[jira] Updated: (DERBY-3667) SQL roles: Make CURRENT_ROLE check that the role is still valid

Wed, 07 May 2008 05:55:23 -0700 

     [ 
https://issues.apache.org/jira/browse/DERBY-3667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dag H. Wanvik updated DERBY-3667:
---------------------------------

    Attachment: derby-3667-1.stat
                derby-3667-1.diff

This patch, derby-3667-1, makes CURRENT_ROLE check if the set role, if any, is
still applicable for the current user.

M      java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java

Code generation is modified to call getCurrentRoleIdChecked instead of
getCurrentRoleId. Also the function result dtd is now (correctly)
marked as nullable.

M      java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java
M      
java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java

Adds the new function getCurrentRoleIdChecked. It uses an internal
read-only transaction for reading SYS.SYSROLES.

M      
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SQLSessionContextTest.java

Modifies the test to reflect the change in behavior.

M      java/engine/org/apache/derby/impl/sql/execute/SetRoleConstantAction.java

Refactored checking to use the method
LanguageConnectionContext#roleIsSettable to avoid redundancy in check
logic.

Running regression tests now.

> SQL roles: Make CURRENT_ROLE check that the role is still valid
> ---------------------------------------------------------------
>
>                 Key: DERBY-3667
>                 URL: https://issues.apache.org/jira/browse/DERBY-3667
>             Project: Derby
>          Issue Type: Task
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.5.0.0
>
>         Attachments: derby-3667-1.diff, derby-3667-1.stat
>
>
> When a role is the current role of a session, and that role is either
> a) revoked from current user or dropped, the present implementation
> does not actually reset the current role of value of the session which
> has set it to current, but instead lazily relies on the next usage to
> discover this fact by validating that the role usage is still
> applicable. This check is missing from CURRENT_USER.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to