Revision 6606
Added by ben leinfelder over 12 years ago
AccessControlList.java | ||
---|---|---|
27 | 27 |
|
28 | 28 |
package edu.ucsb.nceas.metacat.accesscontrol; |
29 | 29 |
|
30 |
import java.io.*; |
|
31 |
import java.sql.*; |
|
30 |
import java.io.IOException; |
|
31 |
import java.io.StringReader; |
|
32 |
import java.sql.PreparedStatement; |
|
33 |
import java.sql.ResultSet; |
|
34 |
import java.sql.SQLException; |
|
32 | 35 |
import java.util.Stack; |
33 | 36 |
import java.util.Vector; |
34 | 37 |
|
35 | 38 |
import org.apache.log4j.Logger; |
36 | 39 |
import org.xml.sax.Attributes; |
37 |
import org.xml.sax.InputSource; |
|
38 | 40 |
import org.xml.sax.ContentHandler; |
39 | 41 |
import org.xml.sax.EntityResolver; |
40 | 42 |
import org.xml.sax.ErrorHandler; |
43 |
import org.xml.sax.InputSource; |
|
41 | 44 |
import org.xml.sax.SAXException; |
42 | 45 |
import org.xml.sax.XMLReader; |
46 |
import org.xml.sax.helpers.DefaultHandler; |
|
43 | 47 |
import org.xml.sax.helpers.XMLReaderFactory; |
44 |
import org.xml.sax.helpers.DefaultHandler; |
|
45 | 48 |
|
46 | 49 |
import edu.ucsb.nceas.metacat.BasicNode; |
47 | 50 |
import edu.ucsb.nceas.metacat.DBEntityResolver; |
48 | 51 |
import edu.ucsb.nceas.metacat.DocumentImpl; |
49 | 52 |
import edu.ucsb.nceas.metacat.McdbException; |
50 |
import edu.ucsb.nceas.metacat.PermissionController; |
|
51 | 53 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
52 | 54 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
53 | 55 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
54 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
|
55 |
import edu.ucsb.nceas.metacat.util.MetacatUtil; |
|
56 | 56 |
import edu.ucsb.nceas.metacat.util.SystemUtil; |
57 | 57 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
58 | 58 |
|
... | ... | |
478 | 478 |
{ |
479 | 479 |
//DBConnection conn = null; |
480 | 480 |
//int serialNumber = -1; |
481 |
Statement stmt = null;
|
|
481 |
PreparedStatement pstmt = null;
|
|
482 | 482 |
try |
483 | 483 |
{ |
484 | 484 |
//check out DBConenction |
485 | 485 |
//conn=DBConnectionPool.getDBConnection("AccessControlList.deltePerm"); |
486 | 486 |
//serialNumber=conn.getCheckOutSerialNumber(); |
487 |
String sql = "DELETE FROM xml_access WHERE accessfileid = ?"; |
|
487 | 488 |
// delete all acl records for resources related to @aclid if any |
488 |
stmt = connection.createStatement(); |
|
489 |
pstmt = connection.prepareStatement(sql); |
|
490 |
pstmt.setString(1, aclid); |
|
489 | 491 |
// Increase DBConnection usage count |
490 | 492 |
connection.increaseUsageCount(1); |
491 |
logMetacat.debug("running sql: " + stmt.toString()); |
|
492 |
stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid |
|
493 |
+ "'"); |
|
493 |
logMetacat.debug("running sql: " + pstmt.toString()); |
|
494 |
pstmt.execute(); |
|
494 | 495 |
//increase usageCount!!!!!! |
495 | 496 |
//conn.increaseUsageCount(1); |
496 | 497 |
} |
... | ... | |
500 | 501 |
} |
501 | 502 |
finally |
502 | 503 |
{ |
503 |
stmt.close(); |
|
504 |
pstmt.close();
|
|
504 | 505 |
//retrun DBConnection |
505 | 506 |
//DBConnectionPool.returnDBConnection(conn,serialNumber); |
506 | 507 |
} |
Also available in: Unified diff
uses prepared statement instead of plain old statement.
deprecated the DBConnection.createStatement() method to discourage direct parameter value use in favor of parameter binding.
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5527