Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-3029

DatabaseServerLoginModule improvement

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Obsolete
    • Icon: Optional Optional
    • No Release
    • None
    • Security
    • None

      I would like to configure "org.jboss.security.auth.spi.DatabaseServerLoginModule" with complex SQL statements on "principalsQuery" and "rolesQuery"
      (like: SELECT 'User', 'Roles' FROM USERS WHERE username=?
      UNION SELECT 'Administrator','Roles' FROM ADMINISTRATORS WHERE username=? )

      But the SQL statements are executed by "java.sql.PreparedStatement" with only 1 parameter value for the first "?" (username). And the SQL statements that contains more than 1 "username" parameter doesn't work.

      I may be solved with the next modifications:

      In class "org.jboss.security.auth.spi.Util" :
      -----------------------------------------------------------------
      Changing "ps.setString(1, username);" of third "getRoleSets" method with these other statements:

      int index = 0;
      int param = 1;
      while( (index = rolesQuery.indexOf("?", index)) >= 0)

      { ps.setString(param++, username); index++; }

      And in class "org.jboss.security.auth.spi.DatabaseServerLoginModule":
      ---------------------------------------------------------------------------------------------------------------
      Changing "ps.setString(1, username);" of method "getUsersPassword" with these other statements:

      int index = 0;
      int param = 1;
      while( (index = principalsQuery.indexOf("?", index)) >= 0)

      { ps.setString(param++, username); index++; }

      Thanks.

              Unassigned Unassigned
              ycswyw YCS WYW (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: