SEC-51: Use long instead of int for ACL primary keys.
This commit is contained in:
parent
633f2cfe66
commit
6e389ca1b8
|
@ -300,8 +300,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
|
|||
private AclObjectIdentity aclObjectParentIdentity;
|
||||
private Class aclClass;
|
||||
private Object recipient;
|
||||
private int foreignKeyId;
|
||||
private int mask;
|
||||
private long foreignKeyId;
|
||||
|
||||
/**
|
||||
* Record details of an individual ACL entry (usually from the
|
||||
|
@ -330,7 +330,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
|
|||
* created for each individual ACL entry (or an inheritence
|
||||
* "holder" class if there are no ACL entries)
|
||||
*/
|
||||
public AclDetailsHolder(int foreignKeyId,
|
||||
public AclDetailsHolder(long foreignKeyId,
|
||||
AclObjectIdentity aclObjectIdentity,
|
||||
AclObjectIdentity aclObjectParentIdentity, Class aclClass) {
|
||||
this.foreignKeyId = foreignKeyId;
|
||||
|
@ -351,7 +351,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
|
|||
return aclObjectParentIdentity;
|
||||
}
|
||||
|
||||
public int getForeignKeyId() {
|
||||
public long getForeignKeyId() {
|
||||
return foreignKeyId;
|
||||
}
|
||||
|
||||
|
@ -384,7 +384,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
|
|||
protected class AclsByObjectIdentityMapping extends MappingSqlQuery {
|
||||
protected AclsByObjectIdentityMapping(DataSource ds) {
|
||||
super(ds, aclsByObjectIdentityQuery);
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
declareParameter(new SqlParameter(Types.BIGINT));
|
||||
compile();
|
||||
}
|
||||
|
||||
|
@ -428,7 +428,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
|
|||
|
||||
protected Object mapRow(ResultSet rs, int rownum)
|
||||
throws SQLException {
|
||||
int id = rs.getInt(1); // required
|
||||
long id = rs.getLong(1); // required
|
||||
String objectIdentity = rs.getString(2); // required
|
||||
String aclClass = rs.getString(3); // required
|
||||
String parentObjectIdentity = rs.getString(4); // optional
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package net.sf.acegisecurity.acl.basic.jdbc;
|
||||
|
||||
import net.sf.acegisecurity.acl.basic.AclObjectIdentity;
|
||||
|
@ -64,6 +65,8 @@ import javax.sql.DataSource;
|
|||
*/
|
||||
public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
||||
implements BasicAclExtendedDao {
|
||||
//~ Static fields/initializers =============================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(JdbcExtendedDaoImpl.class);
|
||||
public static final String DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT = "DELETE FROM acl_object_identity WHERE id = ?";
|
||||
public static final String DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT = "INSERT INTO acl_object_identity (object_identity, parent_object, acl_class) VALUES (?, ?, ?)";
|
||||
|
@ -71,6 +74,9 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
public static final String DEF_ACL_PERMISSION_INSERT_STATEMENT = "INSERT INTO acl_permission (acl_object_identity, recipient, mask) VALUES (?, ?, ?)";
|
||||
public static final String DEF_ACL_PERMISSION_UPDATE_STATEMENT = "UPDATE acl_permission SET mask = ? WHERE id = ?";
|
||||
public static final String DEF_LOOKUP_PERMISSION_ID_QUERY = "SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
|
||||
|
||||
//~ Instance fields ========================================================
|
||||
|
||||
private AclObjectIdentityDelete aclObjectIdentityDelete;
|
||||
private AclObjectIdentityInsert aclObjectIdentityInsert;
|
||||
private AclPermissionDelete aclPermissionDelete;
|
||||
|
@ -84,6 +90,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
private String aclPermissionUpdateStatement;
|
||||
private String lookupPermissionIdQuery;
|
||||
|
||||
//~ Constructors ===========================================================
|
||||
|
||||
public JdbcExtendedDaoImpl() {
|
||||
aclObjectIdentityDeleteStatement = DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT;
|
||||
aclObjectIdentityInsertStatement = DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT;
|
||||
|
@ -93,6 +101,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
lookupPermissionIdQuery = DEF_LOOKUP_PERMISSION_ID_QUERY;
|
||||
}
|
||||
|
||||
//~ Methods ================================================================
|
||||
|
||||
public void setAclObjectIdentityDelete(
|
||||
AclObjectIdentityDelete aclObjectIdentityDelete) {
|
||||
this.aclObjectIdentityDelete = aclObjectIdentityDelete;
