Re: [Dev] Checking the existence of the roles with the character "@"
Hi Ishara,
Thanks for the reply. But I think your suggestion won't work either. While
debugging in super-tenant mode, I found that we are not sending the tenant
id with role name. So it will will still go through the same path and
return false for already existing role which has a "@" character.
Thanks.
Regards,
Megala
On Mon, Oct 17, 2016 at 10:50 AM, Ishara Cooray wrote:
> What if the create role context logic is changed as below.
>
> JDBCRoleContext searchCtx = new JDBCRoleContext();
> String[] roleNameParts = roleName.split(UserCoreConstants.
> TENANT_DOMAIN_COMBINER);
> if (roleNameParts.length > 1 && (roleNameParts[1] == null ||
> roleNameParts[1].equals("null"))) {
> roleNameParts = new String[]{roleNameParts[0]};
> }
>
> to
>
> JDBCRoleContext searchCtx = new JDBCRoleContext();
> String[] roleNameParts = roleName.split(UserCoreConstants.
> TENANT_DOMAIN_COMBINER);
> if (roleNameParts.length > 1 && (roleNameParts[1] == null ||
> roleNameParts[1].equals("null"))) {
> roleNameParts = new String[]{roleName.substring(0,
> roleName.lastIndexOf("@"))};
> }
>
> However there is no need to create a new string array here. Simply String
> should do(you can assign it to a String variable other that using existing
> string array). Please check that as well.
>
>
> Thanks & Regards,
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> On Mon, Oct 17, 2016 at 9:55 AM, Megala Uthayakumar
> wrote:
>
>> Hi All,
>>
>> I am working on a jira issue which is related with problem in updating
>> the permissions for the role names with special characters[1]. When I was
>> analyzing this issue I found that
>> when we have an existing role with a "@" character, the system returns
>> false, even that particular role exists in the primary user store. This is
>> because, in the JDBCUserStoreManager, before checking whether the
>> particular role exists, it creates a role context [2], in which it splits
>> the role using "@" character and takes the 1st part of the role as the role
>> name and if the split has more than a single part [3], it considers second
>> part as the tenant id.
>>
>> For example if we have a role with a name 'test@', it will consider
>> 'test' as a role name, because of that isExisting check, returns false.
>>
>> This behavior affects the role addition in management console too. After
>> creating a role with a name "test@" , if we try to create another role
>> name with the same name, it throws, following exception.
>> *Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key
>> violation: "CONSTRAINT_INDEX_19 ON PUBLIC.UM_ROLE(UM_ROLE_NAME,
>> UM_TENANT_ID) VALUES ( /* key:6 */ null, 'adadad@', -1234, null)"; SQL
>> statement:*
>> *INSERT INTO UM_ROLE (UM_ROLE_NAME, UM_TENANT_ID) VALUES (?, ?)
>> [23505-175]*
>> * at org.h2.message.DbException.getJdbcSQLException(DbException.java:332)*
>> * at org.h2.message.DbException.get(DbException.java:172)*
>> * at org.h2.message.DbException.get(DbException.java:149)*
>> * at org.h2.index.BaseIndex.getDuplicateKeyException(BaseIndex.java:101)*
>> * at org.h2.index.PageBtree.find(PageBtree.java:121)*
>> * at org.h2.index.PageBtreeLeaf.addRow(PageBtreeLeaf.java:148)*
>> * at org.h2.index.PageBtreeLeaf.addRowTry(PageBtreeLeaf.java:101)*
>> * at org.h2.index.PageBtreeIndex.ad
>> dRow(PageBtreeIndex.java:96)*
>> * at org.h2.index.PageBtreeIndex.ad
>> d(PageBtreeIndex.java:87)*
>> * at org.h2.table.RegularTable.addRow(RegularTable.java:119)*
>> * at org.h2.command.dml.Insert.insertRows(Insert.java:157)*
>> * at org.h2.command.dml.Insert.update(Insert.java:115)*
>> * at org.h2.command.CommandContainer.update(CommandContainer.java:79)*
>> * at org.h2.command.Command.executeUpdate(Command.java:253)*
>> * at
>> org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:154)*
>> * at
>> org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:140)*
>> * at
>> org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.updateStringValuesToDatabase(JDBCUserStoreManager.java:2352)*
>> * ... 78 more*
>> *[2016-10-17 09:33:50,836] ERROR
>> {org.wso2.carbon.user.mgt.ui.UserAdminClient} - Error occurred while
>> getting database type from DB connection*
>> *org.apache.axis2.AxisFault: Error occurred while getting database type
>> from DB connection*
>> * at org.apache.axis2.util.Utils.ge
>> tInboundFaultFromMessageContext(Utils.java:531)*
>> * at
>> org.apache.axis2.description.RobustOutOnlyAxisOperation$RobustOutOnlyOperationClient.handleResponse(RobustOutOnlyAxisOperation.java:91)*
>> * at
>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)*
>> * at
>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)*
>> * at
>> org.apache.axis2.client.OperationClie
Re: [Dev] Checking the existence of the roles with the character "@"
What if the create role context logic is changed as below.
