nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TSK-1692: now explicitly list database columns in SecurityVerifier

This commit is contained in:
Mustapha Zorgati 2021-08-05 20:39:32 +02:00
parent 370a015e69
commit d967fb81f5
2 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
common/taskana-common/src/main/java/pro/taskana/common/internal/configuration/SecurityVerifier.java
View File

@ -12,16 +12,16 @@ import pro.taskana.common.api.exceptions.SystemException;
public class SecurityVerifier {
public static final String SECURITY_FLAG_COLUMN_NAME = "ENFORCE_SECURITY";
public static final String INSERT_SECURITY_FLAG_SQL =
"INSERT INTO %s.CONFIGURATION (" + SECURITY_FLAG_COLUMN_NAME + " ) VALUES (%b)";
public static final String SELECT_SECURITY_FLAG_SQL = "SELECT %s FROM %s.CONFIGURATION";
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityVerifier.class);
private static final String SECURITY_FLAG_COLUMN_NAME = "ENFORCE_SECURITY";
private static final String INSERT_SECURITY_FLAG =
"INSERT INTO %s.CONFIGURATION VALUES (%b, null)";
private static final String SELECT_SECURITY_FLAG = "SELECT %s FROM %s.CONFIGURATION";
private final String schemaName;
private final DataSource dataSource;
public SecurityVerifier(DataSource dataSource, String schema) {
super();
this.dataSource = dataSource;
this.schemaName = schema;
}
@ -36,7 +36,7 @@ public class SecurityVerifier {
SqlRunner sqlRunner = new SqlRunner(connection);
String querySecurity =
String.format(SELECT_SECURITY_FLAG, SECURITY_FLAG_COLUMN_NAME, schemaName);
String.format(SELECT_SECURITY_FLAG_SQL, SECURITY_FLAG_COLUMN_NAME, schemaName);
if ((boolean) sqlRunner.selectOne(querySecurity).get(SECURITY_FLAG_COLUMN_NAME)
&& !securityEnabled) {
@ -66,7 +66,8 @@ public class SecurityVerifier {
try (Connection connection = dataSource.getConnection()) {
String setSecurityFlagSql = String.format(INSERT_SECURITY_FLAG, schemaName, securityEnabled);
String setSecurityFlagSql =
String.format(INSERT_SECURITY_FLAG_SQL, schemaName, securityEnabled);
try (PreparedStatement preparedStatement = connection.prepareStatement(setSecurityFlagSql)) {

10
lib/taskana-core/src/test/java/acceptance/config/TaskanaSecurityConfigAccTest.java
View File

@ -16,6 +16,7 @@ import org.junit.jupiter.api.Test;
import pro.taskana.TaskanaEngineConfiguration;
import pro.taskana.common.api.exceptions.SystemException;
import pro.taskana.common.internal.configuration.DbSchemaCreator;
import pro.taskana.common.internal.configuration.SecurityVerifier;
import pro.taskana.sampledata.SampleDataGenerator;
class TaskanaSecurityConfigAccTest {
@ -88,7 +89,9 @@ class TaskanaSecurityConfigAccTest {
String selectSecurityFlagSql =
String.format(
"SELECT * FROM %s.CONFIGURATION", TaskanaEngineTestConfiguration.getSchemaName());
SecurityVerifier.SELECT_SECURITY_FLAG_SQL,
SecurityVerifier.SECURITY_FLAG_COLUMN_NAME,
TaskanaEngineTestConfiguration.getSchemaName());
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(selectSecurityFlagSql);
@ -107,8 +110,9 @@ class TaskanaSecurityConfigAccTest {
String sql =
String.format(
"INSERT INTO %s.CONFIGURATION VALUES (%b, null)",
TaskanaEngineTestConfiguration.getSchemaName(), securityFlag);
SecurityVerifier.INSERT_SECURITY_FLAG_SQL,
TaskanaEngineTestConfiguration.getSchemaName(),
securityFlag);
Statement statement = connection.createStatement();
statement.execute(sql);