mail problems, maybe this try will work
Begin forwarded message:
From: David Jencks <[EMAIL PROTECTED]>
Date: Mon Jan 27, 2003 7:15:08 PM US/Eastern
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-dev] Oracle specific jca adapter
On Monday, January 27, 2003, at 04:46 PM, Sonnek, Ryan wrote:
david,
do you have any ideas on how i could implement this scenerio?
yes.
First, the login module doesn't need to be part of the adapter: you
can use the CallerIdentity module at least for development and > testing.
I'm a little hampered by not knowing anything about what Oracle
actually needs you to do, so some of this is guesswork:-)
1. If all the connections should be "initially" logged in as a
particular user, say the default user specified in the oracle-ds.xml,
change the code in XAManagedConnectionFactory.createManagedConnection
to use this user/pw instead of looking around in the subject/cri. If
this doesn't matter, don't make this change.
2. Subclass BaseWrapperManagedConnection and implement
getConnection(subject, cri) to extract the user/pw from the props
generated from the subject and cri and call the oracle stuff using
this security info. Actually you should save this user/pw in the
ManagedConnection instance and only call the Oracle stuff when it
changes. You probably also want to make sure there are no connection
handles attached before you do this:-) (handles.isEmpty())
3. You probably also need to override ManagedConnectionFactory
matchManagedConnections to call these Oracle methods with the user/pw
from the props from the subject/cri. Make sure you save this info so
the oracle methods arent called twice. This is in case jboss will try
to associate a prexisting connection handle with this managed
connection: the associate method doesn't bring in any security info.
AFAIK, thats all folks. Ask if you have any questions. If you do,
maybe including more info about what oracle needs would help me see
the problems.
thanks
david jencks
Ryan
-----Original Message-----
From: Sonnek, Ryan [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 20, 2003 10:21 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [JBoss-dev] Oracle specific jca adapter
thank you for all of your help david.
i spent some time this weekend looking through the jca code in
jboss-all and
jboss-head, and i must admit i'm a bit overwhelmed. =) there's a
lot more
there than i expected. i was thinking it would be a simple extension
of
some base class and then resolving that class in the oracle-ds.xml,
but i'm
not so sure that's how it works now.
i was hoping to be able and use the CallerIdentityLoginModule in
order to
have the user log in through JAAS (hopefully an ldap server), and
then when
getConnection() is called, extract that principal and call the stored
procedure with that user name. the slightly misleading piece to this
is
that the actual connection to the database is still made as a generic
accout
specific in the oracle-ds.xml.
here's the sequence of events that i'm trying to create (as i
understand
it).
1. user logs into JAAS login module to set principal (ldap in my
case).
2. user queries database and BMP object calls getConnection().
3. datasource is configured to connect to database as a specific
account
(using config-properties in the oracle-ds.xml)
4. before returning the connection to the BMP object,
the following code needs to be executed:
String sql = "BEGIN contexts.set_username( ? ) ; END ;";
stmt = connection.prepareCall(sql) ;
stmt.setString(1, the_logged_in_username);
stmt.execute();
return connection;
if possible to use the CallerIdentityLoginModule, where can i
intercept the
getConnection() call and run this statement before returning the
connection
to the caller. if i have misunderstood how the JBossCX module
operates,
please feel free to clarify.
thank you again.
Ryan
-----Original Message-----
From: David Jencks [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 17, 2003 5:50 PM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-dev] Oracle specific jca adapter
I would imagine this would need to be called whenever the user
changes.
This can be detected when getConnection is called on
ManagedConnection. I'd check to see if the user has actually changed.
If you implement this you should change the pooling parameter
"Criteria" to "ByNothing" for this adapter because this basically
means Oracle is supporting reauthentication.
To actually use this feature you will need to do application managed
security (bad idea IMO) (i.e. calling datasource.getConnection(user,
pw)) or use a login module that supplies more than one Subject such as
the CallerIdentityLoginModule.
Good luck! I'll be mostly offline till monday or tuesday when I can
probably answer more questions.
david jencks
-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security
issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development