byzer-lang
byzer-lang copied to clipboard
Published
20 hours ago •
byzer-org
byzer-org
Give ET JDBC coarse-grained auth control
With the following code:
run command as JDBC.`mysql_instance._` where
`driver-statement-query`="show tables" and
sqlMode="query";
The Byzer-lang will throw exception like this if the auth mechanism is enabled:
class com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement cannot be cast to class com.alibaba.druid.sql.ast.statement.SQLSelectStatement (com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement and com.alibaba.druid.sql.ast.statement.SQLSelectStatement are in unnamed module of loader 'app')
java.lang.ClassCastException: class com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement cannot be cast to class com.alibaba.druid.sql.ast.statement.SQLSelectStatement (com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement and com.alibaba.druid.sql.ast.statement.SQLSelectStatement are in unnamed module of loader 'app')
tech.mlsql.sql.MLSQLSQLParser$.extractTableWithColumns(MLSQLSQLParser.scala:21)
streaming.dsl.mmlib.algs.SQLJDBC.$anonfun$auth$5(SQLJDBC.scala:160)
streaming.dsl.mmlib.algs.SQLJDBC.$anonfun$auth$5$adapted(SQLJDBC.scala:154)
scala.Option.map(Option.scala:230)
streaming.dsl.mmlib.algs.SQLJDBC.auth(SQLJDBC.scala:154)
tech.mlsql.dsl.adaptor.TrainAdaptor.parse(TrainAdaptor.scala:104)
streaming.dsl.ScriptSQLExecListener.execute$1(ScriptSQLExec.scala:408)
streaming.dsl.ScriptSQLExecListener.exitSql(ScriptSQLExec.scala:447)
streaming.dsl.parser.DSLSQLParser$SqlContext.exitRule(DSLSQLParser.java:296)
org.antlr.v4.runtime.tree.ParseTreeWalker.exitRule(ParseTreeWalker.java:47)
org.antlr.v4.runtime.tree.ParseTreeWalker.walk(ParseTreeWalker.java:30)
org.antlr.v4.runtime.tree.ParseTreeWalker.walk(ParseTreeWalker.java:28)
streaming.dsl.ScriptSQLExec$._parse(ScriptSQLExec.scala:160)
streaming.dsl.ScriptSQLExec$.parse(ScriptSQLExec.scala:147)
streaming.rest.RestController.$anonfun$script$1(RestController.scala:153)
tech.mlsql.job.JobManager$.run(JobManager.scala:74)
tech.mlsql.job.JobManager$$anon$1.run(JobManager.scala:91)
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
java.base/java.lang.Thread.run(Thread.java:832)
The reason is that we try to auth the driver-statement-query part , and in order to implement this, we introduce the druid to parse the SQL statement. This is a not good way. I think we only need to control if the user can use ET JDBC。 If the user have no right to use JDBC then throw auth exception.
