Java tutorial
/** * OpenKM, Open Document Management System (http://www.openkm.com) * Copyright (c) 2006-2017 Paco Avila & Josep Llort * <p> * No bytes were intentionally harmed during the development of this application. * <p> * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * <p> * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * <p> * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ package com.openkm.servlet.admin; import com.openkm.bean.DbQueryGlobalResult; import com.openkm.core.Config; import com.openkm.core.DatabaseException; import com.openkm.dao.DatabaseMetadataDAO; import com.openkm.dao.HibernateUtil; import com.openkm.dao.LegacyDAO; import com.openkm.dao.bean.DatabaseMetadataType; import com.openkm.dao.bean.DatabaseMetadataValue; import com.openkm.util.DatabaseMetadataUtils; import com.openkm.util.FormatUtil; import com.openkm.util.UserActivity; import org.apache.commons.beanutils.BeanUtils; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.jdbc.Work; import org.hibernate.type.Type; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.lang.reflect.InvocationTargetException; import java.sql.*; import java.util.*; /** * Database query */ public class DatabaseQueryServlet extends BaseServlet { private static final long serialVersionUID = 1L; private static Logger log = LoggerFactory.getLogger(DatabaseQueryServlet.class); @Override public void service(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { String method = request.getMethod(); if (checkMultipleInstancesAccess(request, response)) { if (method.equals(METHOD_GET)) { doGet(request, response); } else if (method.equals(METHOD_POST)) { doPost(request, response); } } } @Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { log.debug("doGet({}, {})", request, response); request.setCharacterEncoding("UTF-8"); updateSessionManager(request); ServletContext sc = getServletContext(); Session session = null; try { session = HibernateUtil.getSessionFactory().openSession(); sc.setAttribute("qs", null); sc.setAttribute("type", null); sc.setAttribute("showSql", null); sc.setAttribute("exception", null); sc.setAttribute("globalResults", null); sc.setAttribute("tables", listTables(session)); sc.setAttribute("vtables", listVirtualTables()); sc.getRequestDispatcher("/admin/database_query.jsp").forward(request, response); } catch (Exception e) { sendError(sc, request, response, e); } finally { HibernateUtil.close(session); } } @Override @SuppressWarnings("unchecked") public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { log.debug("doPost({}, {})", request, response); request.setCharacterEncoding("UTF-8"); updateSessionManager(request); String user = request.getRemoteUser(); ServletContext sc = getServletContext(); Session session = null; try { if (ServletFileUpload.isMultipartContent(request)) { FileItemFactory factory = new DiskFileItemFactory(); ServletFileUpload upload = new ServletFileUpload(factory); List<FileItem> items = upload.parseRequest(request); boolean showSql = false; String vtable = ""; String type = ""; String qs = ""; byte[] data = null; for (Iterator<FileItem> it = items.iterator(); it.hasNext();) { FileItem item = it.next(); if (item.isFormField()) { if (item.getFieldName().equals("qs")) { qs = item.getString("UTF-8"); } else if (item.getFieldName().equals("type")) { type = item.getString("UTF-8"); } else if (item.getFieldName().equals("showSql")) { showSql = true; } else if (item.getFieldName().equals("vtables")) { vtable = item.getString("UTF-8"); } } else { data = item.get(); } } if (!qs.equals("") && !type.equals("")) { session = HibernateUtil.getSessionFactory().openSession(); sc.setAttribute("qs", qs); sc.setAttribute("type", type); if (type.equals("jdbc")) { executeJdbc(session, qs, sc, request, response); // Activity log