|
||||
|
@ -203,17 +213,17 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
|
||||
|
||||
// Retrieve applicable acl_permission.id
|
||||
int permissionId = lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
|
||||
long permissionId = lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
|
||||
recipient.toString());
|
||||
|
||||
if (permissionId == -1) {
|
||||
throw new DataRetrievalFailureException(
|
||||
"Could not locate existing acl_permission for aclObjectIdentity: " +
|
||||
aclObjectIdentity + ", recipient: " + recipient.toString());
|
||||
"Could not locate existing acl_permission for aclObjectIdentity: "
|
||||
+ aclObjectIdentity + ", recipient: " + recipient.toString());
|
||||
}
|
||||
|
||||
// Change permission
|
||||
aclPermissionUpdate.update(new Integer(permissionId), newMask);
|
||||
aclPermissionUpdate.update(new Long(permissionId), newMask);
|
||||
}
|
||||
|
||||
public void create(BasicAclEntry basicAclEntry) throws DataAccessException {
|
||||
|
@ -227,7 +237,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
}
|
||||
|
||||
// Retrieve acl_object_identity record details
|
||||
AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(basicAclEntry.getAclObjectIdentity());
|
||||
AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(basicAclEntry
|
||||
.getAclObjectIdentity());
|
||||
|
||||
// Ensure there isn't an existing record for this recipient
|
||||
if (lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
|
||||
|
@ -237,8 +248,7 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
}
|
||||
|
||||
// Create acl_permission
|
||||
aclPermissionInsert.insert(new Integer(
|
||||
aclDetailsHolder.getForeignKeyId()),
|
||||
aclPermissionInsert.insert(new Long(aclDetailsHolder.getForeignKeyId()),
|
||||
basicAclEntry.getRecipient().toString(),
|
||||
new Integer(basicAclEntry.getMask()));
|
||||
}
|
||||
|
@ -249,8 +259,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
|
||||
|
||||
// Retrieve all acl_permissions applying to this acl_object_identity
|
||||
Iterator acls = aclsByObjectIdentity.execute(aclDetailsHolder.getForeignKeyId())
|
||||
.iterator();
|
||||
Iterator acls = aclsByObjectIdentity.execute(aclDetailsHolder
|
||||
.getForeignKeyId()).iterator();
|
||||
|
||||
// Delete all existing acl_permissions applying to this acl_object_identity
|
||||
while (acls.hasNext()) {
|
||||
|
@ -259,7 +269,7 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
}
|
||||
|
||||
// Delete acl_object_identity
|
||||
aclObjectIdentityDelete.delete(new Integer(
|
||||
aclObjectIdentityDelete.delete(new Long(
|
||||
aclDetailsHolder.getForeignKeyId()));
|
||||
}
|
||||
|
||||
|
@ -269,8 +279,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
|
||||
|
||||
// Delete acl_permission
|
||||
aclPermissionDelete.delete(new Integer(
|
||||
aclDetailsHolder.getForeignKeyId()), recipient.toString());
|
||||
aclPermissionDelete.delete(new Long(aclDetailsHolder.getForeignKeyId()),
|
||||
recipient.toString());
|
||||
}
|
||||
|
||||
protected void initDao() throws ApplicationContextException {
|
||||
|
@ -294,18 +304,20 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
*/
|
||||
private void createAclObjectIdentityIfRequired(BasicAclEntry basicAclEntry)
|
||||
throws DataAccessException {
|
||||
String aclObjectIdentityString = convertAclObjectIdentityToString(basicAclEntry.getAclObjectIdentity());
|
||||
String aclObjectIdentityString = convertAclObjectIdentityToString(basicAclEntry
|
||||
.getAclObjectIdentity());
|
||||
|
||||
// Lookup the object's main properties from the RDBMS (guaranteed no nulls)
|
||||
List objects = objectProperties.execute(aclObjectIdentityString);
|
||||
|
||||
if (objects.size() == 0) {
|
||||
if (basicAclEntry.getAclObjectParentIdentity() != null) {
|
||||
AclDetailsHolder parentDetails = lookupAclDetailsHolder(basicAclEntry.getAclObjectParentIdentity());
|
||||
AclDetailsHolder parentDetails = lookupAclDetailsHolder(basicAclEntry
|
||||
.getAclObjectParentIdentity());
|
||||
|
||||
// Must create the acl_object_identity record
|
||||
aclObjectIdentityInsert.insert(aclObjectIdentityString,
|
||||
new Integer(parentDetails.getForeignKeyId()),
|
||||
new Long(parentDetails.getForeignKeyId()),
|
||||
basicAclEntry.getClass().getName());
|
||||
} else {
|
||||
// Must create the acl_object_identity record
|
||||
|
@ -352,27 +364,28 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
*
|
||||
* @throws DataAccessException DOCUMENT ME!
