tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 9254] New: - JDBCRealm leaves open Statements
Date Mon, 20 May 2002 18:50:30 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9254>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9254

JDBCRealm leaves open Statements

           Summary: JDBCRealm leaves open Statements
           Product: Tomcat 4
           Version: 4.0.3 Final
          Platform: All
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina:Modules
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: ahakmeh@hotmail.com


The authenticate method in the JDBCRealm does not close the statements when it 
closes the result sets. This cause certain drivers to misbehave and throw an 
exception making the JDBCRealm unusable. please fix in 4.0.4! 

It would be proper to do the following: (look for '----->>' in two locations)

    public synchronized Principal authenticate(Connection dbConnection, String 
username, String credentials)
        throws SQLException
    {
        String dbCredentials = null;
        PreparedStatement stmt = credentials(dbConnection, username);
        ResultSet rs;
        
        for(rs = stmt.executeQuery(); rs.next();)
            dbCredentials = rs.getString(1).trim();

        rs.close();
----->> stmt.close();
        
        if(dbCredentials == null)
            return null;
        
        boolean validated = false;
        if(hasMessageDigest())
            validated = digest(credentials).equalsIgnoreCase(dbCredentials);
        else
            validated = digest(credentials).equals(dbCredentials);
        
        if(validated)
        {
            if(super.debug >= 2)
                log(sm.getString("jdbcRealm.authenticateSuccess", username));
        }
        else
        {
            if(super.debug >= 2)
                log(sm.getString("jdbcRealm.authenticateFailure", username));
            return null;
        }

        ArrayList list = new ArrayList();
        stmt = roles(dbConnection, username);
        
        for(rs = stmt.executeQuery(); rs.next(); list.add(rs.getString(1).trim
()));
        
        rs.close();
----->> stmt.close();
        
        dbConnection.commit();
        
        return new GenericPrincipal(this, username, credentials, list);
    }

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message