Hi,
The attr which returning is 'permissions list' each user when logging in will
get back all its permissions for authorization purposes. Now since this scheme
is normalized each permission being retrieved on different row.
Thqtsan example of sql select from deployerConfig.xml:
deployerConfigContext.xml:
<bean
class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSource"/>
<constructor-arg index="1" value="select distinct p.PERMISSION_NAME
from PERMISSIONS p,USERS_PROFILE u,ROLES_PERMISSIONS rp, USERNAME_ROLES ur
where Username=ur.LOGINNAME and ur.roleId=rp.ROLE_ID
and rp.PER:-) MISSION_ID=p.PERMISSION_ID and {0}"/>
<property name="queryAttributeMapping">
<map>
<entry key="username" value="Username"/>
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="PERMISSION_NAME" value="PERMISSIONS"/>
</map>
</property>
</bean>
If we look at the ligs cas we actually see all permissions retrieved but not
being past ton to the SAML request:
2013-11-14 14:16:33,384 DEBUG
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao] -
<Executed 'select distinct p.PERMISSION_NAME from PERMISSIONS p,USERS_PROFILE
u,ROLES_PERMISSIONS rp, USERNAME_ROLES ur where Username=ur.LOGINNAME and
ur.roleId=rp.ROLE_ID and rp.PERMISSION_ID=p.PERMISSION_ID and {0}' with
arguments [ifridman] and got results
[{PERMISSION_NAME=ROLE_PERMISSIONS_MY_EVENTS},
{PERMISSION_NAME=ROLE_PERMISSIONS_CREATE_EVENTS}]>
We can see here clearly we get two results from the DB:
ROLE_PERMISSIONS_MY_EVENTS
ROLE_PERMISSIONS_CREATE_EVENTS
However only the first one is returned:
2013-11-14 14:16:33,409 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Retrieved
attributes='[NamedPersonImpl[name=ifridman,attributes={PERMISSIONS=[ROLE_PERMISSIONS_MY_EVENTS]}]]'
for query='{username=[ifridman]}', isFirstQuery=false,
currentlyConsidering='org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttribute
...
Thanks
----- Reply message -----
מאת: "Alberto Cabello Sánchez" <[email protected]>
אל: "[email protected]" <[email protected]>
עותק: "Idan Fridman" <[email protected]>
נושא: [cas-user] SingleRowJdbcPersonAttributeDao is not returning the whole
records in resultset
תאריך: יום ו׳, נוב 15, 2013 17:44
El Fri, 15 Nov 2013 14:40:18 +0000
Idan Fridman <[email protected]> escribió:
> So in case I have resultset from jdbc which contains more than one record I
> won't
> be able to retrieve all of them via casify client?
I think SingleRowJdbcPersonAttributeDao works assuming a data layout of
a_user_id attr1 attr2 ... attrN
another_user attr1 attr2 ... attrN
a_3rd_user attr1 attr2 ... attrN
I can hardly imagine how do you could need more than a row for just an user.
If, for a strange reason, you have something like
a_user_id attr1 attr2 attr3 ... attrN
same_user attr1 attr2 attr3 ... attrN
What attr set is supposed to be used?
Even in that case, if you know how to manage such schema, you could build a
database view with the merged attributes.
Except if you want to have multi-valued attributes, in which case I fear
it's not supported.
--
Alberto Cabello Sánchez <[email protected]>
This e-mail and the information it contains may be privileged and/or
confidential. It is intended solely for the use of the named recipient(s). If
you are not the intended recipient you may not disclose, copy, distribute or
retain any part of this message or attachments. If you have received this
e-mail in error please notify the sender immediately [by clicking 'Reply'] and
delete this e-mail.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