JDBCRoleContext searchCtx = new JDBCRoleContext();
String[] roleNameParts = roleName.split(UserCoreConstants.
TENANT_DOMAIN_COMBINER);
if (roleNameParts.length > 1 && (roleNameParts[1] == null || roleNameParts[1
].equals("null"))) {
roleNameParts = new String[]{roleNameParts[0]};
}
to
JDBCRoleContext searchCtx = new JDBCRoleContext();
String[] roleNameParts = roleName.split(UserCoreConstants.
TENANT_DOMAIN_COMBINER);
if (roleNameParts.length > 1 && (roleNameParts[1] == null || roleNameParts[1
].equals("null"))) {
roleNameParts = new String[]{roleName.substring(0,
roleName.lastIndexOf("@"))};
}
However there is no need to create a new string array here. Simply String
should do(you can assign it to a String variable other that using existing
string array). Please check that as well.
Thanks & Regards,
Ishara Cooray
Senior Software Engineer
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware
On Mon, Oct 17, 2016 at 9:55 AM, Megala Uthayakumar wrote:
> Hi All,
>
> I am working on a jira issue which is related with problem in updating the
> permissions for the role names with special characters[1]. When I was
> analyzing this issue I found that
> when we have an existing role with a "@" character, the system returns
> false, even that particular role exists in the primary user store. This is
> because, in the JDBCUserStoreManager, before checking whether the
> particular role exists, it creates a role context [2], in which it splits
> the role using "@" character and takes the 1st part of the role as the role
> name and if the split has more than a single part [3], it considers second
> part as the tenant id.
>
> For example if we have a role with a name 'test@', it will consider
> 'test' as a role name, because of that isExisting check, returns false.
>
> This behavior affects the role addition in management console too. After
> creating a role with a name "test@" , if we try to create another role
> name with the same name, it throws, following exception.
> *Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key
> violation: "CONSTRAINT_INDEX_19 ON PUBLIC.UM_ROLE(UM_ROLE_NAME,
> UM_TENANT_ID) VALUES ( /* key:6 */ null, 'adadad@', -1234, null)"; SQL
> statement:*
> *INSERT INTO UM_ROLE (UM_ROLE_NAME, UM_TENANT_ID) VALUES (?, ?)
> [23505-175]*
> * at org.h2.message.DbException.getJdbcSQLException(DbException.java:332)*
> * at org.h2.message.DbException.get(DbException.java:172)*
> * at org.h2.message.DbException.get(DbException.java:149)*
> * at org.h2.index.BaseIndex.getDuplicateKeyException(BaseIndex.java:101)*
> * at org.h2.index.PageBtree.find(PageBtree.java:121)*
> * at org.h2.index.PageBtreeLeaf.addRow(PageBtreeLeaf.java:148)*
> * at org.h2.index.PageBtreeLeaf.addRowTry(PageBtreeLeaf.java:101)*
> * at org.h2.index.PageBtreeIndex.addRow(PageBtreeIndex.java:96)*
> * at org.h2.index.PageBtreeIndex.add(PageBtreeIndex.java:87)*
> * at org.h2.table.RegularTable.addRow(RegularTable.java:119)*
> * at org.h2.command.dml.Insert.insertRows(Insert.java:157)*
> * at org.h2.command.dml.Insert.update(Insert.java:115)*
> * at org.h2.command.CommandContainer.update(CommandContainer.java:79)*
> * at org.h2.command.Command.executeUpdate(Command.java:253)*
> * at
> org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:154)*
> * at
> org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:140)*
> * at
> org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.updateStringValuesToDatabase(JDBCUserStoreManager.java:2352)*
> * ... 78 more*
> *[2016-10-17 09:33:50,836] ERROR
> {org.wso2.carbon.user.mgt.ui.UserAdminClient} - Error occurred while
> getting database type from DB connection*
> *org.apache.axis2.AxisFault: Error occurred while getting database type
> from DB connection*
> * at
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)*
> * at
> org.apache.axis2.description.RobustOutOnlyAxisOperation$RobustOutOnlyOperationClient.handleResponse(RobustOutOnlyAxisOperation.java:91)*
> * at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)*
> * at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)*
> * at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)*
> * at
> org.wso2.carbon.user.mgt.stub.UserAdminStub.addRole(UserAdminStub.java:5002)*
> * at
> org.wso2.carbon.user.mgt.ui.UserAdminClient.addRole(UserAdminClient.java:76)*
> * at
> org.apache.jsp.role.add_002dfinish_002dajaxprocessor_jsp._jspService(add_002dfinish_002dajaxprocessor_jsp.java:159)*
> * at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)*
> * at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)*
> * at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)*
> * at
> org.apache.jasper.servlet.JspServlet.serviceJspFil
[Dev] Checking the existence of the roles with the character "@"
Hi All,
I am working on a jira issue which is related with problem in updating the
permissions for the role names with special characters[1]. When I was
analyzing this issue I found that
when we have an existing role with a "@" character, the system returns
false, even that particular role exists in the primary user store. This is
because, in the JDBCUserStoreManager, before checking whether the
particular role exists, it creates a role context [2], in which it splits
the role using "@" character and takes the 1st part of the role as the role
name and if the split has more than a single part [3], it considers second
part as the tenant id.
