I think I found a bug in EJB-QL. Please correct me if I am doing things incorrectly.
I'm very much aware of the limits in EJB-QL today with regards to NULLs, and have had to create many queries to handle instances where parameters would otherwise NULL values. There's nothing more I'd like to see fixed in J2EE than today's limitations to EJB-QL. However, this is different as it does not depend on parameters at all. Instead, it is based solely on the values in the database. Basically, I have a case where a user session (s) includes a domain ID, which may be null. Similarly, each user role is tied to a domain, which may be null. The null values represent a concept I call "GLOBAL" and are valid. In EJB-QL, I am tryting to say the following: - If the session domain Id is NULL, give me all roles belonging to the user. Otherwise... - only give me user roles that match the sesion's domain Id. This is the logic that fails wiht EJB-QL: s.domainId IS NULL OR s.domainId = rm.role.domain.id In a test case, a user has 3 roles, and one of them is GLOBAL (null domain). For the GLOBAL one, the following assertions are true: s.domainId IS NULL rm.role.domain IS NULL The latter assertion is where I believe JBoss is having trouble handling the OR propertly. If I only include s.domainId IS NULL in the EJB-QL, then I get back all three roles if the domainId is null, which is correct. If I only include s.domainId = rm.role.domain.id in the query, then I only get back the two matching roles if s.domainId is not null. This is correct, since rm.role.domain is null in this case, making it impossible to obtain the id of the domain. However, when you combine them with an OR statement, I suspect that JBoss is incorrectly restricting the results to this inner join even when s.domainId IS NULL . Thus, it is not correctlyapplying the OR statement, which should in effect return a "unique union" of the two result sets on both sides of the OR. Here's is the complete EJQ-QL that fails to ever return roles with a null domain: | SELECT DISTINCT OBJECT(rm) | FROM rolemodules AS rm, | IN (rm.role.userRoles) ur, | IN (ur.user.sessions) s | WHERE s.id = ?1 AND s.randomId = ?2 AND | (s.domainId IS NULL OR | s.domainId = rm.role.domain.id) AND | rm.module.application.name = ?3 AND | rm.module.name = ?4 | Has this been fixed in 3.2.4? If not, how do we submit bug reports? I've been using JBoss since 2.4.0, and honestly don't know how to submit bug reports. LOL Thank you, Erik http://as.JoshuaBranch.com application security today <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3827747#3827747";>View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3827747>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
