SEC-51: Use long instead of int for ACL primary keys.

core/src/main/java/org/acegisecurity/acl/basic/jdbc/JdbcDaoImpl.java

@@ -300,8 +300,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
         private AclObjectIdentity aclObjectParentIdentity;
         private Class aclClass;
         private Object recipient;
-        private int foreignKeyId;
         private int mask;
+        private long foreignKeyId;
 
         /**
          * Record details of an individual ACL entry (usually from the
@@ -330,7 +330,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
          *        created for each individual ACL entry (or an inheritence
          *        "holder" class if there are no ACL entries)
          */
-        public AclDetailsHolder(int foreignKeyId,
+        public AclDetailsHolder(long foreignKeyId,
             AclObjectIdentity aclObjectIdentity,
             AclObjectIdentity aclObjectParentIdentity, Class aclClass) {
             this.foreignKeyId = foreignKeyId;
@@ -351,7 +351,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
             return aclObjectParentIdentity;
         }
 
-        public int getForeignKeyId() {
+        public long getForeignKeyId() {
             return foreignKeyId;
         }
 
@@ -384,7 +384,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
     protected class AclsByObjectIdentityMapping extends MappingSqlQuery {
         protected AclsByObjectIdentityMapping(DataSource ds) {
             super(ds, aclsByObjectIdentityQuery);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             compile();
         }
 
@@ -428,7 +428,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
 
         protected Object mapRow(ResultSet rs, int rownum)
             throws SQLException {
-            int id = rs.getInt(1); // required
+            long id = rs.getLong(1); // required
             String objectIdentity = rs.getString(2); // required
             String aclClass = rs.getString(3); // required
             String parentObjectIdentity = rs.getString(4); // optional

core/src/main/java/org/acegisecurity/acl/basic/jdbc/JdbcExtendedDaoImpl.java

@@ -12,6 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package net.sf.acegisecurity.acl.basic.jdbc;
 
 import net.sf.acegisecurity.acl.basic.AclObjectIdentity;
@@ -46,12 +47,12 @@ import javax.sql.DataSource;
  * Extension of the base {@link JdbcDaoImpl}, which implements {@link
  * BasicAclExtendedDao}.
  * </p>
- *
+ * 
  * <p>
  * A default database structure is assumed. This may be overridden by setting
  * the default query strings to use.
  * </p>
- *
+ * 
  * <p>
  * This implementation works with <code>String</code> based recipients and
  * {@link net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity} only. The
@@ -64,6 +65,8 @@ import javax.sql.DataSource;
  */
 public class JdbcExtendedDaoImpl extends JdbcDaoImpl
     implements BasicAclExtendedDao {
+    //~ Static fields/initializers =============================================
+
     private static final Log logger = LogFactory.getLog(JdbcExtendedDaoImpl.class);
     public static final String DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT = "DELETE FROM acl_object_identity WHERE id = ?";
     public static final String DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT = "INSERT INTO acl_object_identity (object_identity, parent_object, acl_class) VALUES (?, ?, ?)";
@@ -71,6 +74,9 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
     public static final String DEF_ACL_PERMISSION_INSERT_STATEMENT = "INSERT INTO acl_permission (acl_object_identity, recipient, mask) VALUES (?, ?, ?)";
     public static final String DEF_ACL_PERMISSION_UPDATE_STATEMENT = "UPDATE acl_permission SET mask = ? WHERE id = ?";
     public static final String DEF_LOOKUP_PERMISSION_ID_QUERY = "SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
+
+    //~ Instance fields ========================================================
+
     private AclObjectIdentityDelete aclObjectIdentityDelete;
     private AclObjectIdentityInsert aclObjectIdentityInsert;
     private AclPermissionDelete aclPermissionDelete;
@@ -84,6 +90,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
     private String aclPermissionUpdateStatement;
     private String lookupPermissionIdQuery;
 
