} catch(Throwable e) { \r
logger.error("Default accounts and permissions setup failed with exception(s): " + e.getLocalizedMessage(), e);\r
} \r
+ \r
+ /*\r
+ * This might be useful for something, but the reader grants are better handled in the ReportPostInitHandler.\r
+ try {\r
+ handlePostNuxeoInitDBTasks();\r
+ } catch(Throwable e) { \r
+ logger.error("handlePostNuxeoInitDBTasks failed with exception(s): " + e.getLocalizedMessage(), e);\r
+ }\r
+ */\r
}\r
\r
/**\r
// Get the template URL value from the JNDI datasource and substitute the databaseName\r
String nuxeoUser = tomcatDataSource.getUsername();\r
String nuxeoPW = tomcatDataSource.getPassword();\r
- // HACK - this should come from another DataSource\r
- tomcatDataSource =\r
- (org.apache.tomcat.dbcp.dbcp.BasicDataSource)nuxeoReaderDataSource;\r
- // Get the template URL value from the JNDI datasource and substitute the databaseName\r
- String readerUser = tomcatDataSource.getUsername();\r
- String readerPW = tomcatDataSource.getPassword();\r
+ // Get reader data source, if any\r
+ String readerUser = null;\r
+ String readerPW = null;\r
+ if(nuxeoReaderDataSource!= null) {\r
+ tomcatDataSource =\r
+ (org.apache.tomcat.dbcp.dbcp.BasicDataSource)nuxeoReaderDataSource;\r
+ // Get the template URL value from the JNDI datasource and substitute the databaseName\r
+ readerUser = tomcatDataSource.getUsername();\r
+ readerPW = tomcatDataSource.getPassword();\r
+ }\r
\r
//\r
// Set our AuthN's datasource to be the cspaceDataSource\r
} else {\r
// Create the user as needed\r
createUserIfNotExists(conn, dbType, nuxeoUser, nuxeoPW);\r
- createUserIfNotExists(conn, dbType, readerUser, readerPW);\r
+ if(readerUser!=null) {\r
+ createUserIfNotExists(conn, dbType, readerUser, readerPW);\r
+ }\r
// Create the database\r
createDatabaseWithRights(conn, dbType, dbName, nuxeoUser, nuxeoPW, readerUser, readerPW);\r
}\r
// Postgres does not need passwords.\r
String sql = "CREATE DATABASE "+dbName+" ENCODING 'UTF8' OWNER "+ownerName;\r
stmt.executeUpdate(sql);\r
- sql = "GRANT CONNECT ON DATABASE "+dbName+" TO "+readerName;\r
- stmt.executeUpdate(sql);\r
if (logger.isDebugEnabled()) {\r
logger.debug("Created db: '"+dbName+"' with owner: '"+ownerName+"'");\r
- logger.debug(" Granted connect rights on: '"+dbName+"' to reader: '"+readerName+"'");\r
+ }\r
+ if(readerName!= null) {\r
+ sql = "GRANT CONNECT ON DATABASE "+dbName+" TO "+readerName;\r
+ stmt.executeUpdate(sql);\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug(" Granted connect rights on: '"+dbName+"' to reader: '"+readerName+"'");\r
+ }\r
}\r
// Note that select rights for reader must be granted after Nuxeo startup.\r
} else if(dbType==DatabaseProductType.MYSQL) {\r
sql = "GRANT ALL PRIVILEGES ON "+dbName+".* TO '"+ownerName+"'@'localhost' IDENTIFIED BY '"\r
+ownerPW+"' WITH GRANT OPTION";\r
stmt.executeUpdate(sql);\r
- sql = "GRANT SELECT ON "+dbName+".* TO '"+readerName+"'@'localhost' IDENTIFIED BY '"\r
- +readerPW+"' WITH GRANT OPTION";\r
- stmt.executeUpdate(sql);\r
if (logger.isDebugEnabled()) {\r
logger.debug("Created db: '"+dbName+"' with owner: '"+ownerName+"'");\r
- logger.debug(" Granted SELECT rights on: '"+dbName+"' to reader: '"+readerName+"'");\r
+ }\r
+ if(readerName!= null) {\r
+ sql = "GRANT SELECT ON "+dbName+".* TO '"+readerName+"'@'localhost' IDENTIFIED BY '"\r
+ +readerPW+"' WITH GRANT OPTION";\r
+ stmt.executeUpdate(sql);\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug(" Granted SELECT rights on: '"+dbName+"' to reader: '"+readerName+"'");\r
+ }\r
}\r
} else {\r
throw new UnsupportedOperationException("createDatabaseWithRights only supports PSQL - MySQL NYI!");\r
\r
}\r
\r
+ /*\r
+ * This might be useful for something, but the reader grants are better handled in the ReportPostInitHandler.\r
+ private void handlePostNuxeoInitDBTasks() throws Exception {\r
+ Statement stmt = null;\r
+ Connection conn = null;\r
+ \r
+ try {\r
+ DataSource nuxeoMgrDataSource = JDBCTools.getDataSource(JDBCTools.NUXEO_MANAGER_DATASOURCE_NAME);\r
+ DataSource nuxeoReaderDataSource = JDBCTools.getDataSource(JDBCTools.NUXEO_READER_DATASOURCE_NAME);\r
+ \r
+ if(nuxeoReaderDataSource!=null) {\r
+ // We need to fetch the user name and password from the nuxeoDataSource, to do grants below\r
+ org.apache.tomcat.dbcp.dbcp.BasicDataSource tomcatDataSource =\r
+ (org.apache.tomcat.dbcp.dbcp.BasicDataSource)nuxeoReaderDataSource;\r
+ // Get the template URL value from the JNDI datasource and substitute the databaseName\r
+ String readerUser = tomcatDataSource.getUsername();\r
+ DatabaseProductType dbType = JDBCTools.getDatabaseProductType(\r
+ JDBCTools.CSPACE_DATASOURCE_NAME,\r
+ JDBCTools.DEFAULT_CSPACE_DATABASE_NAME); // only returns PG or MYSQL\r
+ \r
+ conn = nuxeoMgrDataSource.getConnection();\r
+ stmt = conn.createStatement();\r
+ if(dbType==DatabaseProductType.POSTGRESQL) {\r
+ // Note that select rights for reader must be granted after Nuxeo startup.\r
+ String sql = "GRANT SELECT ON ALL TABLES IN SCHEMA public TO "+readerUser;\r
+ stmt.executeUpdate(sql);\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug(" Granted SELECT rights on all public tables to reader: '"+readerUser+"'");\r
+ }\r
+ } else if(dbType==DatabaseProductType.MYSQL) {\r
+ } else {\r
+ throw new UnsupportedOperationException("handlePostNuxeoInitDBTasks only supports Postgres/MySQL.");\r
+ }\r
+ }\r
+ } catch(Exception e) {\r
+ logger.error("handlePostNuxeoInitDBTasks failed on exception: " + e.getLocalizedMessage());\r
+ throw e; // propagate\r
+ } finally { //close resources\r
+ try {\r
+ if(stmt!=null) {\r
+ stmt.close();\r
+ }\r
+ } catch(SQLException se) {\r
+ // nothing we can do\r
+ }\r
+ }\r
+\r
+ }\r
+ */\r
+ \r
private void setServerRootDir() {\r
serverRootDir = System.getProperty(SERVER_HOME_PROPERTY);\r
if (serverRootDir == null) {\r
projects / tmp / jakarta-migration.git / commitdiff