Closed Samialfakih closed 2 years ago
This is a security-relevant request. With that, we would give an attacker even more information about the internals of the database.
It can be done and I will make the detailed error message available:
try {
conn = appConfig.getConnection(urlCallInterface.dataSource);
JasperFillManager fillmanager = JasperFillManager.getInstance(ctx);
jasperPrint = fillmanager.fill(reportFile.reportFile.getPath(), reportParams, conn);
conn.close();
} catch (SQLException e) {
Utils.throwRuntimeException(e.getMessage());
} catch (JRException e) {
Utils.throwRuntimeException(e.getCause() + e.getMessage());
} finally {
DBUtils.closeQuietly(conn);
}
Using e.getCause()
I can display the sql error message, will help with troubleshooting the query.
In another test (when the column name has changed in the database), I will get the following error:
java.sql.SQLSyntaxErrorException: ORA-00904: "DEMO_VALUE2": invalid identifier
Not sure that we will actually need the full query for troubleshooting. This should already give you enough information.
In a future release, I will add a new switch like ORDS implements the debugging output in the browser. By default, it is disabled and you need to activate it deliberately for your development environment.
Would implement it as a new switch in the application.properties
file:
# Showing error messages on the webpage are disabled by default
printDebugToScreen=false
I can display the query as well ... but only, if debug is enabled.
Actually, the query is displayed. I want to disable this feature, as you said "we would give an attacker even more information about the internals of the database". @daust
Good to know ... but you didn't describe properly what you wanted ;)
Yes !! I didn't describe it properly, I dealt with it as security issue, but it can be useful for development environment.
As I understood, if I disable debug, the query won't be displayed. How can I disable it? @daust
Not yet implemented, is scheduled for the next release, 2.9.0. I guess I will implement the restricted mode (suppressing the error details) as a default. The errors will still be shown in the logfile on the server but not in the browser. Only, when you ENABLE debugging, it will be shown. This is the current plan.
That's good. Thank you.
In 2.9.0 ALL error messages will be SUPPRESSED by default. You can enable them for development systems, see #94 for details.
Type Exception Report
Message net.sf.jasperreports.engine.JRException: Error executing SQL statement for: #Report Name#.
Description The server encountered an unexpected condition that prevented it from fulfilling the request.
Exception
net.sf.jasperreports.engine.JRRuntimeException: net.sf.jasperreports.engine.JRException: Error executing SQL statement for: #Report Name#. net.sf.jasperreports.engine.fill.JRFillSubreport.prepare(JRFillSubreport.java:969) net.sf.jasperreports.engine.fill.JRFillElementContainer.prepareElements(JRFillElementContainer.java:542) net.sf.jasperreports.engine.fill.JRFillBand.fill(JRFillBand.java:453) net.sf.jasperreports.engine.fill.JRFillBand.fill(JRFillBand.java:428) net.sf.jasperreports.engine.fill.JRVerticalFiller.fillColumnBand(JRVerticalFiller.java:2602) net.sf.jasperreports.engine.fill.JRVerticalFiller.fillDetail(JRVerticalFiller.java:825) net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReportStart(JRVerticalFiller.java:266) net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReport(JRVerticalFiller.java:110) net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:621) net.sf.jasperreports.engine.fill.BaseReportFiller.fill(BaseReportFiller.java:414) net.sf.jasperreports.engine.fill.JRFiller.fill(JRFiller.java:120) net.sf.jasperreports.engine.JasperFillManager.fill(JasperFillManager.java:319) de.oc.integration.jasper.webapp.ReportWrapper.service(ReportWrapper.java:254) javax.servlet.http.HttpServlet.service(HttpServlet.java:733) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) Root Cause
net.sf.jasperreports.engine.JRException: Error executing SQL statement for: #Report Name#. net.sf.jasperreports.engine.query.JRJdbcQueryExecuter.createDatasource(JRJdbcQueryExecuter.java:357) net.sf.jasperreports.engine.fill.JRFillDataset.createQueryDatasource(JRFillDataset.java:1257) net.sf.jasperreports.engine.fill.JRFillDataset.initDatasource(JRFillDataset.java:726) net.sf.jasperreports.engine.fill.BaseReportFiller.setParameters(BaseReportFiller.java:457) net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:584) net.sf.jasperreports.engine.fill.BaseReportFiller.fill(BaseReportFiller.java:414) net.sf.jasperreports.engine.fill.JRFillSubreport.fillSubreport(JRFillSubreport.java:826) net.sf.jasperreports.engine.fill.JRSubreportRunnable.run(JRSubreportRunnable.java:61) net.sf.jasperreports.engine.fill.AbstractThreadSubreportRunner.run(AbstractThreadSubreportRunner.java:221) java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) java.lang.Thread.run(Unknown Source) Root Cause
java.sql.SQLSyntaxErrorException: ORA-00932: inconsistent datatypes: expected DATE got NUMBER
Root Cause
Error : 932, Position : 1811, Sql = #SQL Query Source Code#