SEC-51: Use long instead of int for ACL primary keys.

2005-11-03 13:38:45 +00:00 · 2005-11-03 13:38:45 +00:00 · 6e389ca1b8
parent 633f2cfe66
commit 6e389ca1b8
6 changed files with 67 additions and 54 deletions
--- a/core/src/main/java/org/acegisecurity/acl/basic/jdbc/JdbcDaoImpl.java
+++ b/core/src/main/java/org/acegisecurity/acl/basic/jdbc/JdbcDaoImpl.java
@ -300,8 +300,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
        private AclObjectIdentity aclObjectParentIdentity;
        private Class aclClass;
        private Object recipient;
        private int foreignKeyId;
        private int mask;
        private long foreignKeyId;
        /**
         * Record details of an individual ACL entry (usually from the
@ -330,7 +330,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
         *        created for each individual ACL entry (or an inheritence
         *        "holder" class if there are no ACL entries)
         */
-        public AclDetailsHolder(int foreignKeyId,
+        public AclDetailsHolder(long foreignKeyId,
            AclObjectIdentity aclObjectIdentity,
            AclObjectIdentity aclObjectParentIdentity, Class aclClass) {
            this.foreignKeyId = foreignKeyId;
@ -351,7 +351,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
            return aclObjectParentIdentity;
        }
-        public int getForeignKeyId() {
+        public long getForeignKeyId() {
            return foreignKeyId;
        }
@ -384,7 +384,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
    protected class AclsByObjectIdentityMapping extends MappingSqlQuery {
        protected AclsByObjectIdentityMapping(DataSource ds) {
            super(ds, aclsByObjectIdentityQuery);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
            compile();
        }
@ -428,7 +428,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
        protected Object mapRow(ResultSet rs, int rownum)
            throws SQLException {
-            int id = rs.getInt(1); // required
+            long id = rs.getLong(1); // required
            String objectIdentity = rs.getString(2); // required
            String aclClass = rs.getString(3); // required
            String parentObjectIdentity = rs.getString(4); // optional
--- a/core/src/main/java/org/acegisecurity/acl/basic/jdbc/JdbcExtendedDaoImpl.java
+++ b/core/src/main/java/org/acegisecurity/acl/basic/jdbc/JdbcExtendedDaoImpl.java
@ -12,6 +12,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package net.sf.acegisecurity.acl.basic.jdbc;
 import net.sf.acegisecurity.acl.basic.AclObjectIdentity;
@ -64,6 +65,8 @@ import javax.sql.DataSource;
 */
 public class JdbcExtendedDaoImpl extends JdbcDaoImpl
    implements BasicAclExtendedDao {
    //~ Static fields/initializers =============================================
    private static final Log logger = LogFactory.getLog(JdbcExtendedDaoImpl.class);
    public static final String DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT = "DELETE FROM acl_object_identity WHERE id = ?";
    public static final String DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT = "INSERT INTO acl_object_identity (object_identity, parent_object, acl_class) VALUES (?, ?, ?)";
@ -71,6 +74,9 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
    public static final String DEF_ACL_PERMISSION_INSERT_STATEMENT = "INSERT INTO acl_permission (acl_object_identity, recipient, mask) VALUES (?, ?, ?)";
    public static final String DEF_ACL_PERMISSION_UPDATE_STATEMENT = "UPDATE acl_permission SET mask = ? WHERE id = ?";
    public static final String DEF_LOOKUP_PERMISSION_ID_QUERY = "SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
    //~ Instance fields ========================================================
    private AclObjectIdentityDelete aclObjectIdentityDelete;
    private AclObjectIdentityInsert aclObjectIdentityInsert;
    private AclPermissionDelete aclPermissionDelete;
@ -84,6 +90,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
    private String aclPermissionUpdateStatement;
    private String lookupPermissionIdQuery;
    //~ Constructors ===========================================================
    public JdbcExtendedDaoImpl() {
        aclObjectIdentityDeleteStatement = DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT;
        aclObjectIdentityInsertStatement = DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT;
@ -93,6 +101,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
        lookupPermissionIdQuery = DEF_LOOKUP_PERMISSION_ID_QUERY;
    }
    //~ Methods ================================================================
    public void setAclObjectIdentityDelete(
        AclObjectIdentityDelete aclObjectIdentityDelete) {
        this.aclObjectIdentityDelete = aclObjectIdentityDelete;
