Re: [JBoss-user] RE: (JBoss-user) RE: (JBoss-user) Oracle Authentication

[Toby Allsopp]

Greg Parker wrote:

 Sorry, I didn't intend to sound like such a dork.

:-) Happens to us all at some point.

 Here is what I was getting at
 In a previous note you suggested two approaches:
 
 - have a separate connection pool for each user
   Depending on the number of users you have, it might be sufficient to
   set up the pools in jboss.jcml, or you might want to do it programmatically
   using JMX at runtime.
 
 We will potentially have 150 to 200 users to start with. Would this be an
 acceptable approach? And if so, how do I configure jboss.jcml to handle this.

Probably not. You could have some way of generating your jboss.jcml from
a list of users, but that seems kind of horrible. I think you probably
want to stay away from this.

You should be able to create pools at runtime using JMX. You could write
an MBean that reads in a list of users and passwords and creates a
connection pool for each.

 - don't use connection pools, i.e. create a new JDBC connection every time
 
 Doesn't this defeat some of the purpose behind using EJB's and jboss?

Yes, you probably want to stay away from this as well.

Probably (I use that word a lot) the best solution is one of:

- fix the Minerva JDBC connection pools to take into account the
  username/password when giving out connections (see the conversation
  with Guy about this)

- use the JCA-based JDBC connection pools. This is inconvenient because
  you need to manually deploy the resource adapter at the moment (you
  could write an MBean to do this for you at startup.)

Toby.


___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

[JBoss-user] RE: (JBoss-user) Oracle Authentication

[Greg Parker]

Thank you for your assistance.
I want to make sure I understand the implications of this.
If going I'm to establish my own connection string within the bean, this implies
that I will be writing my own SQL code to go with it. Does this imply I can not
implement CMP, only BMP or Session beans?

Thank you,
Greg Parker


 -Original Message-
From:  [EMAIL PROTECTED] at Internet
Sent: Friday, April 06, 2001 5:46 PM
To: [EMAIL PROTECTED] at Internet
Subject: RE: [JBoss-user] Oracle Authentication

  File: RFC822.TXT  Guy Rouillier wrote:

 I think J2EE (and JBoss) handle this, though I may have found a bug in

You are quite right that the spec allows this. Apologies for the
misinformation.

The relevent section of the EJB2.0 spec that I have is 19.4.

 JBoss.  In jboss.jcml, when you create your connection pool, provide a URL
 but do not provide a userid or password.  The MBean will start up
 successfully.  In your bean code, use this form of connect statement:

Connection connection = ((DataSource)new
 InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse
 rid", "mypassword");

 Now your connection will use the credentials of the userid provided.  I've
 tried this and it seems to work

Now, JBoss's support of this is obtained from Minerva. Looking at the
code for XAPoolDataSource, we see:

/**
 * Gets a new connection from the pool.  If a new connection must be
 * created, it will use the specified user name and password.  If there is
 * a connection available in the pool, it will be used, regardless of the
 * user name and password use to created it initially.
 */
public Connection getConnection(String user, String password) throws
java.sql.SQLException {
if(!initialized) initialize();
factory.setUser(user);
factory.setPassword(password);
return ((XAConnection)pool.getObject()).getConnection();
}

So, Minerva does not do what you might expect, unless you are never
returning your connections to the pool.

This is superceded by the JCA stuff, which knows how to handle the case
of requesting connections on behalf of different principals.

Toby.


___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user


___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] RE: (JBoss-user) Oracle Authentication

[Guy Rouillier]

See the discussion Toby and I are having - probably not feasible for CMP
(though I haven't done enough with CMP to say authoritatively.)

- Original Message -
From: "Greg Parker" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 06, 2001 11:02 AM
Subject: [JBoss-user] RE: (JBoss-user) Oracle Authentication


 Thank you for your assistance.
 I want to make sure I understand the implications of this.
 If going I'm to establish my own connection string within the bean, this
implies
 that I will be writing my own SQL code to go with it. Does this imply I
can not
 implement CMP, only BMP or Session beans?

 Thank you,
 Greg Parker


  -Original Message-
 From:  [EMAIL PROTECTED] at Internet
 Sent: Friday, April 06, 2001 5:46 PM
 To: [EMAIL PROTECTED] at Internet
 Subject: RE: [JBoss-user] Oracle Authentication

   File: RFC822.TXT  Guy Rouillier wrote:

  I think J2EE (and JBoss) handle this, though I may have found a bug in

 You are quite right that the spec allows this. Apologies for the
 misinformation.

