Jeff Butler
--
Sent from my mobile device
regards
Mario
DB2 10 supports it -
http://ibmsystemsmag.blogs.com/db2utor/2010/11/fine-grained-access-control-strengthens-data-security.html
Oracle also -
http://databases.about.com/b/2008/04/10/oracle-fine-grained-access-control.htm
thanks
Mario
From: Silvia <silvia...@gmail.com>
To: mybatis-user <mybati...@googlegroups.com>
That is what I have hacked into our myBatis fork, described partially in the
mail copied below.
The problems are:
- View based solutions, db vendor's things are limited, for example based on
current db user which makes them useless in one db user environment
(connection pooling).
- You can add parameters to every select, but it's a lot of work (readablility
problems, etc).
- Sometimes you need to pass many fixed parameters to every select (as we have
to)
- You need to pass those parameters to every associated selects fired by the
main statement, in unlimited levels. You can not pass easily many parameters
to associations beside the logically required ones, it will be a mess.
- Sometimes you need to pass different parameters to the associated selects
than the main one! This can only be done if you intercept all the statements
somewhere in myBatis.
- In our project the parameters (where clausules) can not be put into or
generated in the database. It is generated from things not available in the
database!
Our version works superb, but it was done in about a day and has many other
ugly modifications like iBatis2 style caching and removed lazy loading and
local cacheing code :)
It would be great if myBatis could support this out of the box, because we
could get one step further to get rid of maintaining our fork. And it can be
used to address problems other than row based security too.
Best regards,
Balázs Terényi
---------------
I have managed to modify every parameter passed to myBatis on the fly to
extend the "user" given parameters with two fixed ones, that every select can
access, even selects fired by associations and collections (recursive).
I have extended org.apache.ibatis.executor.parameter.ParameterHandler which
replaces every parameter with a HashMap and puts the original param in and the
two common parameters too. It works, but there are two problems with it:
1. EL expressions have no access to the added parameters, only the original
parameters with the original notation. Not a problem for us, but...
2. Cacheing is not working.
Is there an another place in the myBatis workflow where I can intercept those
calls to change the parameters (which occurs somewhere at the beginning)?
Or any other method to modify the parameters or put in somehow other
parameters accessible for every statement with recursion to association and
collection selects?
Think of it like global variables avaiable to every statement (selects), but
those variables are set up exclusivelly for every statement regardless of what
invoked that statement (user or myBatis for associations and collections).
----------------
2011 July 13 Wednesday 09:29:14 Silvia:
v9 supports LBAC i.e. label based security
thanks
Mario
Mario
DB2 version 8 has no support for FGAC or LBAC. So you will need to build
this in the app layer if you're on v8.
regards
Mario
From: Silvia <silvia...@gmail.com>
To: mybatis-user <mybati...@googlegroups.com>
From: Silvia <silvia...@gmail.com>
To: mybatis-user <mybati...@googlegroups.com>
Date: 07/14/2011 04:19 PM
Subject: Re: Adding where clauses from database.
Sent by: mybati...@googlegroups.com
2011 July 15 Friday 10:46:28 Eduardo:
As I promised, I am back to explain here the solution we have achieved for
future readers.
Thanks to Balázs Terényi's aproach, I start debugging myBatis classes so as
to determine the "interruption points" where I can add my dynamic clauses.
Specifically, in the methods of the DefaultSqlSession class, you can get the
current statement which is being processed. Once here, the mapper statement
can be an instance of ProviderSqlSource class or DynamicSqlSource class.
If the query is being made through a provider, you can add your own
parameters to the bbject parameter and then recover them in the provider
itself and add them to a SqlBuilder.WHERE.
If it is being made through a SQL statement directly, in the
DynamicSqlSource class you have access to the SQL sentence and modify it at
this point:
SqlSource sqlSource =
sqlSourceParser.parse(*transformer.checkSecurity*(context.getSql()),
parameterType);
Thank you very much to all of you who helped me and specially to Terényi.
Kind regards,
Silvia.
--
View this message in context: http://mybatis-user.963551.n3.nabble.com/Adding-where-clauses-from-database-tp3162632p3341715.html
Sent from the mybatis-user mailing list archive at Nabble.com.