UserActivity.log(user, "ADMIN_DATABASE_QUERY_JDBC", null, null, qs); } else if (type.equals("hibernate")) { executeHibernate(session, qs, showSql, sc, request, response); // Activity log UserActivity.log(user, "ADMIN_DATABASE_QUERY_HIBERNATE", null, null, qs); } else if (type.equals("metadata")) { sc.setAttribute("vtable", vtable); executeMetadata(session, qs, false, sc, request, response); // Activity log UserActivity.log(user, "ADMIN_DATABASE_QUERY_METADATA", null, null, qs); } } else if (data != null && data.length > 0) { sc.setAttribute("exception", null); session = HibernateUtil.getSessionFactory().openSession(); executeUpdate(session, data, sc, request, response); // Activity log UserActivity.log(user, "ADMIN_DATABASE_QUERY_FILE", null, null, new String(data)); } else { sc.setAttribute("qs", qs); sc.setAttribute("type", type); sc.setAttribute("showSql", showSql); sc.setAttribute("exception", null); sc.setAttribute("globalResults", new ArrayList<DbQueryGlobalResult>()); sc.getRequestDispatcher("/admin/database_query.jsp").forward(request, response); } } else { // Edit table cell value String action = request.getParameter("action"); String vtable = request.getParameter("vtable"); String column = request.getParameter("column"); String value = request.getParameter("value"); String id = request.getParameter("id"); if (action.equals("edit")) { int idx = column.indexOf('('); if (idx > 0) { column = column.substring(idx + 1, idx + 6); } String hql = "update DatabaseMetadataValue dmv set dmv." + column + "='" + value + "' where dmv.table='" + vtable + "' and dmv.id=" + id; log.info("HQL: {}", hql); session = HibernateUtil.getSessionFactory().openSession(); int rows = session.createQuery(hql).executeUpdate(); log.info("Rows affected: {}", rows); } } } catch (FileUploadException e) { sendError(sc, request, response, e); } catch (SQLException e) { sendError(sc, request, response, e); } catch (HibernateException e) { sendError(sc, request, response, e); } catch (DatabaseException e) { sendError(sc, request, response, e); } catch (IllegalAccessException e) { sendError(sc, request, response, e); } catch (InvocationTargetException e) { sendError(sc, request, response, e); } catch (NoSuchMethodException e) { sendError(sc, request, response, e); } finally { HibernateUtil.close(session); } } /** * Execute metadata query */ private void executeMetadata(Session session, String qs, boolean showSql, ServletContext sc, HttpServletRequest request, HttpServletResponse response) throws DatabaseException, ServletException, IOException, HibernateException, IllegalAccessException, InvocationTargetException, NoSuchMethodException { StringTokenizer st = new StringTokenizer(qs, "\n\r"); List<DbQueryGlobalResult> globalResults = new ArrayList<DbQueryGlobalResult>(); // For each query line while (st.hasMoreTokens()) { String mds = st.nextToken(); String[] parts = mds.split("\\|"); if (parts.length > 1) { String hql = null; if (parts[0].toUpperCase().equals("SENTENCE")) { if (parts.length > 2) { List<String> tables = Arrays.asList(parts[1].split(",")); hql = DatabaseMetadataUtils.replaceVirtual(tables, parts[2]); log.debug("Metadata SENTENCE: {}", hql); globalResults.add(executeHQL(session, hql, showSql, tables)); } } else if (parts[0].toUpperCase().equals("SELECT")) { if (parts.length > 2) { hql = DatabaseMetadataUtils.buildQuery(parts[1], parts[2]); } else { // Filter parameter is optional hql = DatabaseMetadataUtils.buildQuery(parts[1], null); } log.debug("Metadata SELECT: {}", hql); globalResults.add(executeHQL(session, hql, showSql, Arrays.asList(parts[1]))); } else if (parts[0].toUpperCase().equals("UPDATE")) { if (parts.length > 3) { hql = DatabaseMetadataUtils.buildUpdate(parts[1], parts[2], parts[3]); } else if (parts.length > 2) { // Filter parameter is optional hql = DatabaseMetadataUtils.buildUpdate(parts[1], parts[2], null); } else { // Filter parameter is optional hql = DatabaseMetadataUtils.buildUpdate(parts[1], null, null); } log.debug("Metadata UPDATE: {}", hql); globalResults.add(executeHQL(session, hql, showSql, Arrays.asList(parts[1]))); } else if (parts[0].toUpperCase().equals("DELETE")) { if (parts.length > 2) { hql = DatabaseMetadataUtils.buildDelete(parts[1], parts[2]); } else { // Filter parameter is optional hql = DatabaseMetadataUtils.buildDelete(parts[1], null); } log.debug("Metadata DELETE: {}", hql); globalResults.add(executeHQL(session, hql, showSql, Arrays.asList(parts[1]))); } else { throw new DatabaseException("Error in metadata action"); } } else { throw new DatabaseException("Error in metadata sentence parameters"); } } sc.setAttribute("exception", null); sc.setAttribute("showSql", showSql); sc.setAttribute("globalResults", globalResults); sc.getRequestDispatcher("/admin/database_query.jsp").forward(request, response); } /** * Execute Hibernate query */ private void executeHibernate(Session session, String qs, boolean showSql, ServletContext sc, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, HibernateException, DatabaseException, IllegalAccessException, InvocationTargetException, NoSuchMethodException { StringTokenizer st = new StringTokenizer(qs, "\n\r"); List<DbQueryGlobalResult> globalResults = new ArrayList<DbQueryGlobalResult>(); // For each query line while (st.hasMoreTokens()) { String tk = st.nextToken().trim(); if (tk.toUpperCase().startsWith("--") || tk.equals("") || tk.equals("\r")) { // Is a comment, so ignore it } else { if (tk.endsWith(";")) { tk = tk.substring(0, tk.length() - 1); } globalResults.add(executeHQL(session, tk, showSql, null)); } } sc.setAttribute("exception", null); sc.setAttribute("showSql", showSql); sc.setAttribute("globalResults", globalResults); sc.getRequestDispatcher("/admin/database_query.jsp").forward(request, response); } /** * Execute hibernate sentence */ @SuppressWarnings("unchecked") private DbQueryGlobalResult executeHQL(Session session, String hql, boolean showSql, List<String> vtables) throws HibernateException, DatabaseException, IllegalAccessException, InvocationTargetException, NoSuchMethodException { long begin = System.currentTimeMillis(); if (hql.toUpperCase().startsWith("SELECT") || hql.toUpperCase().startsWith("FROM")) { Query q = session.createQuery(hql); List<Object> ret = q.list(); List<String> columns = new ArrayList<String>(); List<String> vcolumns = new ArrayList<String>(); List<List<String>> results = new ArrayList<List<String>>(); Type[] rt = q.getReturnTypes(); int i = 0; if (vtables == null) { for (i = 0; i < rt.length; i++) { columns.add(rt[i].getName()); } } else { for (String vtable : vtables) { String query = "select dmt.virtualColumn, dmt.realColumn from DatabaseMetadataType dmt where dmt.table='" + vtable + "'"; List<Object> tmp = LegacyDAO.executeQuery(query); for (Object obj : tmp) { Object[] dt = (Object[]) obj; vcolumns.add(String.valueOf(dt[0])); columns.add(String.valueOf(dt[0]).concat(" (").concat(String.valueOf(dt[1])).concat(")")); } } } for (Iterator<Object> it = ret.iterator(); it.hasNext() && i++ < Config.MAX_SEARCH_RESULTS;) { List<String> row = new ArrayList<String>(); Object obj = it.next(); if (vtables == null) { if (obj instanceof Object[]) { Object[] ao = (Object[]) obj; for (int j = 0; j < ao.length; j++) { row.add(String.valueOf(ao[j])); } } else { row.add(String.valueOf(obj)); } } else { if (obj instanceof DatabaseMetadataValue) { DatabaseMetadataValue dmv = (DatabaseMetadataValue) obj; row.add(String.valueOf(dmv.getId())); for (String column : vcolumns) { row.add(DatabaseMetadataUtils.getString(dmv, column)); } } else if (obj instanceof Object[]) { for (Object objChild : (Object[]) obj) { if (objChild instanceof DatabaseMetadataValue) { DatabaseMetadataValue