How do I set up this config?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

How do I set up this config?

laredotornado
Hi,

I'm using ibatis 2.3 with Tomcat 6.0.26 and Java 1.6.  I have a
configuration file, "SqlMapConfig.xml", that I use in my global
classpath.  Then I have a queries file, "users.xml", that I only want
one application "X" to have access to.  How do I set up my sql config
client configuration for application "X" to include both the global
file and the specific queries file?

I don't want to add the "users.xml" in the global file like so ...

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE sqlMapConfig PUBLIC "-//ibatis.apache.org//DTD SQL Map
Config 2.0//EN" "http://ibatis.apache.org/dtd/sql-map-config-2.dtd">

<sqlMapConfig>

        <sqlMap resource="users.xml" />
        ...
</sqlMapConfig>

because then everyone would have access to it.  Let me know if I
should provide other details.  Thanks, - Dave
Reply | Threaded
Open this post in threaded view
|

Re: How do I set up this config?

Martin Kuen
Hi Dave,

Could you provide more details? So far, your requirement looks quite "suspicous" . . .

A quick thought:
If Application X has access to the db, it can perform any query it wants (via plain JDBC), expect the db disallows this (no matter if it's able to "see" users.xml or not).
--> Disable the possiblity for application X to send such a query to the database (e.g. application X has another db user)
So if Application X is *able* to do so, although it *must not* . . . . you are in trouble, my friend ;)


Best Regards,

Martin

On Fri, Oct 8, 2010 at 5:41 PM, laredotornado <[hidden email]> wrote:
Hi,

I'm using ibatis 2.3 with Tomcat 6.0.26 and Java 1.6.  I have a
configuration file, "SqlMapConfig.xml", that I use in my global
classpath.   
Then I have a queries file, "users.xml", that I only want
one application "X" to have access to. 
How do I set up my sql config
client configuration for application "X" to include both the global
file and the specific queries file?

I don't want to add the "users.xml" in the global file like so ...

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE sqlMapConfig PUBLIC "-//ibatis.apache.org//DTD SQL Map
Config 2.0//EN" "http://ibatis.apache.org/dtd/sql-map-config-2.dtd">

<sqlMapConfig>

       <sqlMap resource="users.xml" />
       ...
</sqlMapConfig>

because then everyone would have access to it.  Let me know if I
should provide other details.  Thanks, - Dave
Reply | Threaded
Open this post in threaded view
|

Re: How do I set up this config?

laredotornado
This question is motivated more by code organization that any security
concerns.  Right now I initialize my sqlConfig client like so ...

        @Bean(name = "sqlMapClientMesquite")
        @Autowired
        public SqlMapClientFactoryBean
sqlMapClientMesquite(@Qualifier("dataSourceLaughlin") DataSource
dataSource) {
                SqlMapClientFactoryBean factory = new SqlMapClientFactoryBean();
                factory.setConfigLocation(new
ClassPathResource("SqlMapConfig.xml"));
                factory.setDataSource(dataSource);
                return factory;
        }

and all my query files are accessed in the config file
"SqlMapConfig.xml" like so ...

   <sqlMap resource="searchResultSQLMaps.xml" />
   <sqlMap resource="laughlinQueries.xml" />
   <sqlMap resource="mesquiteQueries.xml" />

I also want my sqlConfig client to access a file named "users.xml".  I
could add it to the above list, but since only application "X" will
use it, I would prefer to keep "users.xml" in the application "X"
folder structure instead of adding it to the global classpath
structure.  So how would I set up the sql config client XML file in
such a scenario ?