 The relevent section of the EJB2.0 spec that I have is 19.4.

  JBoss.  In jboss.jcml, when you create your connection pool, provide a
URL
  but do not provide a userid or password.  The MBean will start up
  successfully.  In your bean code, use this form of connect statement:
 
 Connection connection = ((DataSource)new
 
InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse
  rid", "mypassword");
 
  Now your connection will use the credentials of the userid provided.
I've
  tried this and it seems to work

 Now, JBoss's support of this is obtained from Minerva. Looking at the
 code for XAPoolDataSource, we see:

 /**
  * Gets a new connection from the pool.  If a new connection must be
  * created, it will use the specified user name and password.  If
there is
  * a connection available in the pool, it will be used, regardless of
the
  * user name and password use to created it initially.
  */
 public Connection getConnection(String user, String password) throws
 java.sql.SQLException {
 if(!initialized) initialize();
 factory.setUser(user);
 factory.setPassword(password);
 return ((XAConnection)pool.getObject()).getConnection();
 }

 So, Minerva does not do what you might expect, unless you are never
 returning your connections to the pool.

 This is superceded by the JCA stuff, which knows how to handle the case
 of requesting connections on behalf of different principals.

 Toby.


 ___
 JBoss-user mailing list
 [EMAIL PROTECTED]
 http://lists.sourceforge.net/lists/listinfo/jboss-user


 ___
 JBoss-user mailing list
 [EMAIL PROTECTED]
 http://lists.sourceforge.net/lists/listinfo/jboss-user



___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] Oracle Authentication

[Guy Rouillier]

Toby, I haven't taken the time to dig into the minerva code.  Realistically,
how far away are we from JCA?  It shouldn't take long to update minerva so
that it uses the userid to get a connection for that userid (I'm thinking of
a hash) - I could take a crack at that.  But if JCA is right around the
corner, then it may not be worth the effort.  Just curious - I see the
userid and password being passed on to the factory - are you sure the
pool.getObject()).getConnection() doesn't cause the factory to use the
userid and password?

I thought a  little more about my scenario.  Perhaps the reason if fails on
the first attempt is that it is using the connection already in the pool
(although, because I don't have a userid or password in the MBean, that
connection is pretty worthless.)  Then when the first call fails, perhaps
the connection is discarded, so that the second call through causes the
factory to generate a new connection with the userid and password given to
it, and everything works after that.

- Original Message -
From: "Toby Allsopp" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 06, 2001 1:46 AM
Subject: Re: [JBoss-user] Oracle Authentication


 Guy Rouillier wrote:

  I think J2EE (and JBoss) handle this, though I may have found a bug in

 You are quite right that the spec allows this. Apologies for the
 misinformation.

 The relevent section of the EJB2.0 spec that I have is 19.4.

  JBoss.  In jboss.jcml, when you create your connection pool, provide a
URL
  but do not provide a userid or password.  The MBean will start up
  successfully.  In your bean code, use this form of connect statement:
 
 Connection connection = ((DataSource)new
 
InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse
  rid", "mypassword");
 
  Now your connection will use the credentials of the userid provided.
I've
  tried this and it seems to work

 Now, JBoss's support of this is obtained from Minerva. Looking at the
 code for XAPoolDataSource, we see:

 /**
  * Gets a new connection from the pool.  If a new connection must be
  * created, it will use the specified user name and password.  If
there is
  * a connection available in the pool, it will be used, regardless of
the
  * user name and password use to created it initially.
  */
 public Connection getConnection(String user, String password) throws
java.sql.SQLException {
 if(!initialized) initialize();
 factory.setUser(user);
 factory.setPassword(password);
 return ((XAConnection)pool.getObject()).getConnection();
 }

 So, Minerva does not do what you might expect, unless you are never
 returning your connections to the pool.

 This is superceded by the JCA stuff, which knows how to handle the case
 of requesting connections on behalf of different principals.

 Toby.


 ___
 JBoss-user mailing list
 [EMAIL PROTECTED]
 http://lists.sourceforge.net/lists/listinfo/jboss-user



___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] RE: (JBoss-user) Oracle Authentication

[Toby Allsopp]

Greg Parker wrote:

 Thank you for your assistance.
 I want to make sure I understand the implications of this.
 If going I'm to establish my own connection string within the bean, this implies
 that I will be writing my own SQL code to go with it. Does this imply I can not
 implement CMP, only BMP or Session beans?

Well, yes... Writing your own SQL code means that, by defintion, you are
not using CMP.

