JDBC Query
Valve performing JDBC queries
Valve performing JDBC queries
Valve for performing database (RDBMS) queries using JDBC.
Supports any JDBC compatible statements (SELECT, INSERT, UPDATE, DELETE, etc.) and the use of query parameters.
Rows returned by the statement are added/merged to the current flows item set using a configurable identifier. Native JSON types are preserved other types are converted to strings.
If a statement just modifies rows in the DB (i.e. INSERT, UPDATE, DELETE) item set will not be modified.
If a statement does neither return or modify rows, valve will fail ("No data") unless "allow_no_data": true is set.
Before using this valve the module must be configured and deployed.
destination
JdbcClient instance to use.
"default"
query
The JDBC query/statement.
row_id
Name of column containing the row identifier. Value of this column is used as item id when rows are added/merged to item set.
"id"
query_params
Query parameters descriptor (See below)
allow_no_data
Flag for allowing no data queries. By default this valve fails if a query returns/affects no rows. Use this flag to turn off this behaviour.
false
Query parameters are represented as ? in the query:
SELECT * FROM users WHERE username=? AND type=?Before the query is executed each parameter is replaced with an actual value based on the query parameter descriptor.
The query parameter description can be either a simple string containing a comma separated list of parameters, an array of strings containing parameters or an array of parameter objects.
Elements of the descriptor must match the order and the number of parameters in the query.
When simple strings are used the parameters are assumed to be pipe input parameter names. Values are extracted from the request and added to the statement as is and in the order the params are defined.
"query_params" : "username""query_params" : ["id", "username", "created"]When parameter objects are used, parameters can be expanded and type converted. By default parameters are not expanded ("expand" : false) and uses the supplied type/no conversion ("type": "NONE").
Type conversion are used for non-native JSON types that are encoded into strings.
value
Parameter value. This could be the name of or path to a pipe request parameter containing the actual value or an expansion expression evaluating to the actual value. (Mandatory)
expand
Flag turning on property expansion on value. (Default: false)
type
(Default: "NONE")
Note: that expansion requires an expansion expression and that expansion always produces strings.
Examples below use the following table:
CREATE TABLE users (
id INT NOT NULL,
username VARCHAR(50) NOT NULL,
password VARCHAR(50) NOT NULL,
created TIMESTAMP WITH TIME ZONE NOT NULL,
PRIMARY KEY (id)
)Valve with statement to select a user from the users table.
{
"name" : "JdbcQuery",
"config" : {
"destination" : "default",
"query" : "SELECT * FROM users WHERE id=?",
"row_id" : "username",
"query_params" : [ {
"value" : "id",
"expand" : false
} ]
}
}Valve with statement to select all users created in a specific time interval.
Since JSON doesn't support instants, type conversion must be used to convert the instant string value to an actual Instant object (that can be converted to a JDBC TIMESTAMP by the JdbcClient).
{
"name" : "JdbcQuery",
"config" : {
"destination" : "default",
"query" : "SELECT * FROM users WHERE created BETWEEN ? AND ?",
"row_id" : "username",
"query_params" : [ {
"value" : "not_before",
"expand" : false,
"type" : "INSTANT"
}, {
"value" : "${now}",
"expand" : true,
"type" : "INSTANT"
} ]
}
}Valve with statement to authenticate a user using username and password.
This is an example of how to verify that a user exists and that the user password is correct in a single statement not returning the stored password (like the LDAP bind operation). If user doesn't exist or an incorrect password is used, statement will return an empty result which should be treated as an error by the pipe. If user exist and password is correct, one row/item is returned (success).
Example also demonstrates the use of expansion for query params.
To detect invalid username/password combinations allow_no_data must be turned on and pipe must validate item set (no row/item if incorrect username or password is supplied).
Never store passwords in clear text.
{
"name" : "JdbcQuery",
"config" : {
"destination" : "default",
"query" : "SELECT id,username,lastLogin FROM users WHERE username=? AND password=?",
"query_params" : [ {
"value" : "username",
"expand" : false
}, {
"value" : "${request.password}",
"expand" : true
} ],
"row_id": "username",
"allow_no_data" : true
}
}Valve with statement to insert a new user into the users table.
Never store passwords in clear text.
{
"name" : "JdbcQuery",
"config" : {
"destination" : "default",
"query" : "INSERT INTO users (id,username,password,created) VALUES (?,?,?,?)",
"query_params" : [ {
"value" : "id",
"expand" : false
}, {
"value" : "username",
"expand" : false
}, {
"value" : "password",
"expand" : false
}, {
"value" : "created",
"expand" : false,
"type" : "INSTANT"
} ]
}
}Valve with statement to update the password of a user in the users table.
Never store passwords in clear text.
{
"name" : "JdbcQuery",
"config" : {
"destination" : "default",
"query" : "UPDATE users SET password=? WHERE id=?",
"query_params" : [ {
"value" : "password",
"expand" : false
}, {
"value" : "id",
"expand" : false
} ]
}
}Since Instants are not natively supported in JSON they are handled as ISO 8601 date time strings. These strings cannot be handled by JDBC but need to be converted back to Instants that can be converted to JDBC TIMESTAMPs.
A missing or invalid query parameter type will cause the following pipe failure:
Pipe failure: JDBC query failed: data exception: invalid datetime formatType conversion from String to Instant only support ISO 8601 ("2011-12-03T10:15:30Z"). Other formats will cause the following pipe failure::
Pipe failure: Text '2022-08-10 09:05:19.285' could not be parsed at index 10