For example if we have a role with a name 'test@', it will consider 'test'
as a role name, because of that isExisting check, returns false.
This behavior affects the role addition in management console too. After
creating a role with a name "test@" , if we try to create another role name
with the same name, it throws, following exception.
*Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key
violation: "CONSTRAINT_INDEX_19 ON PUBLIC.UM_ROLE(UM_ROLE_NAME,
UM_TENANT_ID) VALUES ( /* key:6 */ null, 'adadad@', -1234, null)"; SQL
statement:*
*INSERT INTO UM_ROLE (UM_ROLE_NAME, UM_TENANT_ID) VALUES (?, ?) [23505-175]*
* at org.h2.message.DbException.getJdbcSQLException(DbException.java:332)*
* at org.h2.message.DbException.get(DbException.java:172)*
* at org.h2.message.DbException.get(DbException.java:149)*
* at org.h2.index.BaseIndex.getDuplicateKeyException(BaseIndex.java:101)*
* at org.h2.index.PageBtree.find(PageBtree.java:121)*
* at org.h2.index.PageBtreeLeaf.addRow(PageBtreeLeaf.java:148)*
* at org.h2.index.PageBtreeLeaf.addRowTry(PageBtreeLeaf.java:101)*
* at org.h2.index.PageBtreeIndex.addRow(PageBtreeIndex.java:96)*
* at org.h2.index.PageBtreeIndex.add(PageBtreeIndex.java:87)*
* at org.h2.table.RegularTable.addRow(RegularTable.java:119)*
* at org.h2.command.dml.Insert.insertRows(Insert.java:157)*
* at org.h2.command.dml.Insert.update(Insert.java:115)*
* at org.h2.command.CommandContainer.update(CommandContainer.java:79)*
* at org.h2.command.Command.executeUpdate(Command.java:253)*
* at
org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:154)*
* at
org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:140)*
* at
org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.updateStringValuesToDatabase(JDBCUserStoreManager.java:2352)*
* ... 78 more*
*[2016-10-17 09:33:50,836] ERROR
{org.wso2.carbon.user.mgt.ui.UserAdminClient} - Error occurred while
getting database type from DB connection*
*org.apache.axis2.AxisFault: Error occurred while getting database type
from DB connection*
* at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)*
* at
org.apache.axis2.description.RobustOutOnlyAxisOperation$RobustOutOnlyOperationClient.handleResponse(RobustOutOnlyAxisOperation.java:91)*
* at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)*
* at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)*
* at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)*
* at
org.wso2.carbon.user.mgt.stub.UserAdminStub.addRole(UserAdminStub.java:5002)*
* at
org.wso2.carbon.user.mgt.ui.UserAdminClient.addRole(UserAdminClient.java:76)*
* at
org.apache.jsp.role.add_002dfinish_002dajaxprocessor_jsp._jspService(add_002dfinish_002dajaxprocessor_jsp.java:159)*
* at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)*
* at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)*
* at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)*
* at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)*
* at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)*
* at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)*
* at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)*
* at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)*
* at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)*
* at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)*
* at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)*
* at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)*
* at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)*
* at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)*
* at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)*
* at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)*
* at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)*
* at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
