Java tutorial
/* Copyright (C) 2015, University of Kansas Center for Research * * Specify Software Project, specify@ku.edu, Biodiversity Institute, * 1345 Jayhawk Boulevard, Lawrence, Kansas, 66045, USA * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ package edu.ku.brc.af.core.expresssearch; import static org.apache.commons.lang.StringUtils.contains; import static org.apache.commons.lang.StringUtils.isNotEmpty; import java.security.AccessController; import edu.ku.brc.af.core.db.DBTableInfo; /** * This is a singleton factory for adjusting the SQL before it is executed by the Express Search. * * This class enables the definitions of the SQl for ES to have undefined values that can be filled in * right before it's execution. This enables them to be user dependent queries and a user ID can be inserted. * * @code_status Beta * * @author rods * */ public class QueryAdjusterForDomain { public static final String factoryName = "edu.ku.brc.af.core.ExpressSearchSQLAdjuster"; //$NON-NLS-1$ //private static final Logger log = Logger.getLogger(ExpressSearchSQLAdjuster.class); protected static QueryAdjusterForDomain instance = null; /** * Protected Constructor */ protected QueryAdjusterForDomain() { // no-op } /** * Returns the instance to the singleton * @return the instance to the singleton */ public static QueryAdjusterForDomain getInstance() { if (instance != null) { return instance; } // else String factoryNameStr = AccessController.doPrivileged(new java.security.PrivilegedAction<String>() { public String run() { return System.getProperty(factoryName); } }); if (isNotEmpty(factoryNameStr)) { try { return instance = (QueryAdjusterForDomain) Class.forName(factoryNameStr).newInstance(); } catch (Exception e) { edu.ku.brc.af.core.UsageTracker.incrHandledUsageCount(); edu.ku.brc.exceptions.ExceptionTracker.getInstance().capture(QueryAdjusterForDomain.class, e); InternalError error = new InternalError( "Can't instantiate ExpressSearchSQLAdjuster factory " + factoryNameStr); //$NON-NLS-1$ error.initCause(e); throw error; } } // if not factory than pass an instance of this in // and this does nothing to the SQL. return instance = new QueryAdjusterForDomain(); } /** * Provides an opportunity for the SQL to get adjusted before it is executed. * @param sql the incoming sql * @return the adjusted SQL. */ public String adjustSQL(final String sql) { return sql; } /** * Returns any special columns that must be compared against for this table. * @param tableInfo the table in question * @param isHQL whether to generate HQL or SQL * @return null or a string */ public String getSpecialColumns(final DBTableInfo tableInfo, final boolean isHQL) { return getSpecialColumns(tableInfo, isHQL, false, null); } /** * @param tableInfo * @param isHQL * @param tblAlias * @param isLeftJoin * @return */ public String getSpecialColumns(final DBTableInfo tableInfo, final boolean isHQL, final boolean isLeftJoin, final String tblAlias) { return null; } /** * @param tableInfo * @param isHQL * @param alias * @param useLeftJoin * @return */ public String getJoinClause(final DBTableInfo tableInfo, final boolean isHQL, final String alias, final boolean useLeftJoin) { return null; } /** * Checks to make sure the user isn't trying to type in some SQL * to get at some tables they shouldn't. * * @param userInputStr user entered string * @return true is ok, false if problematic */ public boolean isUserInputNotInjectable(final String userInputStr) { if (isNotEmpty(userInputStr)) { String uiStr = userInputStr.toLowerCase(); if (contains(uiStr, ";") || //$NON-NLS-1$ contains(uiStr, " from ") || //$NON-NLS-1$ contains(uiStr, "select ") || //$NON-NLS-1$ contains(uiStr, "update ") || //$NON-NLS-1$ contains(uiStr, "delete ") || //$NON-NLS-1$ (contains(uiStr, "drop ") && contains(uiStr, "table"))) //$NON-NLS-1$ //$NON-NLS-2$ { return false; } } return true; } /** * Provides an opportunity for the SQL to get adjusted before it is executed. * @param tableAbbrev some queries may have multiple CollectionMembers. This is used as * a tablePrefix (i.e. col.CollectionMemberID * @param sql the incoming sql * @param isHQL whether the query is HQL and it should use the field name instead of the Column name * @return the adjusted SQL. */ /*public String adjustSQL(final String tablePrefix, final String sql, final boolean isHQL) { return sql; }*/ }