JDBC Tutorials - Herong's Tutorial Examples - v3.12, by Dr. Herong Yang
Executing Stored Procedures without Permission
This section provides a test on executing stored procedures without enough permission.
To test what will happen if a Java application is trying to execute a stored procedure without enough permission, first I logged in to MySQL server with as "root", and created the following stored procedure:
herong> local\mysql\bin\mysql -u root mysql> USE HerongDB; Database changed mysql> DELIMITER '/'; mysql> -- Creating the stored procedure mysql> CREATE PROCEDURE Info(OUT User VARCHAR(80), -> OUT Catalog VARCHAR(80)) -> BEGIN -> SET User = USER(); -> SET Catalog = DATABASE(); -> END/ Query OK, 0 rows affected (0.00 sec) mysql> -- Testing the stored procedure mysql> CALL Info(@User, @Database)/ Query OK, 0 rows affected (0.00 sec) mysql> SELECT @User, @Database/ +----------------+-----------+ | @User | @Database | +----------------+-----------+ | root@localhost | herongdb | +----------------+-----------+ 1 row in set (0.00 sec)
Then I wrote the following program to run this stored procedure as user "Herong":
/* MySqlCallPermissionError.java * Copyright (c) HerongYang.com. All Rights Reserved. */ import java.sql.*; public class MySqlCallPermissionError { public static void main(String [] args) { Connection con = null; try { com.mysql.cj.jdbc.MysqlDataSource ds = new com.mysql.cj.jdbc.MysqlDataSource(); ds.setServerName("localhost"); ds.setPortNumber(3306); ds.setDatabaseName("HerongDB"); ds.setUser("Herong"); ds.setPassword("TopSecret"); con = ds.getConnection(); // Create CallableStatement CallableStatement cs = con.prepareCall("CALL Info(?,?)"); // Registering output parameters cs.registerOutParameter(1,java.sql.Types.VARCHAR); cs.registerOutParameter(2,java.sql.Types.VARCHAR); // Execute the call statement cs.executeUpdate(); // Retrieve output parameters System.out.println("User: "+cs.getString(1)); System.out.println("Database: "+cs.getString(2)); // Close resource cs.close(); con.close(); } catch (Exception e) { System.err.println("Exception: "+e.getMessage()); e.printStackTrace(); } } }
To my surprise, the above program executed correctly with JDBC driver 8.0 and MySQL Server 8.0:
herong> java -cp .:mysql-connector-java.jar \ MySqlCallPermissionError.java User: Herong@localhost Database: herongdb
I guess MySQL Server 8.0 has changed its default setting. On MySQL Server 5.5, since "Herong" does not have permission to run stored procedures created by "root" by default, I got the following error message:
herong> java -cp .:mysql-connector-java-5.1.36-bin.jar MySqlCallPermissionError Exception: User does not have access to metadata required to determine stored procedure parameter types. If rights can not be granted, configure connection with "noAccessToProcedureBodies=true" to have driver generate parameters that represent INOUT strings irregardless of actual parameter types. ... at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:998) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:937) ... at MySqlCallPermissionError.main(MySqlCallPermissionError.java:19)
Table of Contents
JDBC (Java Database Connectivity) Introduction
Installing and Running Java DB - Derby
Derby (Java DB) JDBC DataSource Objects
Java DB (Derby) - DML Statements
Java DB (Derby) - ResultSet Objects of Queries
Java DB (Derby) - PreparedStatement
MySQL JDBC Driver (MySQL Connector/J)
MySQL - Reference Implementation of JdbcRowSet
►MySQL - JBDC CallableStatement
Overview of CallableStatement Objects
"CREATE PROCEDURE" - Creating a Simple Procedure
Creating Procedures with IN and OUT Parameters
Creating Procedures with INOUT Parameters
Creating Procedures with Multiple Queries
Creating CallableStatement Objects with prepareCall()
Capturing ResultSet with executeQuery()
Creating CallableStatement Objects with Parameters
Common Errors with CallableStatement Parameters
Creating CallableStatement Objects with INOUT Parameters
Retrieving Multiple ResultSet Objects
►Executing Stored Procedures without Permission
getProcedures() - Listing Stored Procedures
MySQL CLOB (Character Large Object) - TEXT
MySQL BLOB (Binary Large Object) - BLOB
Oracle Express Edition Installation on Windows
Oracle - Reference Implementation of JdbcRowSet
Oracle - JBDC CallableStatement
Oracle CLOB (Character Large Object) - TEXT
Oracle BLOB (Binary Large Object) - BLOB
Microsoft SQL Server Express Edition
Microsoft JDBC Driver for SQL Server
Microsoft JDBC Driver - Query Statements and Result Sets
Microsoft JDBC Driver - DatabaseMetaData Object
Microsoft JDBC Driver - DDL Statements
Microsoft JDBC Driver - DML Statements
SQL Server - PreparedStatement
SQL Server CLOB (Character Large Object) - TEXT
SQL Server BLOB (Binary Large Object) - BLOB
JDBC-ODBC Bridge Driver - sun.jdbc.odbc.JdbcOdbcDriver
JDBC-ODBC Bridge Driver - Flat Text Files
JDBC-ODBC Bridge Driver - MS Access
JDBC-ODBC Bridge Driver - MS SQL Server
Summary of JDBC Drivers and Database Servers