+    //~ Constructors ===========================================================
+
     public JdbcExtendedDaoImpl() {
         aclObjectIdentityDeleteStatement = DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT;
         aclObjectIdentityInsertStatement = DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT;
@@ -93,6 +101,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
         lookupPermissionIdQuery = DEF_LOOKUP_PERMISSION_ID_QUERY;
     }
 
+    //~ Methods ================================================================
+
     public void setAclObjectIdentityDelete(
         AclObjectIdentityDelete aclObjectIdentityDelete) {
         this.aclObjectIdentityDelete = aclObjectIdentityDelete;
@@ -203,17 +213,17 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
         AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
 
         // Retrieve applicable acl_permission.id
-        int permissionId = lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
+        long permissionId = lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
                 recipient.toString());
 
         if (permissionId == -1) {
             throw new DataRetrievalFailureException(
-                "Could not locate existing acl_permission for aclObjectIdentity: " +
-                aclObjectIdentity + ", recipient: " + recipient.toString());
+                "Could not locate existing acl_permission for aclObjectIdentity: "
+                + aclObjectIdentity + ", recipient: " + recipient.toString());
         }
 
         // Change permission
-        aclPermissionUpdate.update(new Integer(permissionId), newMask);
+        aclPermissionUpdate.update(new Long(permissionId), newMask);
     }
 
     public void create(BasicAclEntry basicAclEntry) throws DataAccessException {
@@ -227,18 +237,18 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
         }
 
         // Retrieve acl_object_identity record details
-        AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(basicAclEntry.getAclObjectIdentity());
+        AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(basicAclEntry
+                .getAclObjectIdentity());
 
         // Ensure there isn't an existing record for this recipient
         if (lookupPermissionId(aclDetailsHolder.getForeignKeyId(),
-                    basicAclEntry.getRecipient()) != -1) {
+                basicAclEntry.getRecipient()) != -1) {
             throw new DataIntegrityViolationException(
                 "This recipient already exists for this aclObjectIdentity");
         }
 
         // Create acl_permission
-        aclPermissionInsert.insert(new Integer(
-                aclDetailsHolder.getForeignKeyId()),
+        aclPermissionInsert.insert(new Long(aclDetailsHolder.getForeignKeyId()),
             basicAclEntry.getRecipient().toString(),
             new Integer(basicAclEntry.getMask()));
     }
@@ -249,8 +259,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
         AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
 
         // Retrieve all acl_permissions applying to this acl_object_identity
-        Iterator acls = aclsByObjectIdentity.execute(aclDetailsHolder.getForeignKeyId())
-                                            .iterator();
+        Iterator acls = aclsByObjectIdentity.execute(aclDetailsHolder
+                .getForeignKeyId()).iterator();
 
         // Delete all existing acl_permissions applying to this acl_object_identity
         while (acls.hasNext()) {
@@ -259,7 +269,7 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
         }
 
         // Delete acl_object_identity
-        aclObjectIdentityDelete.delete(new Integer(
+        aclObjectIdentityDelete.delete(new Long(
                 aclDetailsHolder.getForeignKeyId()));
     }
 
@@ -269,8 +279,8 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
         AclDetailsHolder aclDetailsHolder = lookupAclDetailsHolder(aclObjectIdentity);
 
         // Delete acl_permission
-        aclPermissionDelete.delete(new Integer(
-                aclDetailsHolder.getForeignKeyId()), recipient.toString());
+        aclPermissionDelete.delete(new Long(aclDetailsHolder.getForeignKeyId()),
+            recipient.toString());
     }
 
     protected void initDao() throws ApplicationContextException {
@@ -294,18 +304,20 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
      */
     private void createAclObjectIdentityIfRequired(BasicAclEntry basicAclEntry)
         throws DataAccessException {
-        String aclObjectIdentityString = convertAclObjectIdentityToString(basicAclEntry.getAclObjectIdentity());
+        String aclObjectIdentityString = convertAclObjectIdentityToString(basicAclEntry
+                .getAclObjectIdentity());
 
