IDEMPIERE-455 Discover and fix FindBugs problems / Pattern SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE

This commit is contained in:
Carlos Ruiz 2012-12-10 15:11:21 -05:00
parent ad61a5e637
commit a3c1e9dc78
1 changed files with 15 additions and 23 deletions

View File

@ -1,8 +1,7 @@
package org.adempiere.webui; package org.adempiere.webui;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.List;
import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener; import javax.servlet.ServletContextListener;
@ -10,8 +9,10 @@ import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener; import javax.servlet.http.HttpSessionListener;
import org.adempiere.exceptions.AdempiereException;
import org.compiere.Adempiere; import org.compiere.Adempiere;
import org.compiere.model.MSession; import org.compiere.model.MSession;
import org.compiere.model.Query;
import org.compiere.model.ServerStateChangeEvent; import org.compiere.model.ServerStateChangeEvent;
import org.compiere.model.ServerStateChangeListener; import org.compiere.model.ServerStateChangeListener;
import org.compiere.util.DB; import org.compiere.util.DB;
@ -55,32 +56,23 @@ public class LoggedSessionListener implements HttpSessionListener, ServletContex
} }
String serverName = WebUtil.getServerName(); String serverName = WebUtil.getServerName();
String sql = "UPDATE AD_Session SET processed = 'Y' WHERE processed ='N' AND servername = '"+serverName+"'"; String sql = "UPDATE AD_Session SET Processed='Y' WHERE Processed='N' AND ServerName=?";
Statement stmt = DB.createStatement(); int no = DB.executeUpdate(sql, new Object[] {serverName}, false, null);
try{ if (no < 0) {
stmt.executeUpdate(sql); throw new AdempiereException("UpdateSession: Cannot Destroy All Session");
}catch (Exception e) {
System.out.println("UpdateSession: "+e);
} }
Adempiere.removeServerStateChangeListener(this); Adempiere.removeServerStateChangeListener(this);
} }
public void removeADSession(String sessionID, String serverName) { public void removeADSession(String sessionID, String serverName) {
StringBuilder sql = new StringBuilder("SELECT * FROM AD_Session WHERE websession = '"); String whereClause = "WebSession=? AND ServerName=? AND Processed='N'";
sql.append(sessionID) List<MSession> sessions = new Query(Env.getCtx(), MSession.Table_Name, whereClause, null)
.append("' AND servername = '") .setParameters(sessionID, serverName)
.append(serverName).append("' AND processed = 'N'"); .list();
Statement stmt = DB.createStatement(); for (MSession session : sessions) {
try{ session.setProcessed(true);
ResultSet rs = stmt.executeQuery(sql.toString()); session.saveEx();
if(rs.next()){
MSession mSession = new MSession(Env.getCtx(), rs, null);
mSession.setProcessed(true);
mSession.save();
}
}catch (Exception e) {
System.out.println("UpdateSession: "+e);
} }
} }