commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 23843] New: - PerUserPoolDataSource.getConnection(username, pw) may return connection under wrong username
Date Wed, 15 Oct 2003 15:46:17 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23843>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23843

PerUserPoolDataSource.getConnection(username, pw) may return connection under wrong username

           Summary: PerUserPoolDataSource.getConnection(username, pw) may
                    return connection under wrong username
           Product: Commons
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Blocker
          Priority: Other
         Component: Dbcp
        AssignedTo: commons-dev@jakarta.apache.org
        ReportedBy: hanafey@dna.es.dupont.com


There appears to be a problem with PerUserPoolDataSource. For all usernames not
set with "setPerUserMaxActive", the first "getConnection(String, String)
sets the username under which all subsequent connections are created.

For example, in the fragment below connections are gotten under the usernames
{"mkh", "hanafey", "jsmith"}, but only "jsmith" has an associated
"setPerUserMaxActive". The first two connections are BOTH created under
username "mkh". (The "getUsername" method below just runs a query that selects
the username, which in Sybase is just "select username=suser_name()")

This is the output:

Tried:mkh got:mkh
Tried:hanafey got:mkh
Tried:jsmith got:jsmith

If "mkh" and "jsmith" are permuted, the output is:

Tried:jsmith got:jsmith
Tried:hanafey got:hanafey
Tried:mkh got:hanafey


This is the code fragment:

        PerUserPoolDataSource puds = new PerUserPoolDataSource();
        puds.setConnectionPoolDataSource(ds);
        puds.setPerUserMaxActive("jsmith", new Integer(2));
        try {
            String[] users = {"mkh", "hanafey", "jsmith"};
            String pw = "...";
            Connection[] c = new Connection[users.length];
            for (int i = 0; i < users.length; i++) {
                c[i] = puds.getConnection(users[i], pw);
            }
            for (int i = 0; i < users.length; i++) {
                System.out.println("Tried:"+users[i]+" got:"+getUsername(c[i]));
            }
        
Given this code from PerUserPoolDataSource, the "if" statement explains the
behaviour, given that data source name and username determine the subpool:

    private PoolKey getPoolKey(String username) {
        PoolKey key = null;

        if (username != null && (perUserMaxActive == null 
                || !perUserMaxActive.containsKey(username))) {
            username = null;
        }

It appears that this "if" should just be removed.

There appears to be a problem with PerUserPoolDataSource. For all usernames not
set with "setPerUserMaxActive", the first "getConnection(String, String)
sets the username under which all subsequent connections are created.

For example, in the fragment below connections are gotten under the usernames
{"mkh", "hanafey", "jsmith"}, but only "jsmith" has an associated
"setPerUserMaxActive". The first two connections are BOTH created under
username "mkh". (The "getUsername" method below just runs a query that selects
the username, which in Sybase is just "select username=suser_name()")

This is the output:

Tried:mkh got:mkh
Tried:hanafey got:mkh
Tried:jsmith got:jsmith

If "mkh" and "jsmith" are permuted, the output is:

Tried:jsmith got:jsmith
Tried:hanafey got:hanafey
Tried:mkh got:hanafey


This is the code fragment:

        PerUserPoolDataSource puds = new PerUserPoolDataSource();
        puds.setConnectionPoolDataSource(ds);
        puds.setPerUserMaxActive("jsmith", new Integer(2));
        try {
            String[] users = {"mkh", "hanafey", "jsmith"};
            String pw = "...";
            Connection[] c = new Connection[users.length];
            for (int i = 0; i < users.length; i++) {
                c[i] = puds.getConnection(users[i], pw);
            }
            for (int i = 0; i < users.length; i++) {
                System.out.println("Tried:"+users[i]+" got:"+getUsername(c[i]));
            }
        
Given this code from PerUserPoolDataSource, the "if" statement explains the
behaviour, given that data source name and username determine the subpool:

    private PoolKey getPoolKey(String username) {
        PoolKey key = null;

        if (username != null && (perUserMaxActive == null 
                || !perUserMaxActive.containsKey(username))) {
            username = null;
        }

It appears that this "if" should just be removed.