@ -203,17 +213,17 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
        AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
        // Retrieve applicable acl_permission.id
-        int permissionId = lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
+        long permissionId = lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
                recipient.toString());
        if (permissionId == -1) {
            throw new DataRetrievalFailureException(
-                "Could not locate existing acl_permission for aclObjectIdentity: " +
+                "Could not locate existing acl_permission for aclObjectIdentity: "
-                aclObjectIdentity + ", recipient: " + recipient.toString());
+                + aclObjectIdentity + ", recipient: " + recipient.toString());
        }
        // Change permission
-        aclPermissionUpdate.update(new Integer(permissionId), newMask);
+        aclPermissionUpdate.update(new Long(permissionId), newMask);
    }
    public void create(BasicAclEntry basicAclEntry) throws DataAccessException {
@ -227,7 +237,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
        }
        // Retrieve acl_object_identity record details
-        AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(basicAclEntry.getAclObjectIdentity());
+        AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(basicAclEntry
                .getAclObjectIdentity());
        // Ensure there isn't an existing record for this recipient
        if (lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
@ -237,8 +248,7 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
        }
        // Create acl_permission
-        aclPermissionInsert.insert(new Integer(
+        aclPermissionInsert.insert(new Long(aclDetailsHolder.getForeignKeyId()),
                aclDetailsHolder.getForeignKeyId()),
            basicAclEntry.getRecipient().toString(),
            new Integer(basicAclEntry.getMask()));
    }
@ -249,8 +259,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
        AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
        // Retrieve all acl_permissions applying to this acl_object_identity
-        Iterator acls = aclsByObjectIdentity.execute(aclDetailsHolder.getForeignKeyId())
+        Iterator acls = aclsByObjectIdentity.execute(aclDetailsHolder
-                                            .iterator();
+                .getForeignKeyId()).iterator();
        // Delete all existing acl_permissions applying to this acl_object_identity
        while (acls.hasNext()) {
@ -259,7 +269,7 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
        }
        // Delete acl_object_identity
-        aclObjectIdentityDelete.delete(new Integer(
+        aclObjectIdentityDelete.delete(new Long(
                aclDetailsHolder.getForeignKeyId()));
    }
@ -269,8 +279,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
        AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
        // Delete acl_permission
-        aclPermissionDelete.delete(new Integer(
+        aclPermissionDelete.delete(new Long(aclDetailsHolder.getForeignKeyId()),
-                aclDetailsHolder.getForeignKeyId()), recipient.toString());
+            recipient.toString());
    }
    protected void initDao() throws ApplicationContextException {
@ -294,18 +304,20 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
     */
    private void createAclObjectIdentityIfRequired(BasicAclEntry basicAclEntry)
        throws DataAccessException {
-        String aclObjectIdentityString = convertAclObjectIdentityToString(basicAclEntry.getAclObjectIdentity());
+        String aclObjectIdentityString = convertAclObjectIdentityToString(basicAclEntry
                .getAclObjectIdentity());
        // Lookup the object's main properties from the RDBMS (guaranteed no nulls)
        List objects = objectProperties.execute(aclObjectIdentityString);
        if (objects.size() == 0) {
            if (basicAclEntry.getAclObjectParentIdentity() != null) {
-                AclDetailsHolder parentDetails = lookupAclDetailsHolder(basicAclEntry.getAclObjectParentIdentity());
+                AclDetailsHolder parentDetails = lookupAclDetailsHolder(basicAclEntry
                        .getAclObjectParentIdentity());
                // Must create the acl_object_identity record
                aclObjectIdentityInsert.insert(aclObjectIdentityString,
-                    new Integer(parentDetails.getForeignKeyId()),
+                    new Long(parentDetails.getForeignKeyId()),
                    basicAclEntry.getClass().getName());
            } else {
                // Must create the acl_object_identity record
@ -352,27 +364,28 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
     *
     * @throws DataAccessException DOCUMENT ME!