|
||||
*/
|
||||
private int lookupPermissionId(int aclObjectIdentityId, Object recipient)
|
||||
private long lookupPermissionId(long aclObjectIdentityId, Object recipient)
|
||||
throws DataAccessException {
|
||||
List list = lookupPermissionIdMapping.execute(new Object[] {
|
||||
new Integer(aclObjectIdentityId), recipient
|
||||
});
|
||||
List list = lookupPermissionIdMapping.execute(new Object[] {new Long(
|
||||
aclObjectIdentityId), recipient});
|
||||
|
||||
if (list.size() == 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return ((Integer) list.get(0)).intValue();
|
||||
return ((Long) list.get(0)).longValue();
|
||||
}
|
||||
|
||||
//~ Inner Classes ==========================================================
|
||||
|
||||
protected class AclObjectIdentityDelete extends SqlUpdate {
|
||||
protected AclObjectIdentityDelete(DataSource ds) {
|
||||
super(ds, aclObjectIdentityDeleteStatement);
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
declareParameter(new SqlParameter(Types.BIGINT));
|
||||
compile();
|
||||
}
|
||||
|
||||
protected void delete(Integer aclObjectIdentity)
|
||||
protected void delete(Long aclObjectIdentity)
|
||||
throws DataAccessException {
|
||||
super.update(aclObjectIdentity.intValue());
|
||||
}
|
||||
|
@ -382,17 +395,15 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
protected AclObjectIdentityInsert(DataSource ds) {
|
||||
super(ds, aclObjectIdentityInsertStatement);
|
||||
declareParameter(new SqlParameter(Types.VARCHAR));
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
declareParameter(new SqlParameter(Types.BIGINT));
|
||||
declareParameter(new SqlParameter(Types.VARCHAR));
|
||||
compile();
|
||||
}
|
||||
|
||||
protected void insert(String objectIdentity,
|
||||
Integer parentAclObjectIdentity, String aclClass)
|
||||
Long parentAclObjectIdentity, String aclClass)
|
||||
throws DataAccessException {
|
||||
Object[] objs = new Object[] {
|
||||
objectIdentity, parentAclObjectIdentity, aclClass
|
||||
};
|
||||
Object[] objs = new Object[] {objectIdentity, parentAclObjectIdentity, aclClass};
|
||||
super.update(objs);
|
||||
}
|
||||
}
|
||||
|
@ -400,12 +411,12 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
protected class AclPermissionDelete extends SqlUpdate {
|
||||
protected AclPermissionDelete(DataSource ds) {
|
||||
super(ds, aclPermissionDeleteStatement);
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
declareParameter(new SqlParameter(Types.BIGINT));
|
||||
declareParameter(new SqlParameter(Types.VARCHAR));
|
||||
compile();
|
||||
}
|
||||
|
||||
protected void delete(Integer aclObjectIdentity, String recipient)
|
||||
protected void delete(Long aclObjectIdentity, String recipient)
|
||||
throws DataAccessException {
|
||||
super.update(new Object[] {aclObjectIdentity, recipient});
|
||||
}
|
||||
|
@ -414,13 +425,13 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
protected class AclPermissionInsert extends SqlUpdate {
|
||||
protected AclPermissionInsert(DataSource ds) {
|
||||
super(ds, aclPermissionInsertStatement);
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
declareParameter(new SqlParameter(Types.BIGINT));
|
||||
declareParameter(new SqlParameter(Types.VARCHAR));
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
compile();
|
||||
}
|
||||
|
||||
protected void insert(Integer aclObjectIdentity, String recipient,
|
||||
protected void insert(Long aclObjectIdentity, String recipient,
|
||||
Integer mask) throws DataAccessException {
|
||||
Object[] objs = new Object[] {aclObjectIdentity, recipient, mask};
|
||||
super.update(objs);
|
||||
|
@ -430,12 +441,12 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
protected class AclPermissionUpdate extends SqlUpdate {
|
||||
protected AclPermissionUpdate(DataSource ds) {
|
||||
super(ds, aclPermissionUpdateStatement);
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
