Iterating list and array by passing as a parameterClass in iBATIS sql map

December 14, 2011

A list/map can be passed as a parameterClass to an iBATIS sql map to iterate. A IN clause is the basic example of iteration over a list and create comma separated query. For example, if a list have 3 elements (10,20,30). It is passed as parameterClass in the query for a IN clause, the syntax is like following:

<select id="getAllScore" resultClass="score" parameterClass="java.util.List">
    SELECT * FROM score WHERE id IN
        <iterate open="(" close=")" conjunction=",">
            #value[]#
        </iterate>
</select>

You can define a list in the parameterClass. But what about a array? You cannot define array like int[] in the parameter class. Most surprising thing is, for an array you do not have to define a parameterClass in iBATIS. If nothing is defined as parameterClass then it is considered as Array.

If you want to iterate over an array with then the following code works fine. Every array elements will be printed in the code #[]#.

<select id="getAllScore" resultClass="score">
    SELECT * FROM score WHERE id IN
        <iterate open="(" close=")" conjunction=",">
            #[]#
        </iterate>
</select>

 

By: Md. Shahjalal

Leave a Comment » | iBATIS, Oracle | Tagged: , , , , | Permalink
Posted by Md. Shahjalal

Beginning Android 4 with Intellij IDEA: Unable to find a userdata.img file to copy into the AVD folder

November 17, 2011

Android 4 (API level-14) has changed it’s userdata.img file location. On other versions (upto andoid 3.2, api level 13), it was kept in location -/android-sdk-linux/platforms/android-(api level)/images/userdata.img. Intellij IDEA (up to 10.5.2) is not up to date with this current change. Therefore shows “Unable to find a ‘userdata.img’ file to copy into the AVD folder” when you will try to create a new “Android Virtual Device”.

Even the idea site is misleading to the solution of this problem. They ask to follow a solution from stack overflow site. But that is not a solution too.

Solution:From idea’s Run/Debug configuration click on browse besides “Prefer Android Virtual Device for deployment”. Then from “Select Android Virtual Device” screen click on Android SDK Manage Then from Android SDK Manager, click on Tools and choose Manage AVDs. Then from Android Virtual Device Manage Click New and create the AVD for version 4.

Now run the project for version 4. Hello World. :)

By: Md. Shahjalal

2 Comments | Android | Tagged: , , , , , | Permalink
Posted by Md. Shahjalal

Interesting behavior of JSP If tag for comparing Enum value

July 17, 2011

If anyone like to compare a Enum value with JSP if tag there is a little surprise for him. JSP if tag do not support to compare a enum value directly in the test condition. For example a java Enum Employee.


public enum Employee {
    PART_TIME,
    FULL_TIME;
}

Now if you want to compare the Enum value in jsp if tag directly like following,

<c:if test="${bean.employee == '<%=Employee.PART_TIME%>'}">
.........
</c:if>

JSP generates error. But if you assign the value to a variable and compare then this is allowed as following


<c:set var="partTime" value="<%=Employee.PART_TIME%>"/>
<c:if test="${bean.employee == partTime'}">
.........
</c:if>

By Md. Shahjalal

Leave a Comment » | Html, Java, JSP | Tagged: , , , | Permalink
Posted by Md. Shahjalal

Groovy and Grails Security: Denial of Service (DoS) Case 2

August 9, 2010

Denial of Service Case 2:

Scenario: For showing list of Clients with pagination (max 10 per page).
def list = {
if(!params.max) params.max = 10
[clientList: Client.list(params)]
}

Possible Attack: Changing the max value to 100000000 in the request

Result: Query result loads 100000000 client data and again occurs an out of memory error

Possible Solutions in Groovy and Grails:
def list = {
params.max = Math.min( params.max?.toInteger() ?: 0, 100)
[clientList: Client.list(params)]
}

at worst case it will load just 100 records.

Reference: The Definite Guide to Grails, 2nd Edition

1 Comment | Grails, Groovy, Security | Tagged: , , , , | Permalink
Posted by Md. Shahjalal

Groovy and Grails Security: Denial of Service (DoS) Case 1

August 9, 2010

Denial of Service:

Scenario: We have a client object with not null last name. A search query like following:
search = {
Client.findAll("from Client where lastName='"+ params.lastName +"'")
}

Possible Attack:
if param.lastName = ‘ or id > 0 send with request the query becomes:
search = {
Client.findAll("from Client where lastName='' or id > 0")
}

Result:
All the client from the database will be fetched and resulted out of memory error

Possible Solutions in Groovy and Grails:

search = {
Client.findAll("from Client where lastName= :lastName", [lastName: params.lastName)
}
or
search = {
Client.findAll("from Client where lastName= ?", [lastName: params.lastName)
}
or
Client.withCriteria {
eq('lastName', params.lastName)
}
or
Client.findAllByLastName(params.lastName)
Reference: Definite Guide to Grails, 2nd Edition

Leave a Comment » | Grails, Groovy, Security | Tagged: , , , | Permalink
Posted by Md. Shahjalal

« Previous Entries
Follow

Get every new post delivered to your Inbox.