     */
-    private int lookupPermissionId(int aclObjectIdentityId, Object recipient)
+    private long lookupPermissionId(long aclObjectIdentityId, Object recipient)
        throws DataAccessException {
-        List list = lookupPermissionIdMapping.execute(new Object[] {
+        List list = lookupPermissionIdMapping.execute(new Object[] {new Long(
-                    new Integer(aclObjectIdentityId), recipient
+                        aclObjectIdentityId), recipient});
                });
        if (list.size() == 0) {
            return -1;
        }
-        return ((Integer) list.get(0)).intValue();
+        return ((Long) list.get(0)).longValue();
    }
    //~ Inner Classes ==========================================================
    protected class AclObjectIdentityDelete extends SqlUpdate {
        protected AclObjectIdentityDelete(DataSource ds) {
            super(ds, aclObjectIdentityDeleteStatement);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
            compile();
        }
-        protected void delete(Integer aclObjectIdentity)
+        protected void delete(Long aclObjectIdentity)
            throws DataAccessException {
            super.update(aclObjectIdentity.intValue());
        }
@ -382,17 +395,15 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
        protected AclObjectIdentityInsert(DataSource ds) {
            super(ds, aclObjectIdentityInsertStatement);
            declareParameter(new SqlParameter(Types.VARCHAR));
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
            declareParameter(new SqlParameter(Types.VARCHAR));
            compile();
        }
        protected void insert(String objectIdentity,
-            Integer parentAclObjectIdentity, String aclClass)
+            Long parentAclObjectIdentity, String aclClass)
            throws DataAccessException {
-            Object[] objs = new Object[] {
+            Object[] objs = new Object[] {objectIdentity, parentAclObjectIdentity, aclClass};
                    objectIdentity, parentAclObjectIdentity, aclClass
                };
            super.update(objs);
        }
    }
@ -400,29 +411,29 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
    protected class AclPermissionDelete extends SqlUpdate {
        protected AclPermissionDelete(DataSource ds) {
            super(ds, aclPermissionDeleteStatement);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
            declareParameter(new SqlParameter(Types.VARCHAR));
            compile();
        }
-        protected void delete(Integer aclObjectIdentity, String recipient)
+        protected void delete(Long aclObjectIdentity, String recipient)
            throws DataAccessException {
-            super.update(new Object[] { aclObjectIdentity, recipient });
+            super.update(new Object[] {aclObjectIdentity, recipient});
        }
    }
    protected class AclPermissionInsert extends SqlUpdate {
        protected AclPermissionInsert(DataSource ds) {
            super(ds, aclPermissionInsertStatement);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
            declareParameter(new SqlParameter(Types.VARCHAR));
            declareParameter(new SqlParameter(Types.INTEGER));
            compile();
        }
-        protected void insert(Integer aclObjectIdentity, String recipient,
+        protected void insert(Long aclObjectIdentity, String recipient,
            Integer mask) throws DataAccessException {
-            Object[] objs = new Object[] { aclObjectIdentity, recipient, mask };
+            Object[] objs = new Object[] {aclObjectIdentity, recipient, mask};
            super.update(objs);
        }
    }
@ -430,12 +441,12 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
    protected class AclPermissionUpdate extends SqlUpdate {
        protected AclPermissionUpdate(DataSource ds) {
            super(ds, aclPermissionUpdateStatement);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
            declareParameter(new SqlParameter(Types.INTEGER));
            compile();
        }
-        protected void update(Integer aclPermissionId, Integer newMask)
