-
Task
-
Resolution: Fixed
-
L3 - Default
-
None
On DB2 10 z/os it is not possible to run the engine with authorization. The following exception is thrown when a authorization check is performed
|CON-LOG|15:22:40,900 ERROR [org.camunda.bpm.engine.context] (default task-1) ENGINE-16004 Exception while closing command context: ### Error querying database. Cause: com.ibm.db2.jcc.am.SqlSyntaxErrorException: THE DATA TYPE, LENGTH, OR VALUE OF ARGUMENT 2 OF BITAND IS INVALID. SQLCODE=-171, SQLSTATE=42815, DRIVER=4.15.113 ### The error may exist in org/camunda/bpm/engine/impl/mapping/entity/Authorization.xml ### The error may involve defaultParameterMap ### The error occurred while setting parameters ### SQL: SELECT CASE WHEN EXISTS (SELECT A.RESOURCE_ID_ FROM TRK_ACT_RU_AUTHORIZATION A WHERE A.TYPE_ = 1 AND A.USER_ID_ = ? AND BITAND(A.PERMS_,?) = ? ... ### Cause: com.ibm.db2.jcc.am.SqlSyntaxErrorException: THE DATA TYPE, LENGTH, OR VALUE OF ARGUMENT 2 OF BITAND IS INVALID. SQLCODE=-171, SQLSTATE=42815, DRIVER=4.15.113: org.apache.ibatis.exceptions.PersistenceException: ### Error querying database. Cause: com.ibm.db2.jcc.am.SqlSyntaxErrorException: THE DATA TYPE, LENGTH, OR VALUE OF ARGUMENT 2 OF BITAND IS INVALID. SQLCODE=-171, SQLSTATE=42815, DRIVER=4.15.113 ### The error may exist in org/camunda/bpm/engine/impl/mapping/entity/Authorization.xml ### The error may involve defaultParameterMap ### The error occurred while setting parameters ### SQL: SELECT CASE WHEN EXISTS (SELECT A.RESOURCE_ID_ FROM TRK_ACT_RU_AUTHORIZATION A WHERE A.TYPE_ = 1 AND A.USER_ID_ = ? AND BITAND(A.PERMS_,?) = ? ... ### Cause: com.ibm.db2.jcc.am.SqlSyntaxErrorException: THE DATA TYPE, LENGTH, OR VALUE OF ARGUMENT 2 OF BITAND IS INVALID. SQLCODE=-171, SQLSTATE=42815, DRIVER=4.15.113 at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:26) at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:111) at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:102) at org.camunda.bpm.engine.impl.db.sql.DbSqlSession.selectList(DbSqlSession.java:87) [camunda-engine-7.4.0-ee.jar:7.4.0-ee] at org.camunda.bpm.engine.impl.db.entitymanager.DbEntityManager.selectBoolean(DbEntityManager.java:185) [camunda-engine-7.4.0-ee.jar:7.4.0-ee] at org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager.isAuthorized(AuthorizationManager.java:248) [camunda-engine-7.4.0-ee.jar:7.4.0-ee] at org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager.isAuthorized(AuthorizationManager.java:240) [camunda-engine-7.4.0-ee.jar:7.4.0-ee] ...
A solution could be to make a CAST inside the BITAND function, so that the query looks like that:
SELECT A.resource_id_ FROM act_ru_authorization A WHERE A.type_ = 1 AND Bitand(A.perms_, CAST(? as INTEGER)) = ? ...
AT:
- implement the CAST inside the authorization check
- test it against the supported databases