 - Dave




On Oct 8, 12:24 pm, Martin Kuen <[hidden email]> wrote:

> Hi Dave,
>
> Could you provide more details? So far, your requirement looks quite
> "suspicous" . . .
>
> A quick thought:
> If Application X has access to the db, it can perform any query it wants
> (via plain JDBC), expect the db disallows this (no matter if it's able to
> "see" users.xml or not).
> --> Disable the possiblity for application X to send such a query to the
> database (e.g. application X has another db user)
> So if Application X is *able* to do so, although it *must not* . . . . you
> are in trouble, my friend ;)
>
> Best Regards,
>
> Martin
>
> On Fri, Oct 8, 2010 at 5:41 PM, laredotornado <[hidden email]>wrote:
>
> > Hi,
>
> > I'm using ibatis 2.3 with Tomcat 6.0.26 and Java 1.6.  I have a
> > configuration file, "SqlMapConfig.xml", that I use in my global
> > classpath.
>
> Then I have a queries file, "users.xml", that I only want> one application "X" to have access to.
>
> How do I set up my sql config
>
> > client configuration for application "X" to include both the global
> > file and the specific queries file?
>
> > I don't want to add the "users.xml" in the global file like so ...
>
> > <?xml version="1.0" encoding="utf-8" ?>
> > <!DOCTYPE sqlMapConfig PUBLIC "-//ibatis.apache.org//DTD SQL Map
> > Config 2.0//EN" "http://ibatis.apache.org/dtd/sql-map-config-2.dtd">
>
> > <sqlMapConfig>
>
> >        <sqlMap resource="users.xml" />
> >        ...
> > </sqlMapConfig>
>
> > because then everyone would have access to it.  Let me know if I
> > should provide other details.  Thanks, - Dave
Reply | Threaded
Open this post in threaded view
|

Re: How do I set up this config?

Eduardo Macarron
I suppose you can solve your problem having another SqlMapConfig.xml
file on your X app that just points to users.xml

But your config is quite unusual. I may think in reusing code sharing
jar libraries and no by direct classpath sharing.
Make a users.jar that holds your users queries and a global.jar that
holds all the rest. Then use them in your projects.

On 8 oct, 21:00, laredotornado <[hidden email]> wrote:

> This question is motivated more by code organization that any security
> concerns.  Right now I initialize my sqlConfig client like so ...
>
>         @Bean(name = "sqlMapClientMesquite")
>         @Autowired
>         public SqlMapClientFactoryBean
> sqlMapClientMesquite(@Qualifier("dataSourceLaughlin") DataSource
> dataSource) {
>                 SqlMapClientFactoryBean factory = new SqlMapClientFactoryBean();
>                 factory.setConfigLocation(new
> ClassPathResource("SqlMapConfig.xml"));
>                 factory.setDataSource(dataSource);
>                 return factory;
>         }
>
> and all my query files are accessed in the config file
> "SqlMapConfig.xml" like so ...
>
>    <sqlMap resource="searchResultSQLMaps.xml" />
>    <sqlMap resource="laughlinQueries.xml" />
>    <sqlMap resource="mesquiteQueries.xml" />
>
> I also want my sqlConfig client to access a file named "users.xml".  I
> could add it to the above list, but since only application "X" will
> use it, I would prefer to keep "users.xml" in the application "X"
> folder structure instead of adding it to the global classpath
> structure.  So how would I set up the sql config client XML file in
> such a scenario ?
>
>  - Dave
>
> On Oct 8, 12:24 pm, Martin Kuen <[hidden email]> wrote:
>
>
>
> > Hi Dave,
>
> > Could you provide more details? So far, your requirement looks quite
> > "suspicous" . . .
>
> > A quick thought:
> > If Application X has access to the db, it can perform any query it wants
> > (via plain JDBC), expect the db disallows this (no matter if it's able to
> > "see" users.xml or not).
> > --> Disable the possiblity for application X to send such a query to the
> > database (e.g. application X has another db user)
> > So if Application X is *able* to do so, although it *must not* . . . . you
> > are in trouble, my friend ;)
>
> > Best Regards,
>
> > Martin
>
> > On Fri, Oct 8, 2010 at 5:41 PM, laredotornado <[hidden email]>wrote:
>
> > > Hi,
>
> > > I'm using ibatis 2.3 with Tomcat 6.0.26 and Java 1.6.  I have a
> > > configuration file, "SqlMapConfig.xml", that I use in my global
> > > classpath.
>
> > Then I have a queries file, "users.xml", that I only want> one application "X" to have access to.
>
> > How do I set up my sql config
>
> > > client configuration for application "X" to include both the global
> > > file and the specific queries file?
>
> > > I don't want to add the "users.xml" in the global file like so ...
>
> > > <?xml version="1.0" encoding="utf-8" ?>
> > > <!DOCTYPE sqlMapConfig PUBLIC "-//ibatis.apache.org//DTD SQL Map
> > > Config 2.0//EN" "http://ibatis.apache.org/dtd/sql-map-config-2.dtd">
>
> > > <sqlMapConfig>
>
> > >        <sqlMap resource="users.xml" />
> > >        ...
> > > </sqlMapConfig>
>
> > > because then everyone would have access to it.  Let me know if I
> > > should provide other details.  Thanks, - Dave
Reply | Threaded
Open this post in threaded view
|