         // Lookup the object's main properties from the RDBMS (guaranteed no nulls)
         List objects = objectProperties.execute(aclObjectIdentityString);
 
         if (objects.size() == 0) {
             if (basicAclEntry.getAclObjectParentIdentity() != null) {
-                AclDetailsHolder parentDetails = lookupAclDetailsHolder(basicAclEntry.getAclObjectParentIdentity());
+                AclDetailsHolder parentDetails = lookupAclDetailsHolder(basicAclEntry
+                        .getAclObjectParentIdentity());
 
                 // Must create the acl_object_identity record
                 aclObjectIdentityInsert.insert(aclObjectIdentityString,
-                    new Integer(parentDetails.getForeignKeyId()),
+                    new Long(parentDetails.getForeignKeyId()),
                     basicAclEntry.getClass().getName());
             } else {
                 // Must create the acl_object_identity record
@@ -352,27 +364,28 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
      *
      * @throws DataAccessException DOCUMENT ME!
      */
-    private int lookupPermissionId(int aclObjectIdentityId, Object recipient)
+    private long lookupPermissionId(long aclObjectIdentityId, Object recipient)
         throws DataAccessException {
-        List list = lookupPermissionIdMapping.execute(new Object[] {
-                    new Integer(aclObjectIdentityId), recipient
-                });
+        List list = lookupPermissionIdMapping.execute(new Object[] {new Long(
+                        aclObjectIdentityId), recipient});
 
         if (list.size() == 0) {
             return -1;
         }
 
-        return ((Integer) list.get(0)).intValue();
+        return ((Long) list.get(0)).longValue();
     }
 
+    //~ Inner Classes ==========================================================
+
     protected class AclObjectIdentityDelete extends SqlUpdate {
         protected AclObjectIdentityDelete(DataSource ds) {
             super(ds, aclObjectIdentityDeleteStatement);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             compile();
         }
 
-        protected void delete(Integer aclObjectIdentity)
+        protected void delete(Long aclObjectIdentity)
             throws DataAccessException {
             super.update(aclObjectIdentity.intValue());
         }
@@ -382,17 +395,15 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
         protected AclObjectIdentityInsert(DataSource ds) {
             super(ds, aclObjectIdentityInsertStatement);
             declareParameter(new SqlParameter(Types.VARCHAR));
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.VARCHAR));
             compile();
         }
 
         protected void insert(String objectIdentity,
-            Integer parentAclObjectIdentity, String aclClass)
+            Long parentAclObjectIdentity, String aclClass)
             throws DataAccessException {
-            Object[] objs = new Object[] {
-                    objectIdentity, parentAclObjectIdentity, aclClass
-                };
+            Object[] objs = new Object[] {objectIdentity, parentAclObjectIdentity, aclClass};
             super.update(objs);
         }
     }
@@ -400,29 +411,29 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
     protected class AclPermissionDelete extends SqlUpdate {
         protected AclPermissionDelete(DataSource ds) {
             super(ds, aclPermissionDeleteStatement);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.VARCHAR));
             compile();
         }
 
-        protected void delete(Integer aclObjectIdentity, String recipient)
+        protected void delete(Long aclObjectIdentity, String recipient)
             throws DataAccessException {
-            super.update(new Object[] { aclObjectIdentity, recipient });
+            super.update(new Object[] {aclObjectIdentity, recipient});
         }
     }
 
     protected class AclPermissionInsert extends SqlUpdate {
         protected AclPermissionInsert(DataSource ds) {
             super(ds, aclPermissionInsertStatement);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.VARCHAR));
             declareParameter(new SqlParameter(Types.INTEGER));
             compile();
         }
 
-        protected void insert(Integer aclObjectIdentity, String recipient,
+        protected void insert(Long aclObjectIdentity, String recipient,
             Integer mask) throws DataAccessException {
-            Object[] objs = new Object[] { aclObjectIdentity, recipient, mask };
+            Object[] objs = new Object[] {aclObjectIdentity, recipient, mask};
             super.update(objs);
         }
     }
@@ -430,12 +441,12 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
     protected class AclPermissionUpdate extends SqlUpdate {
         protected AclPermissionUpdate(DataSource ds) {
             super(ds, aclPermissionUpdateStatement);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.INTEGER));
             compile();
         }
 
