Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: EJBCA 7.4.3
-
Component/s: None
-
Labels:
-
Provenance:Refactorization
-
Issue discovered during:Another issue
-
Sprint:EJBCA Team Bob - 2020 w16
Description
Currently, we build the SQL queries in ApprovalSessionBean by appending to a StringBuilder.
This is very error-prone. We should rewrite the code to use prepared statements instead.
This is a large refactoring. Each bullet point below is a class/method that requires a change.
Queries are done by:
- query (which takes a Query object, see below)
- queryByStatus
These methods then call
- queryInternal
- which then calls findByCustomQuery
The Query objects currently have a "getQueryString" method. We should add a new method "getPreparedStatement" in these classes:
- org.ejbca.util.query.Query
- BasicMatch
- ApprovalMatch
- TimeMatch
- UserMach
Since a prepared statement consists of two values
1. a query string with ? for values
2. a list of values
we can not simply use a string passing around this information, we need some kind of wrapper class.
As follow up tickets we should do the same for EndEntityAccessSessionBean.query(), the "AuthorizationString" methods in RAAuthorization etc.