From d967fb81f5c0da8d875f75a91fbebcbb7071b4ef Mon Sep 17 00:00:00 2001 From: Mustapha Zorgati <15628173+mustaphazorgati@users.noreply.github.com> Date: Thu, 5 Aug 2021 20:39:32 +0200 Subject: [PATCH] TSK-1692: now explicitly list database columns in SecurityVerifier --- .../internal/configuration/SecurityVerifier.java | 15 ++++++++------- .../config/TaskanaSecurityConfigAccTest.java | 10 +++++++--- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/common/taskana-common/src/main/java/pro/taskana/common/internal/configuration/SecurityVerifier.java b/common/taskana-common/src/main/java/pro/taskana/common/internal/configuration/SecurityVerifier.java index 19d3bd0d8..bdf38a382 100644 --- a/common/taskana-common/src/main/java/pro/taskana/common/internal/configuration/SecurityVerifier.java +++ b/common/taskana-common/src/main/java/pro/taskana/common/internal/configuration/SecurityVerifier.java @@ -12,16 +12,16 @@ import pro.taskana.common.api.exceptions.SystemException; public class SecurityVerifier { + public static final String SECURITY_FLAG_COLUMN_NAME = "ENFORCE_SECURITY"; + public static final String INSERT_SECURITY_FLAG_SQL = + "INSERT INTO %s.CONFIGURATION (" + SECURITY_FLAG_COLUMN_NAME + " ) VALUES (%b)"; + public static final String SELECT_SECURITY_FLAG_SQL = "SELECT %s FROM %s.CONFIGURATION"; + private static final Logger LOGGER = LoggerFactory.getLogger(SecurityVerifier.class); - private static final String SECURITY_FLAG_COLUMN_NAME = "ENFORCE_SECURITY"; - private static final String INSERT_SECURITY_FLAG = - "INSERT INTO %s.CONFIGURATION VALUES (%b, null)"; - private static final String SELECT_SECURITY_FLAG = "SELECT %s FROM %s.CONFIGURATION"; private final String schemaName; private final DataSource dataSource; public SecurityVerifier(DataSource dataSource, String schema) { - super(); this.dataSource = dataSource; this.schemaName = schema; } @@ -36,7 +36,7 @@ public class SecurityVerifier { SqlRunner sqlRunner = new SqlRunner(connection); String querySecurity = - String.format(SELECT_SECURITY_FLAG, SECURITY_FLAG_COLUMN_NAME, schemaName); + String.format(SELECT_SECURITY_FLAG_SQL, SECURITY_FLAG_COLUMN_NAME, schemaName); if ((boolean) sqlRunner.selectOne(querySecurity).get(SECURITY_FLAG_COLUMN_NAME) && !securityEnabled) { @@ -66,7 +66,8 @@ public class SecurityVerifier { try (Connection connection = dataSource.getConnection()) { - String setSecurityFlagSql = String.format(INSERT_SECURITY_FLAG, schemaName, securityEnabled); + String setSecurityFlagSql = + String.format(INSERT_SECURITY_FLAG_SQL, schemaName, securityEnabled); try (PreparedStatement preparedStatement = connection.prepareStatement(setSecurityFlagSql)) { diff --git a/lib/taskana-core/src/test/java/acceptance/config/TaskanaSecurityConfigAccTest.java b/lib/taskana-core/src/test/java/acceptance/config/TaskanaSecurityConfigAccTest.java index 784e5d50c..720d5b2a8 100644 --- a/lib/taskana-core/src/test/java/acceptance/config/TaskanaSecurityConfigAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/config/TaskanaSecurityConfigAccTest.java @@ -16,6 +16,7 @@ import org.junit.jupiter.api.Test; import pro.taskana.TaskanaEngineConfiguration; import pro.taskana.common.api.exceptions.SystemException; import pro.taskana.common.internal.configuration.DbSchemaCreator; +import pro.taskana.common.internal.configuration.SecurityVerifier; import pro.taskana.sampledata.SampleDataGenerator; class TaskanaSecurityConfigAccTest { @@ -88,7 +89,9 @@ class TaskanaSecurityConfigAccTest { String selectSecurityFlagSql = String.format( - "SELECT * FROM %s.CONFIGURATION", TaskanaEngineTestConfiguration.getSchemaName()); + SecurityVerifier.SELECT_SECURITY_FLAG_SQL, + SecurityVerifier.SECURITY_FLAG_COLUMN_NAME, + TaskanaEngineTestConfiguration.getSchemaName()); Statement statement = connection.createStatement(); ResultSet resultSet = statement.executeQuery(selectSecurityFlagSql); @@ -107,8 +110,9 @@ class TaskanaSecurityConfigAccTest { String sql = String.format( - "INSERT INTO %s.CONFIGURATION VALUES (%b, null)", - TaskanaEngineTestConfiguration.getSchemaName(), securityFlag); + SecurityVerifier.INSERT_SECURITY_FLAG_SQL, + TaskanaEngineTestConfiguration.getSchemaName(), + securityFlag); Statement statement = connection.createStatement(); statement.execute(sql);