dmvChild = (DatabaseMetadataValue) objChild; List<DatabaseMetadataType> types = DatabaseMetadataDAO .findAllTypes(dmvChild.getTable()); for (DatabaseMetadataType emt : types) { for (String column : vcolumns) { if (emt.getVirtualColumn().equals(column)) { row.add(BeanUtils.getProperty(dmvChild, emt.getRealColumn())); } } } } else { row.add(String.valueOf(objChild)); } } } else { row.add("Query result should be instance of DatabaseMetadataValue"); } } results.add(row); } DbQueryGlobalResult gr = new DbQueryGlobalResult(); gr.setColumns(columns); gr.setResults(results); gr.setRows(null); gr.setSql(hql); gr.setExtra(showSql ? HibernateUtil.toSql(hql) : null); gr.setTime(System.currentTimeMillis() - begin); return gr; } else { DbQueryGlobalResult gr = new DbQueryGlobalResult(); int rows = session.createQuery(hql).executeUpdate(); gr.setColumns(null); gr.setResults(null); gr.setRows(rows); gr.setSql(hql); gr.setTime(System.currentTimeMillis() - begin); return gr; } } /** * Execute JDBC query */ private void executeJdbc(Session session, String qs, ServletContext sc, HttpServletRequest request, HttpServletResponse response) throws SQLException, ServletException, IOException { WorkerJdbc worker = new WorkerJdbc(); worker.setQueryString(qs); session.doWork(worker); sc.setAttribute("showSql", null); sc.setAttribute("exception", null); sc.setAttribute("globalResults", worker.getGlobalResults()); sc.getRequestDispatcher("/admin/database_query.jsp").forward(request, response); } /** * Import into database */ private void executeUpdate(Session session, byte[] data, ServletContext sc, HttpServletRequest request, HttpServletResponse response) throws SQLException, ServletException, IOException { log.debug("executeUpdate({}, {}, {})", new Object[] { session, request, response }); List<DbQueryGlobalResult> globalResults = new ArrayList<DbQueryGlobalResult>(); WorkerUpdate worker = new WorkerUpdate(); worker.setData(data); session.doWork(worker); DbQueryGlobalResult gr = new DbQueryGlobalResult(); gr.setColumns(null); gr.setResults(null); gr.setSql(null); gr.setRows(worker.getRows()); gr.setErrors(worker.getErrors()); globalResults.add(gr); sc.setAttribute("qs", null); sc.setAttribute("type", null); sc.setAttribute("showSql", null); sc.setAttribute("globalResults", globalResults); sc.getRequestDispatcher("/admin/database_query.jsp").forward(request, response); log.debug("executeUpdate: void"); } /** * List tables from database */ private List<String> listTables(Session session) { final List<String> tables = new ArrayList<String>(); final String[] tableTypes = { "TABLE" }; final String[] tablePatterns = new String[] { "JBPM_%", "OKM_%", "DEFAULT_%", "VERSION_%", "jbpm_%", "okm_%", "default_%", "version_%" }; session.doWork(new Work() { @Override public void execute(Connection con) throws SQLException { DatabaseMetaData md = con.getMetaData(); for (String table : tablePatterns) { ResultSet rs = md.getTables(null, null, table, tableTypes); while (rs.next()) { tables.add(rs.getString(3)); } rs.close(); } } }); return tables; } /** * List virtual tables from database */ private List<String> listVirtualTables() throws DatabaseException { String query = "select distinct(dmv.table) from DatabaseMetadataType dmv order by dmv.table"; List<Object> tmp = LegacyDAO.executeQuery(query); List<String> tables = new ArrayList<String>(); for (Object obj : tmp) { tables.add(String.valueOf(obj)); } return tables; } /** * Send error to be displayed inline */ protected void sendError(ServletContext sc, HttpServletRequest request, HttpServletResponse response, Exception e) throws ServletException, IOException { sc.setAttribute("exception", e); sc.setAttribute("globalResults", null); sc.getRequestDispatcher("/admin/database_query.jsp").forward(request, response); } /** * Hibernate worker