Hi,
I tried the MultiRowJdbcPersonAttributeDao way. It didn’t work. This time I
didn’t get any permissions at all:
If you run the select straight on DB you get this results:
Permissions Name
ROLE_PERMISSIONS_MY_EVENTS
ROLE_PERMISSIONS_CREATE_EVENTS
Now this is the new code after modifying it into MultiRowJdbcPersonAttributeDao:
<bean
class="org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSource"/>
<constructor-arg index="1" value="select distinct p.PERMISSION_NAME
from PERMISSIONS p,USERS_PROFILE u,ROLES_PERMISSIONS rp, USERNAME_ROLES ur
where Username=ur.LOGINNAME and
ur.roleId=rp.ROLE_ID and rp.PERMISSION_ID=p.PERMISSION_ID and {0}"/>
<property name="nameValueColumnMappings">
<map>
<entry key="PERMISSION_NAME" value="PERMISSION_NAME" />
</map>
</property>
<property name="queryAttributeMapping">
<map>
<entry key="username" value="Username"/>
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="PERMISSION_NAME" value="PERMISSIONS"/>
</map>
</property>
</bean>
And this is the result from CAS logs:
2013-11-17 10:14:23,571 DEBUG
[org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao] -
<Adding attribute 'Username' with value '[ifridman]' to query builder 'null'>
2013-11-17 10:14:23,572 DEBUG
[org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao] -
<Generated query builder 'sql=[Username = ?] args=[ifridman]' from query Map
{username=[ifridman]}.>
2013-11-17 10:14:23,595 DEBUG
[org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao] -
<Executed 'select distinct p.PERMISSION_NAME from PERMISSIONS p,USERS_PROFILE
u,ROLES_PERMISSIONS rp, USERNAME_ROLES ur where Username=ur.LOGINNAME and
ur.roleId=rp.ROLE_ID and rp.PERMISSION_ID=p.PERMISSION_ID and {0}' with
arguments [ifridman] and got results
[{PERMISSION_NAME=ROLE_PERMISSIONS_MY_EVENTS},
{PERMISSION_NAME=ROLE_PERMISSIONS_CREATE_EVENTS}]>
2013-11-17 10:14:23,619 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Retrieved attributes='[NamedPersonImpl[name=ifridman,attributes={}]]' for
query='{username=[ifridman]}', isFirstQuery=false,
currentlyConsidering='org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao@207c9fcf',
resultAttributes='null'>
As you can see this time I don’t even get the first result. I get none results.
Any ideas? Kind of desperate with this issue.
Thanks.
From: KaTeLmE [mailto:[email protected]]
Sent: Saturday, November 16, 2013 12:13 AM
To: [email protected]
Subject: [cas-user] Re: [cas-user] השב: [cas-user]
SingleRowJdbcPersonAttributeDao is not returning the whole records in resultset
In your case you must use a MultiRowJdbcPersonAttributeDao.
https://wiki.jasig.org/display/PDM15/JDBC+Attribute+Source
http://developer.jasig.org/projects/person-directory/1.5.0-RC3/apidocs/org/jasig/services/persondir/support/jdbc/MultiRowJdbcPersonAttributeDao.html
2013/11/15 Idan Fridman <[email protected]<mailto:[email protected]>>
Hi,
The attr which returning is 'permissions list' each user when logging in will
get back all its permissions for authorization purposes. Now since this scheme
is normalized each permission being retrieved on different row.
Thqtsan example of sql select from deployerConfig.xml:
deployerConfigContext.xml:
<bean
class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSource"/>
<constructor-arg index="1" value="select distinct p.PERMISSION_NAME
from PERMISSIONS p,USERS_PROFILE u,ROLES_PERMISSIONS rp, USERNAME_ROLES ur
where Username=ur.LOGINNAME and ur.roleId=rp.ROLE_ID
and rp.PER:-) MISSION_ID=p.PERMISSION_ID and {0}"/>
<property name="queryAttributeMapping">
<map>
<entry key="username" value="Username"/>
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="PERMISSION_NAME" value="PERMISSIONS"/>
</map>
</property>
</bean>
If we look at the ligs cas we actually see all permissions retrieved but not
being past ton to the SAML request:
2013-11-14 14:16:33,384 DEBUG
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao] -
<Executed 'select distinct p.PERMISSION_NAME from PERMISSIONS p,USERS_PROFILE
u,ROLES_PERMISSIONS rp, USERNAME_ROLES ur where Username=ur.LOGINNAME and
ur.roleId=rp.ROLE_ID and rp.PERMISSION_ID=p.PERMISSION_ID and {0}' with
arguments [ifridman] and got results
[{PERMISSION_NAME=ROLE_PERMISSIONS_MY_EVENTS},
{PERMISSION_NAME=ROLE_PERMISSIONS_CREATE_EVENTS}]>
We can see here clearly we get two results from the DB:
ROLE_PERMISSIONS_MY_EVENTS
ROLE_PERMISSIONS_CREATE_EVENTS
However only the first one is returned:
2013-11-14 14:16:33,409 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Retrieved
attributes='[NamedPersonImpl[name=ifridman,attributes={PERMISSIONS=[ROLE_PERMISSIONS_MY_EVENTS]}]]'
for query='{username=[ifridman]}', isFirstQuery=false,
currentlyConsidering='org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttribute
...
Thanks
----- Reply message -----
מאת: "Alberto Cabello Sánchez" <[email protected]<mailto:[email protected]>>
אל: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
עותק: "Idan Fridman" <[email protected]<mailto:[email protected]>>
נושא: [cas-user] SingleRowJdbcPersonAttributeDao is not returning the whole
records in resultset
תאריך: יום ו׳, נוב 15, 2013 17:44
El Fri, 15 Nov 2013 14:40:18 +0000
Idan Fridman <[email protected]<mailto:[email protected]>> escribió:
> So in case I have resultset from jdbc which contains more than one record I
> won't
> be able to retrieve all of them via casify client?
I think SingleRowJdbcPersonAttributeDao works assuming a data layout of
a_user_id attr1 attr2 ... attrN
another_user attr1 attr2 ... attrN
a_3rd_user attr1 attr2 ... attrN
I can hardly imagine how do you could need more than a row for just an user.
If, for a strange reason, you have something like
a_user_id attr1 attr2 attr3 ... attrN
same_user attr1 attr2 attr3 ... attrN
What attr set is supposed to be used?
Even in that case, if you know how to manage such schema, you could build a
database view with the merged attributes.
Except if you want to have multi-valued attributes, in which case I fear
it's not supported.
--
Alberto Cabello Sánchez <[email protected]<mailto:[email protected]>>
This e-mail and the information it contains may be privileged and/or
confidential. It is intended solely for the use of the named recipient(s). If
you are not the intended recipient you may not disclose, copy, distribute or
retain any part of this message or attachments. If you have received this
e-mail in error please notify the sender immediately [by clicking 'Reply'] and
delete this e-mail.
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
This e-mail and the information it contains may be privileged and/or
confidential. It is intended solely for the use of the named recipient(s). If
you are not the intended recipient you may not disclose, copy, distribute or
retain any part of this message or attachments. If you have received this
e-mail in error please notify the sender immediately [by clicking 'Reply'] and
delete this e-mail.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
