aboutsummaryrefslogtreecommitdiffstats
path: root/ONAP-PAP-REST/src/main
diff options
context:
space:
mode:
authorTemoc Rodriguez <cr056n@att.com>2017-10-06 09:21:04 -0700
committerTemoc Rodriguez <cr056n@att.com>2017-10-06 09:25:37 -0700
commit4a4628d57bf3d11fda68e16f695139d512f75354 (patch)
tree21185fc6e0001df1d1c87e1c77a791d3d54afec9 /ONAP-PAP-REST/src/main
parent37c9c4d71d17981bf1d05b73d8363ffcbc2451bb (diff)
Fixed bug introduced by sql injeciton protection.
Added missing colon before the named parameters. Fixed a typo parameter name. Fixed bad cast by setParameter. This fixes issues encountered in the UI. Whenever a policy is moved, renamed, or deleted it makes a db call and that db call fails on setParameter method. This hibernate method is supposed to automatically detect the type of the object for the named parameters but it fails with type Long. It tries to convert to int and it fails. A check is now added for type Long. Issue-ID: POLICY-278 Change-Id: Idbb4067a5ec2cc9d9b040de9e574ba2564e1ee2c Signed-off-by: Temoc Rodriguez <cr056n@att.com>
Diffstat (limited to 'ONAP-PAP-REST/src/main')
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java7
1 files changed, 6 insertions, 1 deletions
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java
index 5d2b7f6c7..1766cb302 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java
@@ -242,7 +242,12 @@ public class CommonClassDaoImpl implements CommonClassDao{
try {
Query hbquery = session.createQuery(query);
for (Map.Entry<String, Object> paramPair : params.entrySet()) {
- hbquery.setParameter(paramPair.getKey(), paramPair.getValue());
+ if(paramPair.getValue() instanceof java.lang.Long){
+ hbquery.setLong(paramPair.getKey(), (long) paramPair.getValue());
+ }
+ else{
+ hbquery.setParameter(paramPair.getKey(), paramPair.getValue());
+ }
}
data = hbquery.list();
tx.commit();