[ https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik updated DERBY-3327: --------------------------------- Attachment: DERBY-3327-4-full.stat DERBY-3327-4-full.diff A new version of a patch for this issue, DERBY-3327-4-full. It builds on the idea of the previous patch of using the activation to hold a references to the SQL session context at execution time. This makes the context available even after the original statement context has gone (needed for dynamic result sets). The SQL session context has been factored out into a separate class. The patch also makes the SQL session context available at compile time via the statement context. This is needed for the solution to work for current default schema (in addition to current role). The current patch also solves DERBY-1331. Code is generated for routines (which can contain SQL) to push the SQL session context. A new test, SQLSessionContextTest, has been factored out from RolesTest which tests the stack semantics for both roles and current default schema. Depending on feed-back, I may unbundle the changes for default current schema in this patch and retain only the current role part to reduce the risk; but I include it in this version of the patch as proof-of-concept for review. I am not totally happy with schema side of the patch; some usages of getCurrentSchemaName at execution time break the pattern in that they do not (and in deed need not) use the activation argument variant, in SpaceTable#getConglomInfo and inside SystemProcedures#{INSTALL|REPLACE|REMOVE}_JAR. I have noted this in the code as a caveat. All regression tests pass. Detailed patch comment: A java/engine/org/apache/derby/iapi/sql/execute/SQLSessionContext.java A java/engine/org/apache/derby/impl/sql/execute/SQLSessionContextImpl.java The new interface and implementation class which encapsulates the SQL session context M java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java Code changes for CURRENT_ROLE and CURRENT SCHEMA. M java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java Code generation to push SQL session context. There is no separate stack; the statement context stack is used. Also an activation still has a reference to the calling activation. M java/engine/org/apache/derby/iapi/sql/conn/StatementContext.java M java/engine/org/apache/derby/impl/sql/conn/GenericStatementContext.java New methods to set and get and a field to hold the SQL session context and associated activation, if any. M java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java M java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java The exisisting fields "sd" (current default schema), currentRole and the callers stack have been removed. Instead there is now a field topLevelSSC which hold the top level SQL session context and cachedInitialDefaultSchemaDescr, which is used to avoid having to compute the initial default schema for the session more than once. The methods get/setDefaultSchema and getCurrentSchemaName now have two variants one for use at compile-time and another for use at execution time (activation argument). A new method, resetSchemaUsages, is used to set refrences to a dropped schema back to the default value for all occurences on the SQL session state stack. A new method, setupNestedSessionContext, is used to push the SQL session context at routine invocation time, cf. StaticMethodCallNode. M java/engine/org/apache/derby/iapi/sql/Activation.java M java/engine/org/apache/derby/impl/sql/execute/BaseActivation.java M java/engine/org/apache/derby/impl/sql/GenericActivationHolder.java Now hold both the calling activation if any (as earlier), and the SQL session context. A new interface method to retrieve the SQL session context has been added. M java/engine/org/apache/derby/impl/sql/execute/SetSchemaConstantAction.java M java/engine/org/apache/derby/impl/sql/execute/DropSchemaConstantAction.java Uses the new execution time variants so the correct SQL session context can be used. M java/engine/org/apache/derby/impl/sql/execute/CallStatementResultSet.java Changed back to original; the changes having move to code generation, see StaticMethodCallNode. M java/engine/org/apache/derby/impl/jdbc/EmbedResultSet.java M java/engine/org/apache/derby/impl/sql/execute/BasicNoPutResultSetImpl.java Associates the current activation with the current statement context. M java/engine/org/apache/derby/impl/sql/GenericPreparedStatement.java Sets up activation with caller reference, same semantics, but now uses the statement context instead of the callers stack in lcc. M java/engine/org/apache/derby/iapi/sql/dictionary/SchemaDescriptor.java The drop method now takes an activation argument, and now calls lcc#resetSchemaUsages to clean up. A java/testing/org/apache/derbyTesting/functionTests/tests/lang/SQLSessionContextTest.java New test to check that stack semantics hold for roles end schema. M java/testing/org/apache/derbyTesting/functionTests/tests/lang/RolesTest.java Slimmed down. M java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java Added SQLSessionContextTest. > SQL roles: Implement authorization stack > ---------------------------------------- > > Key: DERBY-3327 > URL: https://issues.apache.org/jira/browse/DERBY-3327 > Project: Derby > Issue Type: New Feature > Components: Security, SQL > Reporter: Dag H. Wanvik > Assignee: Dag H. Wanvik > Fix For: 10.4.0.0 > > Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff, > DERBY-3327-2.stat, DERBY-3327-3.diff, DERBY-3327-3.stat, > DERBY-3327-4-full.diff, DERBY-3327-4-full.stat > > > The current LanguageConnectionContext keeps the user authorization identifier > for an SQL session. > The lcc is shared context also for nested connections (opened from stored > procedures). > So far, for roles, the current role has been stored in the lcc also. However, > SQL requires that > authorization identifers be pushed on a "authorization stack" when calling a > stored procedure, cf. > SQL 2003, vol 2, section 4.34.1.1 and 4.27.3. > This allows a caller to keep its current role after a call even if changed by > the stored procedure. > This issue will implement the current role name part ("cell") of the > authorization stack. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.