[
https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dag H. Wanvik updated DERBY-3327:
---------------------------------
Attachment: DERBY-3327-4-full.stat
DERBY-3327-4-full.diff
A new version of a patch for this issue, DERBY-3327-4-full. It builds
on the idea of the previous patch of using the activation to hold a
references to the SQL session context at execution time. This makes
the context available even after the original statement context has
gone (needed for dynamic result sets). The SQL session context has
been factored out into a separate class. The patch also makes the SQL
session context available at compile time via the statement
context. This is needed for the solution to work for current default
schema (in addition to current role). The current patch also solves
DERBY-1331.
Code is generated for routines (which can contain SQL) to push the SQL
session context. A new test, SQLSessionContextTest, has been factored
out from RolesTest which tests the stack semantics for both roles and
current default schema.
Depending on feed-back, I may unbundle the changes for default current
schema in this patch and retain only the current role part to reduce
the risk; but I include it in this version of the patch as
proof-of-concept for review.
I am not totally happy with schema side of the patch; some usages of
getCurrentSchemaName at execution time break the pattern in that they
do not (and in deed need not) use the activation argument variant, in
SpaceTable#getConglomInfo and inside
SystemProcedures#{INSTALL|REPLACE|REMOVE}_JAR.
I have noted this in the code as a caveat.
All regression tests pass.
Detailed patch comment:
A java/engine/org/apache/derby/iapi/sql/execute/SQLSessionContext.java
A java/engine/org/apache/derby/impl/sql/execute/SQLSessionContextImpl.java
The new interface and implementation class which encapsulates the SQL
session context
M java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java
Code changes for CURRENT_ROLE and CURRENT SCHEMA.
M java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java
Code generation to push SQL session context. There is no separate
stack; the statement context stack is used. Also an activation still has a
reference to the calling activation.
M java/engine/org/apache/derby/iapi/sql/conn/StatementContext.java
M java/engine/org/apache/derby/impl/sql/conn/GenericStatementContext.java
New methods to set and get and a field to hold the SQL session context
and associated activation, if any.
M java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java
M
java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java
The exisisting fields "sd" (current default schema), currentRole and
the callers stack have been removed. Instead there is now a field
topLevelSSC which hold the top level SQL session context and
cachedInitialDefaultSchemaDescr, which is used to avoid having to
compute the initial default schema for the session more than once.
The methods get/setDefaultSchema and getCurrentSchemaName now have two
variants one for use at compile-time and another for use at execution
time (activation argument). A new method, resetSchemaUsages, is used
to set refrences to a dropped schema back to the default value for all
occurences on the SQL session state stack.
A new method, setupNestedSessionContext, is used to push the SQL
session context at routine invocation time, cf. StaticMethodCallNode.
M java/engine/org/apache/derby/iapi/sql/Activation.java
M java/engine/org/apache/derby/impl/sql/execute/BaseActivation.java
M java/engine/org/apache/derby/impl/sql/GenericActivationHolder.java
Now hold both the calling activation if any (as earlier), and the SQL
session context. A new interface method to retrieve the SQL session
context has been added.
M
java/engine/org/apache/derby/impl/sql/execute/SetSchemaConstantAction.java
M
java/engine/org/apache/derby/impl/sql/execute/DropSchemaConstantAction.java
Uses the new execution time variants so the correct SQL session
context can be used.
M java/engine/org/apache/derby/impl/sql/execute/CallStatementResultSet.java
Changed back to original; the changes having move to code generation,
see StaticMethodCallNode.
M java/engine/org/apache/derby/impl/jdbc/EmbedResultSet.java
M
java/engine/org/apache/derby/impl/sql/execute/BasicNoPutResultSetImpl.java
Associates the current activation with the current statement context.
M java/engine/org/apache/derby/impl/sql/GenericPreparedStatement.java
Sets up activation with caller reference, same semantics, but now uses
the statement context instead of the callers stack in lcc.
M java/engine/org/apache/derby/iapi/sql/dictionary/SchemaDescriptor.java
The drop method now takes an activation argument, and now calls
lcc#resetSchemaUsages to clean up.
A
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SQLSessionContextTest.java
New test to check that stack semantics hold for roles end schema.
M
java/testing/org/apache/derbyTesting/functionTests/tests/lang/RolesTest.java
Slimmed down.
M java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
Added SQLSessionContextTest.
> SQL roles: Implement authorization stack
> ----------------------------------------
>
> Key: DERBY-3327
> URL: https://issues.apache.org/jira/browse/DERBY-3327
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.4.0.0
>
> Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff,
> DERBY-3327-2.stat, DERBY-3327-3.diff, DERBY-3327-3.stat,
> DERBY-3327-4-full.diff, DERBY-3327-4-full.stat
>
>
> The current LanguageConnectionContext keeps the user authorization identifier
> for an SQL session.
> The lcc is shared context also for nested connections (opened from stored
> procedures).
> So far, for roles, the current role has been stored in the lcc also. However,
> SQL requires that
> authorization identifers be pushed on a "authorization stack" when calling a
> stored procedure, cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3.
> This allows a caller to keep its current role after a call even if changed by
> the stored procedure.
> This issue will implement the current role name part ("cell") of the
> authorization stack.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