There appears to be a problem with PerUserPoolDataSource. For all usernames not
set with "setPerUserMaxActive", the first "getConnection(String, String)
sets the username under which all subsequent connections are created.

For example, in the fragment below connections are gotten under the usernames
{"mkh", "hanafey", "jsmith"}, but only "jsmith" has an associated
"setPerUserMaxActive". The first two connections are BOTH created under
username "mkh". (The "getUsername" method below just runs a query that selects
the username, which in Sybase is just "select username=suser_name()")

This is the output:

Tried:mkh got:mkh
Tried:hanafey got:mkh
Tried:jsmith got:jsmith

If "mkh" and "jsmith" are permuted, the output is:

Tried:jsmith got:jsmith
Tried:hanafey got:hanafey
Tried:mkh got:hanafey


This is the code fragment:

        PerUserPoolDataSource puds = new PerUserPoolDataSource();
        puds.setConnectionPoolDataSource(ds);
        puds.setPerUserMaxActive("jsmith", new Integer(2));
        try {
            String[] users = {"mkh", "hanafey", "jsmith"};
            String pw = "...";
            Connection[] c = new Connection[users.length];
            for (int i = 0; i < users.length; i++) {
                c[i] = puds.getConnection(users[i], pw);
            }
            for (int i = 0; i < users.length; i++) {
                System.out.println("Tried:"+users[i]+" got:"+getUsername(c[i]));
            }
        
Given this code from PerUserPoolDataSource, the "if" statement explains the
behaviour, given that data source name and username determine the subpool:

    private PoolKey getPoolKey(String username) {
        PoolKey key = null;

        if (username != null && (perUserMaxActive == null 
                || !perUserMaxActive.containsKey(username))) {
            username = null;
        }

It appears that this "if" should just be removed.


There also appears to be need to set pool property defaults for the 
connection under the default name. Currently the defaults for a named user
and the default user are the same. It seems that it will almost always be
true that the pool for "getConnection()" will be need to be larger than the
pool for "getConnection(username, pw)", but if there is a large set of possible
"username"s it is not practical to configure each username explicitly.

Currently calls like "setPerUserMaxActive(null, Integer(16))" would set the
property for the default connection, but this behaviour is not documented.
Maybe methods like "setPerUserMaxActive(Interger(16))" should be added.
There appears to be a problem with PerUserPoolDataSource. For all usernames not
set with "setPerUserMaxActive", the first "getConnection(String, String)
sets the username under which all subsequent connections are created.

For example, in the fragment below connections are gotten under the usernames
{"mkh", "hanafey", "jsmith"}, but only "jsmith" has an associated
"setPerUserMaxActive". The first two connections are BOTH created under
username "mkh". (The "getUsername" method below just runs a query that selects
the username, which in Sybase is just "select username=suser_name()")

This is the output:

Tried:mkh got:mkh
Tried:hanafey got:mkh
Tried:jsmith got:jsmith

If "mkh" and "jsmith" are permuted, the output is:

Tried:jsmith got:jsmith
Tried:hanafey got:hanafey
Tried:mkh got:hanafey


This is the code fragment:

        PerUserPoolDataSource puds = new PerUserPoolDataSource();
        puds.setConnectionPoolDataSource(ds);
        puds.setPerUserMaxActive("jsmith", new Integer(2));
        try {
            String[] users = {"mkh", "hanafey", "jsmith"};
            String pw = "...";
            Connection[] c = new Connection[users.length];
            for (int i = 0; i < users.length; i++) {
                c[i] = puds.getConnection(users[i], pw);
            }
            for (int i = 0; i < users.length; i++) {
                System.out.println("Tried:"+users[i]+" got:"+getUsername(c[i]));
            }
        
Given this code from PerUserPoolDataSource, the "if" statement explains the
behaviour, given that data source name and username determine the subpool:

    private PoolKey getPoolKey(String username) {
        PoolKey key = null;

        if (username != null && (perUserMaxActive == null 
                || !perUserMaxActive.containsKey(username))) {
            username = null;
        }

It appears that this "if" should just be removed.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message