How to intercept the Hibernate generated SQL?

views:

133

answers:

+4 Q:

How to intercept the Hibernate generated SQL?

For a security system which works as a big brother (like a watched mandatory access control), we have to intercept and handle all select statements hibernate is generating. We store the user, the timestamp and the sql select in a database to enable some profiling with other tools. The informations allow to determine what a user tried to look at. For the select statements the prepared properties are valuable. We need the complete SQL statement including all parameters.

Is there any listener or interceptor where we can join and handle all these things? The biggest outstanding problem so far is collecting of the statement parameters.

Thank you

You can use Interceptor.prepareSQL() (3.1+) to intercept the prepared statements.

I don't think you can get the actual parameters without going down in the abstraction layer. A possible solution would be to use a JDBC proxy driver (see P6Spy).

Hope that helps.

Samuel_xL 2010-08-04 07:16:06

Yeah, knowing this interface, where to get the bounded parameters? As far as i know there is no way to get the actual parameters.

codedevour 2010-08-04 07:22:23

To be precise, it's `Interceptor#onPrepareStatement(String sql)`. But this gives you access to the SQL string being prepared, not the *generated* query.

Pascal Thivent 2010-08-04 08:11:41

+3 A:

The actual parameter values happen to be made available (atleast to my knowledge), when the logging level of the org.hibernate package is set to DEBUG, and with the hibernate.show_sql property set. Use a JDBCAppender, if you want the logger output in the database itself.

Alternatively, you could take a look at the log4jdbc project, which claims the following:

In the logged output, for prepared statements, the bind arguments are automatically inserted into the SQL output. This greatly Improves readability and debugging for many cases.

If that is not suitable, you could investigate whether P6Spy can be used in your situation. On WebLogic Server, the equivalent functionality is achieved via the WebLogic JDBC Spy, which comes out of the box with the WebLogic JDBC drivers for certain databases. Both of these write to System.out and not to a database (unless I'm mistaken), so it might not be that useful.

Vineet Reynolds 2010-08-04 07:50:57

This works very well, i wrote my own appender to write the statements to the database.The only point standing in my way is how to get the corresponding user who fired this statement. This is nearly impossible to resolve. Any Ideas?

codedevour 2010-08-05 08:37:15

I'm not sure about this as I haven't tried this out. Basically, you need to map the User/Principal that is executing the SQL statement to the data this being logged. In SLF4J/log4j/logback, this is achieved by MDC - Mapped Diagnostic Context. Your pattern string will also need to be modified to accomodate the principal. The article on getting MDC to work in logback might help - http://logback.qos.ch/manual/mdc.html By the way, you wouldn't need MDC, if the appender pattern string can be modified to reflect the user (if this is a case of a missing format string).

Vineet Reynolds 2010-08-05 09:43:52

Thank you very much, i chose the log4jdbc project, as its the most active one, this worked out very well. Thanks again.

codedevour 2010-08-06 11:40:12

Glad to be of help :-)

Vineet Reynolds 2010-08-06 11:42:02

mkyong claims that the p6spy.jar will display the hibernate queries with parameter values. Probably you can try this

http://www.mkyong.com/hibernate/how-to-display-hibernate-sql-parameter-values-solution/

Naveen 2010-08-04 07:52:40

ansaurus

tags:

views:

answers:

How to intercept the Hibernate generated SQL?

related questions