db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3667) SQL roles: Make CURRENT_ROLE check that the role is still valid
Date Wed, 07 May 2008 12:54:55 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Dag H. Wanvik updated DERBY-3667:

    Attachment: derby-3667-1.stat

This patch, derby-3667-1, makes CURRENT_ROLE check if the set role, if any, is
still applicable for the current user.

M      java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java

Code generation is modified to call getCurrentRoleIdChecked instead of
getCurrentRoleId. Also the function result dtd is now (correctly)
marked as nullable.

M      java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java
M      java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java

Adds the new function getCurrentRoleIdChecked. It uses an internal
read-only transaction for reading SYS.SYSROLES.

M      java/testing/org/apache/derbyTesting/functionTests/tests/lang/SQLSessionContextTest.java

Modifies the test to reflect the change in behavior.

M      java/engine/org/apache/derby/impl/sql/execute/SetRoleConstantAction.java

Refactored checking to use the method
LanguageConnectionContext#roleIsSettable to avoid redundancy in check

Running regression tests now.

> SQL roles: Make CURRENT_ROLE check that the role is still valid
> ---------------------------------------------------------------
>                 Key: DERBY-3667
>                 URL: https://issues.apache.org/jira/browse/DERBY-3667
>             Project: Derby
>          Issue Type: Task
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For:
>         Attachments: derby-3667-1.diff, derby-3667-1.stat
> When a role is the current role of a session, and that role is either
> a) revoked from current user or dropped, the present implementation
> does not actually reset the current role of value of the session which
> has set it to current, but instead lazily relies on the next usage to
> discover this fact by validating that the role usage is still
> applicable. This check is missing from CURRENT_USER.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message