So, I took a look, and I think I could do something like the CallerIdentityLoginModule adding a special connection from DriverManager to authenticate user over Oracle and get Roles. I'm going to try. Thanks alot for the support. I'll let ypu know how things will go on.
bye
Stefano
Il mar, 2003-02-04 alle 15:38, David Jencks ha scritto:
>> <snip> >> > Well, I'm working on modification of the source. There some hack (I > already tryied them and they work) to check the password and go on, but > I'm trying to understand I could do something better implementing on > JBoss the modified DES algorithm used by Oracle to make password check > in a cleaner form. > Just a doubt, if I use getConnection() not only in LoginModule, but > also > on my applications I log to Oracle with just one user, so in this > manner > I will have J2ee role in use, but I couldn't use the Oracle Roles on > package/stored procedure and table. Is it correct? Or Could I use > getConnection(user,pwd) in my Beans? I'm not sure I understand exactly what you are trying to do, so let's see if I can explain how it works. Basically there are 2 scenarios, Application managed security and Container managed security: Application. You call ds.getConnection(user, pw). Do NOT supply a JAAS LoginModule for the datasource deployment. Use ByApplication for the pooling criteria. Your application will have to keep track of who it is running as and request connections as that user. Container. You call ds.getConnection(). DO supply a JAAS LoginModule for the datasource deployment. This has to be a LoginModule that knows it is working with a ManagedConnectionFactory. We have examples for CallerIdentity and ConfiguredIdentity. These login modules supply a Subject with a PasswordCredential that includes a reference to the ManagedConnectionFactory created as part of the datasource deployment. Such a login module can use any algorithm it likes to determine the identity and credentials of the database user. In the examples, Configured Identity always supplies the same user/pw, and CallerIdentity uses the user/pw your application is running under. It's also possible to lookup the application user in some kind of map to determine the db user/pw, although no one has contributed such a login module yet. Use ByContainer for the pooling criteria unless you have figured out how to reauthenticate the Oracle connections (some people have been working on this recently) With the Container managed security, you may wish to get the security mapping information from the database. This will mean the LoginModule will need one or more "special" connections to the db to query for this information. You may want to get one such connection directly from DriverManager to avoid recursion -- the login module trying to get a connection for itself needing the login module to get a connection.... Alternatively you could get the connection from a separately configured datasource that does not need db info to determine the security. One other point. You can specify a default user/pw in the datasource configuration file. This provides essentially the same effect as using the ConfiguredIdentity login module, but it is much simpler. The main difference is which file the password is stored in. I hope this clarifies things a bit:-) I often find all the parts to keep track of confusing. thanks david jencks > > Thanks for the interest and your good code JBoss src is fun!! > > > --------------- all work and no play makes Jack a dull boy > --------------- > > bye Stefano > [EMAIL PROTECTED] > www.javalinux.it > MSN messanger: [EMAIL PROTECTED] > ICQ uin: 122192578 > Jabber: canezen > #jedit IRC channel as <maeste> > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Jboss-development mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-development > ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
|
--------------- all work and no play makes Jack a dull boy --------------- bye Stefano [EMAIL PROTECTED] |