+        protected void update(Long aclPermissionId, Integer newMask)
            throws DataAccessException {
            super.update(newMask.intValue(), aclPermissionId.intValue());
        }
@ -444,14 +455,14 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
    protected class LookupPermissionIdMapping extends MappingSqlQuery {
        protected LookupPermissionIdMapping(DataSource ds) {
            super(ds, lookupPermissionIdQuery);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
            declareParameter(new SqlParameter(Types.VARCHAR));
            compile();
        }
        protected Object mapRow(ResultSet rs, int rownum)
            throws SQLException {
-            return new Integer(rs.getInt(1));
+            return new Long(rs.getLong(1));
        }
    }
 }
--- a/core/src/test/java/org/acegisecurity/PopulatedDatabase.java
+++ b/core/src/test/java/org/acegisecurity/PopulatedDatabase.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -63,9 +63,9 @@ public class PopulatedDatabase {
        template.execute(
            "CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY)");
        template.execute(
-            "CREATE TABLE ACL_OBJECT_IDENTITY(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT INTEGER,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
+            "CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT BIGINT,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
        template.execute(
-            "CREATE TABLE ACL_PERMISSION(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY INTEGER NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
+            "CREATE TABLE ACL_PERMISSION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
        template.execute("SET IGNORECASE TRUE");
        template.execute("INSERT INTO USERS VALUES('dianne','emu',TRUE)");
        template.execute("INSERT INTO USERS VALUES('marissa','koala',TRUE)");
@ -94,9 +94,11 @@ public class PopulatedDatabase {
            "INSERT INTO acl_object_identity VALUES (5, 'net.sf.acegisecurity.acl.DomainObject:5', 3, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');");
        template.execute(
            "INSERT INTO acl_object_identity VALUES (6, 'net.sf.acegisecurity.acl.DomainObject:6', 3, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');");
        // ----- BEGIN deviation from normal sample data load script -----
        template.execute(
            "INSERT INTO acl_object_identity VALUES (7, 'net.sf.acegisecurity.acl.DomainObject:7', 3, 'some.invalid.acl.entry.class');");
        // ----- FINISH deviation from normal sample data load script -----
        template.execute(
            "INSERT INTO acl_permission VALUES (null, 1, 'ROLE_SUPERVISOR', 1);");
--- a/core/src/test/java/org/acegisecurity/acl/basic/jdbc/JdbcDaoImplTests.java
+++ b/core/src/test/java/org/acegisecurity/acl/basic/jdbc/JdbcDaoImplTests.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/core/src/test/java/org/acegisecurity/acl/basic/jdbc/JdbcExtendedDaoImplTests.java
+++ b/core/src/test/java/org/acegisecurity/acl/basic/jdbc/JdbcExtendedDaoImplTests.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/doc/xdocs/dbinit.txt
+++ b/doc/xdocs/dbinit.txt
@ -37,17 +37,17 @@ INSERT INTO authorities VALUES ('peter', 'ROLE_TELLER');
 --- Indexes auto created in HSQLDB for primary keys and unique columns
 CREATE TABLE acl_object_identity (
-     id IDENTITY NOT NULL,
+     id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,
     object_identity VARCHAR_IGNORECASE(250) NOT NULL,
-     parent_object INTEGER,
+     parent_object BIGINT,
     acl_class VARCHAR_IGNORECASE(250) NOT NULL,
     CONSTRAINT unique_object_identity UNIQUE(object_identity),
     FOREIGN KEY (parent_object) REFERENCES acl_object_identity(id)
 );
 CREATE TABLE acl_permission (
-     id IDENTITY NOT NULL,
+     id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY
-     acl_object_identity INTEGER NOT NULL,
+     acl_object_identity BIGINT NOT NULL,
     recipient VARCHAR_IGNORECASE(100) NOT NULL,
     mask INTEGER NOT NULL,
     CONSTRAINT unique_recipient UNIQUE(acl_object_identity, recipient),