bug #7105
openpotential dangerous use of factory.openSession()
50%
Description
in the cdmlib factory.openSession()
is being used in three places.
./cdmlib-model/src/test/java/eu/etaxonomy/cdm/model/DatabaseInitialiser.java: this is OK!!!- ./cdmlib-services/src/main/java/eu/etaxonomy/cdm/api/application/CdmRepository.java : Problematic! #7106
- ./cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/dao/hibernate/common/DaoBase.java : Problematic! #8169
the usage of factory.openSession()
in CdmRepository and DaoBase seem unnecessary and can potentially be dangerous since sessions should generally be managed through the HibernateTransactionManger only. factory.openSession() should only be uses in dedicated special cases, therefore the current implementation of getSession()
in these classes seems as a error prone convenience hack:
In DaoBase and CdmRepository this occures in:
protected Session getSession(){
Session session ;
try {
session = factory.getCurrentSession();
} catch (HibernateException e) {
session = factory.openSession();
}
return session;
}
In CdmRepository using factory.openSession()
is plain wrong, the HibernateTransactionManger should be used instead.
Instead of catching the HibernateException
, the method should return null or throw the exception so that the caller needs to handle this case.
especially the usage in DaoBase
is critical since this method is called from many places. Usually this is not a problem as log as the dao methods are called from a service method which are wrapped in a transactional context:
eu.etaxonomy.cdm.persistence.dao.hibernate.common.DaoBase.getSession() eu.etaxonomy.cdm.persistence.dao.hibernate.common.PreferenceDaoImpl.count() eu.etaxonomy.cdm.persistence.dao.hibernate.description.IdentificationKeyDaoImpl.count() eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.count() eu.etaxonomy.cdm.persistence.dao.hibernate.description.IdentificationKeyDaoImpl.countByTaxonomicScope(UUID, Class<T>) eu.etaxonomy.cdm.persistence.dao.hibernate.statistics.StatisticsDaoHibernateImpl.countNomenclaturalReferences() eu.etaxonomy.cdm.persistence.dao.hibernate.statistics.StatisticsDaoHibernateImpl.countTaxaInClassification(Class<? extends TaxonBase>, Classification) eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.exists(UUID) eu.etaxonomy.cdm.persistence.dao.hibernate.common.PreferenceDaoImpl.find(TaxonNode, String) eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.findByDate(DateTime) eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.findById(Integer) eu.etaxonomy.cdm.persistence.dao.hibernate.description.IdentificationKeyDaoImpl.findByTaxonomicScope(UUID, Class<T>, Integer, Integer, List<String>) eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.findByUuid(UUID) eu.etaxonomy.cdm.persistence.dao.hibernate.common.DaoBase.flush() eu.etaxonomy.cdm.persistence.dao.hibernate.common.PreferenceDaoImpl.get(PrefKey) eu.etaxonomy.cdm.persistence.dao.hibernate.statistics.StatisticsDaoHibernateImpl.getAllChildNodeIds(UUID) eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.getAuditReader() eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.getNextAuditEvent(AuditEvent) eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.getPreviousAuditEvent(AuditEvent) eu.etaxonomy.cdm.persistence.dao.hibernate.common.CdmEntityDaoBase.getSession() eu.etaxonomy.cdm.persistence.dao.hibernate.common.PreferenceDaoImpl.list() eu.etaxonomy.cdm.persistence.dao.hibernate.view.AuditEventDao.list(Integer, Integer, AuditEventSort) eu.etaxonomy.cdm.persistence.dao.hibernate.description.IdentificationKeyDaoImpl.list(Integer, Integer, List<String>) eu.etaxonomy.cdm.persistence.dao.hibernate.statistics.StatisticsDaoHibernateImpl.processQueries(List<String>, Map<String, Object>) eu.etaxonomy.cdm.persistence.dao.hibernate.statistics.StatisticsDaoHibernateImpl.processQueriesWithIdDistinctListResult(List<String>, Map<String, Object>) eu.etaxonomy.cdm.persistence.dao.hibernate.common.PreferenceDaoImpl.set(CdmPreference)
Updated by Andreas Müller about 6 years ago
- Target version changed from Unassigned CDM tickets to Release 4.14
Updated by Andreas Müller about 6 years ago
Strange, I can't change priority in this ticket. AK, can you change it to highest?
Updated by Andreas Müller about 6 years ago
- Target version changed from Release 4.14 to Release 5.0
Updated by Andreas Müller almost 6 years ago
- Target version changed from Release 5.0 to Release 5.1
Updated by Andreas Müller almost 6 years ago
- Target version changed from Release 5.1 to Release 5.2
Updated by Andreas Müller over 5 years ago
- Target version changed from Release 5.2 to Release 5.3
Updated by Andreas Müller over 5 years ago
- Target version changed from Release 5.3 to Release 5.4
Updated by Andreas Müller over 5 years ago
- Target version changed from Release 5.4 to Release 5.5
Updated by Andreas Müller about 5 years ago
- Target version changed from Release 5.5 to Release 5.6
Updated by Andreas Müller about 5 years ago
- Target version changed from Release 5.6 to Reviewed Next Major Release