Re: How do I set up this config?

Larry Meadors
In reply to this post by laredotornado
Is this a new app? Or are you working on an older application that
requires ibatis2?

I think what you are trying to do is plausible in 3.

Larry


On Fri, Oct 8, 2010 at 1:00 PM, laredotornado <[hidden email]> wrote:

> This question is motivated more by code organization that any security
> concerns.  Right now I initialize my sqlConfig client like so ...
>
>        @Bean(name = "sqlMapClientMesquite")
>        @Autowired
>        public SqlMapClientFactoryBean
> sqlMapClientMesquite(@Qualifier("dataSourceLaughlin") DataSource
> dataSource) {
>                SqlMapClientFactoryBean factory = new SqlMapClientFactoryBean();
>                factory.setConfigLocation(new
> ClassPathResource("SqlMapConfig.xml"));
>                factory.setDataSource(dataSource);
>                return factory;
>        }
>
> and all my query files are accessed in the config file
> "SqlMapConfig.xml" like so ...
>
>   <sqlMap resource="searchResultSQLMaps.xml" />
>   <sqlMap resource="laughlinQueries.xml" />
>   <sqlMap resource="mesquiteQueries.xml" />
>
> I also want my sqlConfig client to access a file named "users.xml".  I
> could add it to the above list, but since only application "X" will
> use it, I would prefer to keep "users.xml" in the application "X"
> folder structure instead of adding it to the global classpath
> structure.  So how would I set up the sql config client XML file in
> such a scenario ?
>
>  - Dave
>
>
>
>
> On Oct 8, 12:24 pm, Martin Kuen <[hidden email]> wrote:
>> Hi Dave,
>>
>> Could you provide more details? So far, your requirement looks quite
>> "suspicous" . . .
>>
>> A quick thought:
>> If Application X has access to the db, it can perform any query it wants
>> (via plain JDBC), expect the db disallows this (no matter if it's able to
>> "see" users.xml or not).
>> --> Disable the possiblity for application X to send such a query to the
>> database (e.g. application X has another db user)
>> So if Application X is *able* to do so, although it *must not* . . . . you
>> are in trouble, my friend ;)
>>
>> Best Regards,
>>
>> Martin
>>
>> On Fri, Oct 8, 2010 at 5:41 PM, laredotornado <[hidden email]>wrote:
>>
>> > Hi,
>>
>> > I'm using ibatis 2.3 with Tomcat 6.0.26 and Java 1.6.  I have a
>> > configuration file, "SqlMapConfig.xml", that I use in my global
>> > classpath.
>>
>> Then I have a queries file, "users.xml", that I only want> one application "X" to have access to.
>>
>> How do I set up my sql config
>>
>> > client configuration for application "X" to include both the global
>> > file and the specific queries file?
>>
>> > I don't want to add the "users.xml" in the global file like so ...
>>
>> > <?xml version="1.0" encoding="utf-8" ?>
>> > <!DOCTYPE sqlMapConfig PUBLIC "-//ibatis.apache.org//DTD SQL Map
>> > Config 2.0//EN" "http://ibatis.apache.org/dtd/sql-map-config-2.dtd">
>>
>> > <sqlMapConfig>
>>
>> >        <sqlMap resource="users.xml" />
>> >        ...
>> > </sqlMapConfig>
>>
>> > because then everyone would have access to it.  Let me know if I
>> > should provide other details.  Thanks, - Dave