JdbcAuthorizationMana:Bug updating principal?

PER
2008-04-11
2013-05-08
  • PER

    PER - 2008-04-11

    Hey guys,

    I think I encountered a bug in the JdbcAuthorizationManager. To be more precise: in the JdbcAuthorizationManager.java in method updatePrincipal.

    When I log in as admin and go to the role/principal management screen and there choose to edit the "guest" role/principal ("Principal.do?method=read&principalName=guest"). If I change nothing there and say "update principal" the name "guest" in the name field in the table jg_principal gets replaced by "applicationName#guest". The application continues without an error, but if I restart the web server an exception comes up.

    So I checked the code and found, that in the "updatePrincipal" method of the JdbcAuthorizationManager you don't check, if the old name and the new name is the same, as you do in the "updatePrincipal" method of the "AuthenticationManager". Bug or not, please confirm.

    Cheers and thanks for jGuard, it helps me a lot.

    PER

     
    • PER

      PER - 2008-04-11

      I changed the following and now it works on my machine:

      In class JdbcAuthenticationManager:

      public void updatePrincipal(String oldName, Principal principal) throws AuthenticationException {
         if (oldName.equals(getLocalName(principal))) {
         ...
         pst.setString(1, getLocalName(principal));
         ...

      instead of

         if (oldName.equals(principal.getName())) {
         ...
         pst.setString(1, principal.getName());
         ...

      and in class JdbcAuthorizationManager I set an if statement around the principal updating:

      public void updatePrincipal(String oldPrincipalName, Principal principal) throws AuthorizationException {

         //update the principal name
         if(!oldPrincipalName.equals(getLocalName(principal)))
         {
            pst = conn.prepareStatement(props.getProperty(UPDATE_PRINCIPAL));
            pst.setString(1,getLocalName(principal));
            pst.setString(2,oldPrincipalName);
            pst.executeUpdate();
         }

      Hope, that helps.

      Cheers

       
      • Charles Lescot

        Charles Lescot - 2008-04-11

        Hi,
        thanks for the patch.
        note that the future release 1.1 beta 3 will use hibernate instead of direct JDBC call.

        cheers,

        charles.

         
    • PER

      PER - 2008-04-14

      Ah, OK.

      Do you need help implementing the Hibernate functionality? I have some experience with it and would like to join your project.

      Cheers

      PER

       
      • Charles Lescot

        Charles Lescot - 2008-04-15

        Hi,
        thanks for the help!
        we've almost finished the HibernateAuthenticationManager implementation which is one of the target of the 1.1 beta 3 release.
        i hope we will release the 1.1 beta 3 the next week.
        we will need some help to review it, and help us to finish the JSF implementation.
        if you can help us on one of these two topics, it will be great!

        cheers,
        Charles.

         
    • PER

      PER - 2008-04-17

      Hi Charles,

      maybe it is a good start for me, if I review the Hibernate implementation. But I won't have time for that within the next two weeks, until I have finished my project.

      What is about a translation of jGuard to German? Do you need someone to do it?!

      Cheers

      PER

       
      • Charles Lescot

        Charles Lescot - 2008-04-17

        Hi PER,
        a translation of the "jGuard reference documentation" to german will be very useful!
        you can reach the english one here (called en_jGuard_reference.xml):
        http://jguard.svn.sourceforge.net/viewvc/jguard/jguard/trunk/jguard/src/site/resources/docbook/

        so, the german one will be called "de_jGuard_reference.xml".
        it is in the docbook format,to permit to generate the documentation in html and pdf.

        feel free to contact us when you won't be busy, to give you svn access to create the german translation.

        cheers,

        Charles.

         

Log in to post a comment.