declareParameter(new SqlParameter(Types.BIGINT));
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
compile();
|
||||
}
|
||||
|
||||
protected void update(Integer aclPermissionId, Integer newMask)
|
||||
protected void update(Long aclPermissionId, Integer newMask)
|
||||
throws DataAccessException {
|
||||
super.update(newMask.intValue(), aclPermissionId.intValue());
|
||||
}
|
||||
|
@ -444,14 +455,14 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
|
|||
protected class LookupPermissionIdMapping extends MappingSqlQuery {
|
||||
protected LookupPermissionIdMapping(DataSource ds) {
|
||||
super(ds, lookupPermissionIdQuery);
|
||||
declareParameter(new SqlParameter(Types.INTEGER));
|
||||
declareParameter(new SqlParameter(Types.BIGINT));
|
||||
declareParameter(new SqlParameter(Types.VARCHAR));
|
||||
compile();
|
||||
}
|
||||
|
||||
protected Object mapRow(ResultSet rs, int rownum)
|
||||
throws SQLException {
|
||||
return new Integer(rs.getInt(1));
|
||||
return new Long(rs.getLong(1));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -63,9 +63,9 @@ public class PopulatedDatabase {
|
|||
template.execute(
|
||||
"CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY)");
|
||||
template.execute(
|
||||
"CREATE TABLE ACL_OBJECT_IDENTITY(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT INTEGER,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
|
||||
"CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT BIGINT,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
|
||||
template.execute(
|
||||
"CREATE TABLE ACL_PERMISSION(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY INTEGER NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
|
||||
"CREATE TABLE ACL_PERMISSION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
|
||||
template.execute("SET IGNORECASE TRUE");
|
||||
template.execute("INSERT INTO USERS VALUES('dianne','emu',TRUE)");
|
||||
template.execute("INSERT INTO USERS VALUES('marissa','koala',TRUE)");
|
||||
|
@ -94,9 +94,11 @@ public class PopulatedDatabase {
|
|||
"INSERT INTO acl_object_identity VALUES (5, 'net.sf.acegisecurity.acl.DomainObject:5', 3, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');");
|
||||
template.execute(
|
||||
"INSERT INTO acl_object_identity VALUES (6, 'net.sf.acegisecurity.acl.DomainObject:6', 3, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');");
|
||||
|
||||
// ----- BEGIN deviation from normal sample data load script -----
|
||||
template.execute(
|
||||
"INSERT INTO acl_object_identity VALUES (7, 'net.sf.acegisecurity.acl.DomainObject:7', 3, 'some.invalid.acl.entry.class');");
|
||||
|
||||
// ----- FINISH deviation from normal sample data load script -----
|
||||
template.execute(
|
||||
"INSERT INTO acl_permission VALUES (null, 1, 'ROLE_SUPERVISOR', 1);");
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -37,17 +37,17 @@ INSERT INTO authorities VALUES ('peter', 'ROLE_TELLER');
|
|||
--- Indexes auto created in HSQLDB for primary keys and unique columns
|
||||
|
||||
CREATE TABLE acl_object_identity (
|
||||
id IDENTITY NOT NULL,
|
||||
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,
|
||||
object_identity VARCHAR_IGNORECASE(250) NOT NULL,
|
||||
parent_object INTEGER,
|
||||
parent_object BIGINT,
|
||||
acl_class VARCHAR_IGNORECASE(250) NOT NULL,
|
||||
CONSTRAINT unique_object_identity UNIQUE(object_identity),
|
||||
FOREIGN KEY (parent_object) REFERENCES acl_object_identity(id)
|
||||
);
|
||||
|
||||
CREATE TABLE acl_permission (
|
||||
id IDENTITY NOT NULL,
|
||||
acl_object_identity INTEGER NOT NULL,
|
||||
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY
|
||||
acl_object_identity BIGINT NOT NULL,
|
||||
recipient VARCHAR_IGNORECASE(100) NOT NULL,
|
||||
mask INTEGER NOT NULL,
|
||||
CONSTRAINT unique_recipient UNIQUE(acl_object_identity, recipient),
|
||||
|
|
Loading…
Reference in New Issue