Project

General

Profile

Bug #1202

If request sessionid not recognized, Metacat SQL error & 0 records returned

Added by Matthew Brooke almost 16 years ago. Updated almost 16 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
metacat
Target version:
Start date:
11/04/2003
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
1202

Description

Problem:
When searching metacat from an HTML form, if the form contains a hidden field name="sessionid",
and the value of sessionid is not recognized by metacat, a SQL error is generated in the tomcat log
and metacat returns 0 documents.

Proposed correction:
If Metacat gets a sessionid that it doesn't recognize, it should assume the user is not logged in and
return all the "public access" documents, instead of returning no documents. This would
presumably mean validating the sessionid first, before putting together the SQL query.

(usage note: the above scenario was encountered when using the getSessionId() method of the
metacat client API to get the sessionid when the user logs in - browser cookies were not involved.
If the user was not logged in, the sessionid hidden field value was the string value "NULL", which
led to this behavior)

Sample tomcat log output for a search on the keyword "grass" - note that the initial SQL query
(starting on line 5) is well formed - the problem comes later, presumably when the user ID is
incorporated into the query? (e.g. "...AND subtreeid IS NULL...")
--------------------------------
MetaCat: Connection pool size: 5
MetaCat: Free Connection number: 5
MetaCat: Line 230: Action is: query
MetaCat: percentage number: 0
MetaCat: query: SELECT docid,docname,doctype,date_created, date_updated, rev FROM
xml_documents WHERE docid IN ((SELECT DISTINCT docid FROM xml_nodes WHERE
UPPER LIKE '%GRASS%' )
)
MetaCat: OwnerQuery: SELECT docid FROM xml_documents WHERE
MetaCat: allow string is: OR (principal_name = 'public' AND perm_type = 'allow' AND
(permission='4' OR permission='7'))
MetaCat: allow query is: SELECT docid from xml_access WHERE( OR (principal_name = 'public' AND
perm_type = 'allow' AND (permission='4' OR permission='7'))) AND subtreeid IS NULL
MetaCat: denyquery is: SELECT docid from xml_access WHERE( OR (principal_name = 'public' AND
perm_type = 'deny' AND perm_order ='allowFirst' AND (permission='4' OR permission='7'))) AND
subtreeid IS NULL
MetaCat: accessquery is: AND (docid IN OR (docid IN
(SELECT docid from xml_access WHERE( OR (principal_name = 'public' AND perm_type = 'allow'
AND (permission='4' OR permission='7'))) AND subtreeid IS NULL) AND docid NOT IN (SELECT docid
from xml_access WHERE( OR (principal_name = 'public' AND perm_type = 'deny' AND perm_order
='allowFirst' AND (permission='4' OR permission='7'))) AND subtreeid IS NULL )))
MetaCat: final query: SELECT docid,docname,doctype,date_created, date_updated, rev FROM
xml_documents WHERE docid IN ((SELECT DISTINCT docid FROM xml_nodes WHERE
UPPER LIKE '%GRASS%' )
) AND (docid IN OR (docid IN (SELECT docid from
xml_access WHERE( OR (principal_name = 'public' AND perm_type = 'allow' AND (permission='4'
OR permission='7'))) AND subtreeid IS NULL) AND docid NOT IN (SELECT docid from xml_access
WHERE( OR (principal_name = 'public' AND perm_type = 'deny' AND perm_order ='allowFirst' AND
(permission='4' OR permission='7'))) AND subtreeid IS NULL )))
SQL Error in DBQuery.findDocuments: ERROR: parser: parse error at or near ")" at character 231

MetaCat: Trying style-set file: /Applications/jakarta-tomcat/webapps/knb/knb.xml
MetaCat: style system id is: http://anacapa.nceas.ucsb.edu:8080/knb/style/resultset.xsl

History

#1 Updated by Jing Tao almost 16 years ago

The reseaon cause the bug is the username is null in this situation. So in MetaCatServlet
class, the code assigning username as "public" was added. According test, the new
code works well.

#2 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 1202

Also available in: Atom PDF