-        protected void update(Integer aclPermissionId, Integer newMask)
+        protected void update(Long aclPermissionId, Integer newMask)
             throws DataAccessException {
             super.update(newMask.intValue(), aclPermissionId.intValue());
         }
@@ -444,14 +455,14 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl
     protected class LookupPermissionIdMapping extends MappingSqlQuery {
         protected LookupPermissionIdMapping(DataSource ds) {
             super(ds, lookupPermissionIdQuery);
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.VARCHAR));
             compile();
         }
 
         protected Object mapRow(ResultSet rs, int rownum)
             throws SQLException {
-            return new Integer(rs.getInt(1));
+            return new Long(rs.getLong(1));
         }
     }
 }

core/src/test/java/org/acegisecurity/PopulatedDatabase.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -63,9 +63,9 @@ public class PopulatedDatabase {
         template.execute(
             "CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY)");
         template.execute(
-            "CREATE TABLE ACL_OBJECT_IDENTITY(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT INTEGER,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
+            "CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT BIGINT,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
         template.execute(
-            "CREATE TABLE ACL_PERMISSION(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY INTEGER NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
+            "CREATE TABLE ACL_PERMISSION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
         template.execute("SET IGNORECASE TRUE");
         template.execute("INSERT INTO USERS VALUES('dianne','emu',TRUE)");
         template.execute("INSERT INTO USERS VALUES('marissa','koala',TRUE)");
@@ -94,9 +94,11 @@ public class PopulatedDatabase {
             "INSERT INTO acl_object_identity VALUES (5, 'net.sf.acegisecurity.acl.DomainObject:5', 3, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');");
         template.execute(
             "INSERT INTO acl_object_identity VALUES (6, 'net.sf.acegisecurity.acl.DomainObject:6', 3, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');");
+
         // ----- BEGIN deviation from normal sample data load script -----
         template.execute(
             "INSERT INTO acl_object_identity VALUES (7, 'net.sf.acegisecurity.acl.DomainObject:7', 3, 'some.invalid.acl.entry.class');");
+
         // ----- FINISH deviation from normal sample data load script -----
         template.execute(
             "INSERT INTO acl_permission VALUES (null, 1, 'ROLE_SUPERVISOR', 1);");

core/src/test/java/org/acegisecurity/acl/basic/jdbc/JdbcDaoImplTests.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

core/src/test/java/org/acegisecurity/acl/basic/jdbc/JdbcExtendedDaoImplTests.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

doc/xdocs/dbinit.txt

@@ -37,17 +37,17 @@ INSERT INTO authorities VALUES ('peter', 'ROLE_TELLER');
 --- Indexes auto created in HSQLDB for primary keys and unique columns
 
 CREATE TABLE acl_object_identity (
-     id IDENTITY NOT NULL,
+     id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,
      object_identity VARCHAR_IGNORECASE(250) NOT NULL,
-     parent_object INTEGER,
+     parent_object BIGINT,
      acl_class VARCHAR_IGNORECASE(250) NOT NULL,
      CONSTRAINT unique_object_identity UNIQUE(object_identity),
      FOREIGN KEY (parent_object) REFERENCES acl_object_identity(id)
 );
 
 CREATE TABLE acl_permission (
-     id IDENTITY NOT NULL,
-     acl_object_identity INTEGER NOT NULL,
+     id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0)  NOT NULL PRIMARY KEY
+     acl_object_identity BIGINT NOT NULL,
      recipient VARCHAR_IGNORECASE(100) NOT NULL,
      mask INTEGER NOT NULL,
      CONSTRAINT unique_recipient UNIQUE(acl_object_identity, recipient),