This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository observe. See http://git.codelutin.com/observe.git commit 1bbcb073560cc7a280aeb50214cf6ba9470fadd9 Author: Tony CHEMIT <chemit@codelutin.com> Date: Sun Nov 8 17:15:39 2015 +0100 Faire en sorte de bien récupérer les informations de sécurité (on doit traiter le cas des logins sous la forme "login" qui arrive de pg --- .../fr/ird/observe/services/ObserveJdbcHelper.java | 21 ++++++++++++--------- .../ird/observe/services/ObserveSecurityHelper.java | 12 +++++++++--- .../services/service/DataSourceServiceTopia.java | 4 ++-- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java index a2d85c6..46a61c0 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java @@ -39,19 +39,24 @@ public class ObserveJdbcHelper extends JdbcHelper { super(jdbcConfiguration); } - public Set<String> getTablePrivileges(String tableName) { + public Set<String> getTablePrivileges(String schema, String tableName) { Connection connection = null; PreparedStatement preparedStatement = null; try { connection = openConnection(); DatabaseMetaData metaData = connection.getMetaData(); - ResultSet observerDataPrivilege = metaData.getTablePrivileges(null, null, tableName); + ResultSet observerDataPrivilege = metaData.getTablePrivileges(null, schema, tableName); Set<String> tablePrivileges = Sets.newHashSet(); while (observerDataPrivilege.next()) { String security = observerDataPrivilege.getString("PRIVILEGE"); String grantee = observerDataPrivilege.getString("GRANTEE"); + // Il se peut que le login soit echappe sous la forme \"login\" + grantee = grantee.replaceAll("\\\\\"", ""); + if (log.isInfoEnabled()) { + log.info(String.format("(security %s) - grantee (%s)", security, grantee)); + } if (grantee.equals(jdbcConfiguration.getJdbcConnectionUser())) { if (log.isDebugEnabled()) { log.debug("for " + tableName + " table " + grantee + '/' + security); @@ -145,9 +150,9 @@ public class ObserveJdbcHelper extends JdbcHelper { connection = openConnection(); DatabaseMetaData data = connection.getMetaData(); tables = data.getTables(null, - null, - null, - new String[]{"TABLE"} + null, + null, + new String[]{"TABLE"} ); int columnCount = tables.getMetaData().getColumnCount(); @@ -203,8 +208,8 @@ public class ObserveJdbcHelper extends JdbcHelper { PreparedStatement preparedStatement = null; String sql = String.format("SELECT ns.nspname::text || '.' || p.proname::text || '(' || oidvectortypes(p.proargtypes)::text || ')'" + - " FROM pg_proc p INNER JOIN pg_namespace ns ON (p.pronamespace = ns.oid)" + - " WHERE ns.nspname = 'public' AND p.proname ILIKE '%s%%';", functionPattern); + " FROM pg_proc p INNER JOIN pg_namespace ns ON (p.pronamespace = ns.oid)" + + " WHERE ns.nspname = 'public' AND p.proname ILIKE '%s%%';", functionPattern); try { connection = openConnection(); preparedStatement = connection.prepareStatement(sql); @@ -245,6 +250,4 @@ public class ObserveJdbcHelper extends JdbcHelper { } - - } diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveSecurityHelper.java b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveSecurityHelper.java index b74d8a2..be0f518 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveSecurityHelper.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveSecurityHelper.java @@ -67,10 +67,16 @@ public class ObserveSecurityHelper { protected static final String SCHEMA_PUBLIC = "public"; + public static final String OBSERVE_COMMON_SCHEMA_NAME = "OBSERVE_COMMON"; + + public static final String OBSERVE_SEINE_SCHEMA_NAME = "OBSERVE_SEINE"; + + public static final String OBSERVE_LONGLINE_SCHEMA_NAME = "OBSERVE_LONGLINE"; + protected static final Set<String> SCHEMAS = Sets.newHashSet(SCHEMA_PUBLIC, - "OBSERVE_COMMON", - "OBSERVE_SEINE", - "OBSERVE_LONGLINE"); + OBSERVE_COMMON_SCHEMA_NAME, + OBSERVE_SEINE_SCHEMA_NAME, + OBSERVE_LONGLINE_SCHEMA_NAME); public static final Function<String, String> ESCAPE_STRING = new Function<String, String>() { @Override diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java b/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java index 54cf280..dbdc4d5 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java @@ -458,14 +458,14 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS // stockées dans pg canWriteData, canWrite pour etre sur du resultat // recherche des droits sur les données observers - Set<String> dataPrivileges = observeJdbcHelper.getTablePrivileges("trip"); + Set<String> dataPrivileges = observeJdbcHelper.getTablePrivileges(ObserveSecurityHelper.OBSERVE_SEINE_SCHEMA_NAME, "trip"); readData = canRead(dataPrivileges); writeData = canWrite(dataPrivileges); // recherche des droits sur le referentiel - Set<String> referentielPrivileges = observeJdbcHelper.getTablePrivileges("vessel"); + Set<String> referentielPrivileges = observeJdbcHelper.getTablePrivileges(ObserveSecurityHelper.OBSERVE_COMMON_SCHEMA_NAME, "vessel"); // Sur une base PG, on regarde en base ce que l'utilisateur peut lire/écrire readReferential = true; -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.