-
Type:
Improvement
-
Status: Reopened
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Provenance:Refactorization
-
Issue discovered during:Another issue
-
Sprint:Issues to Consider for Plan, EJBCA Team Bob - 2020 w16
Currently, we build the SQL queries in ApprovalSessionBean by appending to a StringBuilder.
This is very error-prone. We should rewrite the code to use prepared statements instead.
This is a large refactoring. Each bullet point below is a class/method that requires a change.
Queries are done by:
- query (which takes a Query object, see below)
- queryByStatus
These methods then call
- queryInternal
- which then calls findByCustomQuery
The Query objects currently have a "getQueryString" method. We should add a new method "getPreparedStatement" in these classes:
- org.ejbca.util.query.Query
- BasicMatch
- ApprovalMatch
- TimeMatch
- UserMach
Since a prepared statement consists of two values
1. a query string with ? for values
2. a list of values
we can not simply use a string passing around this information, we need some kind of wrapper class.
As follow up tickets we should do the same for EndEntityAccessSessionBean.query(), the "AuthorizationString" methods in RAAuthorization etc.
- is related to
-
ECA-5333 Ability to search for approval requests by part of Subject DN / or e-mail
-
- Closed
-
