "openjpa.ConnectionFactoryProperties",
"PrintParameters=true");
assertFalse(Pattern.matches(_regex, e.toString()));
Throwable nested = e.getCause();
assertNotNull(nested); // expecting at least one nested exception.
while (nested != null) {
if (Pattern.matches(".*INSERT.*", nested.toString())) {
// only check if the message contains the insert statement.
assertTrue(Pattern.matches(_regex, nested.toString()));
}
nested = nested.getCause();
}
}
}