helper */ public class WorkerJdbc implements Work { List<DbQueryGlobalResult> globalResults = new ArrayList<DbQueryGlobalResult>(); String qs = null; List<DbQueryGlobalResult> getGlobalResults() { return this.globalResults; } void setQueryString(String qs) { this.qs = qs; } @Override public void execute(Connection con) throws SQLException { Statement stmt = null; ResultSet rs = null; try { stmt = con.createStatement(); StringTokenizer st = new StringTokenizer(qs, "\n\r"); int ln = 0; // For each query line while (st.hasMoreTokens()) { String tk = st.nextToken().trim(); ln++; if (tk.toUpperCase().startsWith("--") || tk.equals("") || tk.equals("\r")) { // Is a comment, so ignore it } else { if (tk.endsWith(";")) { tk = tk.substring(0, tk.length() - 1); } try { long begin = System.currentTimeMillis(); if (tk.toUpperCase().startsWith("SELECT") || tk.toUpperCase().startsWith("DESCRIBE")) { rs = stmt.executeQuery(tk); ResultSetMetaData md = rs.getMetaData(); List<String> columns = new ArrayList<String>(); List<List<String>> results = new ArrayList<List<String>>(); for (int i = 1; i < md.getColumnCount() + 1; i++) { columns.add(md.getColumnName(i)); } for (int i = 0; rs.next() && i++ < Config.MAX_SEARCH_RESULTS;) { List<String> row = new ArrayList<String>(); for (int j = 1; j < md.getColumnCount() + 1; j++) { if (Types.BLOB == md.getColumnType(j)) { row.add("BLOB"); } else { if (rs.getString(j) != null) { row.add(FormatUtil.escapeHtml(rs.getString(j))); } else { row.add(rs.getString(j)); } } } results.add(row); } DbQueryGlobalResult gr = new DbQueryGlobalResult(); gr.setColumns(columns); gr.setResults(results); gr.setExtra(null); gr.setRows(null); gr.setSql(tk); gr.setTime(System.currentTimeMillis() - begin); globalResults.add(gr); } else { DbQueryGlobalResult gr = new DbQueryGlobalResult(); int rows = stmt.executeUpdate(tk); gr.setColumns(null); gr.setResults(null); gr.setExtra(null); gr.setRows(rows); gr.setSql(tk); gr.setTime(System.currentTimeMillis() - begin); globalResults.add(gr); } } catch (SQLException e) { DbQueryGlobalResult gr = new DbQueryGlobalResult(); List<HashMap<String, String>> errors = new ArrayList<HashMap<String, String>>(); HashMap<String, String> error = new HashMap<String, String>(); error.put("ln", Integer.toString(ln)); error.put("sql", tk); error.put("msg", e.getMessage()); errors.add(error); gr.setErrors(errors); gr.setRows(null); gr.setSql(null); gr.setExtra(null); gr.setColumns(null); gr.setResults(null); globalResults.add(gr); } } } } finally { LegacyDAO.close(rs); LegacyDAO.close(stmt); } } } /** * Hibernate worker helper */ public class WorkerUpdate implements Work { List<HashMap<String, String>> errors = new ArrayList<HashMap<String, String>>(); int rows = 0; byte[] data; List<HashMap<String, String>> getErrors() { return this.errors; } void setData(byte[] data) { this.data = data; } int getRows() { return this.rows; } @Override public void execute(Connection con) throws SQLException { Statement stmt = null; ResultSet rs = null; try { stmt = con.createStatement(); InputStreamReader is = new InputStreamReader(new ByteArrayInputStream(data)); BufferedReader br = new BufferedReader(is); String sql; int ln = 0; while ((sql = br.readLine()) != null) { String tk = sql.trim(); ln++; if (tk.toUpperCase().startsWith("--") || tk.equals("") || tk.equals("\r")) { // Is a comment, so ignore it } else { if (tk.endsWith(";")) { tk = tk.substring(0, tk.length() - 1); } try { rows += stmt.executeUpdate(tk); } catch (SQLException e) { HashMap<String, String> error = new HashMap<String, String>(); error.put("ln", Integer.toString(ln)); error.put("sql", tk); error.put("msg", e.getMessage()); errors.add(error); } } } } catch (IOException e) { throw new SQLException(e.getMessage(), e); } finally { LegacyDAO.close(rs); LegacyDAO.close(stmt); } } } }