openjpa-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yann Andenmatten" <YAndenmat...@odyssey-group.com>
Subject Enabling query filter extension
Date Tue, 25 Nov 2008 14:24:10 GMT
Hi all,

 

We found in the OpenJPA code something we would like to use: query
filter extension.

 

As I understand SQLEmbed proposes to extends jpql with a new keyword
which is trapped and allows injection of sql inside the where clause
generated by OpenJPA. We would like to use this to add security
restriction on data on the fly (we have an sql SQLServer transact SQL to
be called inside the query).

 

Unfortunately, it seams not be activated by default:

Query q = em.createQuery("SELECT p FROM SomeEntity p WHERE p.type.code =
'11' " +

"AND sql(\"dbo.security_access() = 1\")");

 

It leads to 

<openjpa-1.2.0-r422266:683325 nonfatal user error>
org.apache.openjpa.persistence.ArgumentException: Encountered "sql (" at
character 56, but expected: ["(", "+", "-", ".", ":", "<>", "=", "?",
"ABS", "ALL", "AND", "ANY", "AS", "ASC", "AVG", "BETWEEN", "BOTH", "BY",
"CONCAT", "COUNT", "CURRENT_DATE", "CURRENT_TIME", "CURRENT_TIMESTAMP",
"DELETE", "DESC", "DISTINCT", "EMPTY", "ESCAPE", "EXISTS", "FETCH",
"FROM", "GROUP", "HAVING", "IN", "INNER", "IS", "JOIN", "LEADING",
"LEFT", "LENGTH", "LIKE", "LOCATE", "LOWER", "MAX", "MEMBER", "MIN",
"MOD", "NEW", "NOT", "NULL", "OBJECT", "OF", "OR", "ORDER", "OUTER",
"SELECT", "SET", "SIZE", "SOME", "SQRT", "SUBSTRING", "SUM", "TRAILING",
"TRIM", "UPDATE", "UPPER", "WHERE", <BOOLEAN_LITERAL>,
<DECIMAL_LITERAL>, <IDENTIFIER>, <INTEGER_LITERAL>, <STRING_LITERAL>].

at
org.apache.openjpa.kernel.jpql.JPQL.generateParseException(JPQL.java:950
1)

 

Could anyone tell me how to activate it ?

 

Yann

PS : Some background can be found here :
http://n2.nabble.com/Queries-using-specific-SQL%2C-e.g.-functions%2C-or-
specific-operators---passthrough-SQL-pieces-without-full-native-query-tt
668856.html#a675881

 


____________________________________________________________

 This email and any files transmitted with it are CONFIDENTIAL and intended
  solely for the use of the individual or entity to which they are addressed.
 Any unauthorized copying, disclosure, or distribution of the material within
  this email is strictly forbidden.
 Any views or opinions presented within this e-mail are solely those of the
  author and do not necessarily represent those of Odyssey Financial
Technologies SA unless otherwise specifically stated.
 An electronic message is not binding on its sender. Any message referring to
  a binding engagement must be confirmed in writing and duly signed.
 If you have received this email in error, please notify the sender immediately
  and delete the original.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message