Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2738: authorities-by-username-query: The first field of the query is passed as paramater value #2962

Closed
spring-projects-issues opened this issue Oct 13, 2014 · 3 comments
Assignees
Labels
type: bug type: jira

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Oct 13, 2014

Chris Korakidis (Migrated from SEC-2738) said:

with the following configuration:

users-by-username-query="select 22 as age, true as enabled, email as username, password from user where email=?"
authorities-by-username-query="select 22 as age, true as enabled, email as username, authority as role from user where email=?"/>

I'll get a 'Bad credentials' response and the db sql log will be

BST LOG:  execute <unnamed>: select 22 as age, true as enabled, email as username, password from consumer where email=$1
BST DETAIL:  parameters: $1 = 'user@mail.com'
BST LOG:  execute <unnamed>: select 22 as age, true as enabled, email as username, authority as role from consumer where email=$1
BST DETAIL:  parameters: $1 = '22'

While in the users-by-username-query case it passes the value of the email field in the parameter, in the case of the authorities-by-username-query it passes the value of the first field of the query in the parameter

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Oct 21, 2014

Rob Winch said:

Spring Security obtains the results for both the users-byusername-query and the authorities-by-username-query based upon the column index. This is also documented within the javadoc for both queries. In other words, this does not appear to be a bug.

If you still believe there is room for improvement, please suggest a change.

@spring-projects-issues spring-projects-issues added Waiting for Feedback type: bug type: jira labels Feb 5, 2016
@rwinch rwinch added status: waiting-for-feedback status: waiting-for-triage and removed status: waiting-for-triage Waiting for Feedback labels May 3, 2019
@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented May 10, 2019

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder label May 10, 2019
@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented May 17, 2019

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.

@spring-projects-issues spring-projects-issues removed status: waiting-for-feedback status: feedback-reminder labels May 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: bug type: jira
Projects
None yet
Development

No branches or pull requests

2 participants