Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EclipseLink » JPA reuse some "previous" JDBC login credentials(Security Bug ?)
JPA reuse some "previous" JDBC login credentials [message #1224976] Sat, 28 December 2013 09:58 Go to next message
Aldo Bariani is currently offline Aldo BarianiFriend
Messages: 1
Registered: December 2013
Junior Member
I don't know if this really is a bug ... it seems that something remains "open".
I'm using EclipseLink 2.5.1 with com.microsoft.sqlserver.jdbc.SQLServerDriver.
On the second call at the createEntityManagerFactory method a wrong password is ignored and everything works as well ...
Do I have to reset or clean some kind of Connection or Session Object ?
    String userId = "sa";
    String psw = "rightPassword";
    Map<String, Object> paramsConnect = new HashMap<String, Object>();
    paramsConnect.put("javax.persistence.jdbc.user", userId);
    paramsConnect.put("javax.persistence.jdbc.password", psw);

    EntityManagerFactory emf = Persistence.createEntityManagerFactory("PU", paramsConnect);
    EntityManager em = emf.createEntityManager();
    Query q = em.createNativeQuery("SELECT * FROM Tab1");
    List<Object[]> rows = q.getResultList();
    System.err.println(rows.get(0));

    em.clear();
    em.close();
    emf.close();

    psw = "wrongPassword";
    EntityManagerFactory emf1 = Persistence.createEntityManagerFactory("PU", paramsConnect);
    EntityManager em1 = emf1.createEntityManager();
    Query q1 = em1.createNativeQuery("SELECT * FROM Tab2");
    List<Object[]> rows1 = q1.getResultList();
    System.err.println(rows1.get(0));

Thanks in advance
Re: JPA reuse some "previous" JDBC login credentials [message #1226710 is a reply to message #1224976] Thu, 02 January 2014 13:15 Go to previous message
Chris Delahunt is currently offline Chris DelahuntFriend
Messages: 1274
Registered: July 2009
Senior Member
I hope you just ommited some code as calling psw = "wrongPassword"; will not change the password stored in the paramsConnect map.

Try turning on EclipseLink logging to finest to see when the session is being logged out and released.
Previous Topic:Toplink 9 to EclipseLink migration issue
Next Topic:[SOLVED] Single-Table Multitenancy and Cross-Tenant Access
Goto Forum:
  


Current Time: Wed Nov 22 05:52:34 GMT 2017

Powered by FUDForum. Page generated in 0.02115 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software