If you want to have per-user connections with CMP then you will need to
implement a principal mapping for JBossCX as I mentioned before.

Toby.


___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] Oracle Authentication

[Toby Allsopp]

On Thu, Apr 05, 2001 at 05:07:24PM -0700, Greg Parker wrote:
 Hello All
 I'm newbie with JBOSS.
 I need users to be able to login and authenticate themselves as a user
 into our Oracle database. So that their session and connection to Oracle
 is with their own personal ID. It seems that when the JBOSS server
 starts, it connects to Oracle with whatever JDBCUser and password is
 specified in the jboss.jcml file. Therefore, if I have a trigger in my
 Oracle database which inserts a userid into a record, it inserts the
 JDBCUser that is specified in the jboss.jcml file. I need the trigger to
 recognize who the user is that has opened that connection and insert
 their userid not the JDBCUser.
 
 How do I connect and create as session to our Oracle database through
 jboss, using a personal ID and password?

Hi.

This is something that is not easy to do in the current version of J2EE.
You have a couple of options:

- have a separate connection pool for each user
  Depending on the number of users you have, it might be sufficient to
  set up the pools in jboss.jcml, or you might want to do it programmatically
  using JMX at runtime.

- don't use connection pools, i.e. create a new JDBC connection every time

In the future, the way to do this will be using the J2EE Connector
Architecture. You can probably do this using the current JCA support in
JBoss, but you'll need to write some code.

Look at org.jboss.resource.security.* in the jbosscx cvs module and it
should be apparent that you can write a OneToOnePrincipalMapping class
to do what you desire.

Let me know if you decide to do this and you want any help.

Toby.

___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] Oracle Authentication

[Guy Rouillier]

I think J2EE (and JBoss) handle this, though I may have found a bug in
JBoss.  In jboss.jcml, when you create your connection pool, provide a URL
but do not provide a userid or password.  The MBean will start up
successfully.  In your bean code, use this form of connect statement:

   Connection connection = ((DataSource)new
InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse
rid", "mypassword");

Now your connection will use the credentials of the userid provided.  I've
tried this and it seems to work

BUT...

I see some odd behavior.  If I define the MBean in jboss.jcml and include a
userid and password, i.e.

attribute name="JDBCUser"auserid/attribute
attribute name="Password"apassword/attribute

then everything works as expected.  However, if I define the MBean without
the above two entries, JBoss starts up fine and creates the connection pool.
I can deploy the EJB fine with no errors.  But when I run the code with the
above connection, I get an exception stating "table or view does not exist".
But if I then immediately rerun the client a second time, it succeeds.  So
there seems to be a bug in JBoss here.  It doesn't pick up the new
credentials until the second attempt.


- Original Message -
From: "Toby Allsopp" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 05, 2001 9:34 PM
Subject: Re: [JBoss-user] Oracle Authentication


 On Thu, Apr 05, 2001 at 05:07:24PM -0700, Greg Parker wrote:
  Hello All
  I'm newbie with JBOSS.
  I need users to be able to login and authenticate themselves as a user
  into our Oracle database. So that their session and connection to Oracle
  is with their own personal ID. It seems that when the JBOSS server
  starts, it connects to Oracle with whatever JDBCUser and password is
  specified in the jboss.jcml file. Therefore, if I have a trigger in my
  Oracle database which inserts a userid into a record, it inserts the
  JDBCUser that is specified in the jboss.jcml file. I need the trigger to
  recognize who the user is that has opened that connection and insert
  their userid not the JDBCUser.
 
  How do I connect and create as session to our Oracle database through
  jboss, using a personal ID and password?

 Hi.

 This is something that is not easy to do in the current version of J2EE.
 You have a couple of options:

 - have a separate connection pool for each user
   Depending on the number of users you have, it might be sufficient to
   set up the pools in jboss.jcml, or you might want to do it
programmatically
   using JMX at runtime.

 - don't use connection pools, i.e. create a new JDBC connection every time

 In the future, the way to do this will be using the J2EE Connector
 Architecture. You can probably do this using the current JCA support in
 JBoss, but you'll need to write some code.

 Look at org.jboss.resource.security.* in the jbosscx cvs module and it
 should be apparent that you can write a OneToOnePrincipalMapping class
 to do what you desire.

 Let me know if you decide to do this and you want any help.

 Toby.

 ___
 JBoss-user mailing list
 [EMAIL PROTECTED]
 http://lists.sourceforge.net/lists/listinfo/jboss-user



___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] Oracle Authentication

[Toby Allsopp]

Guy Rouillier wrote:

 I think J2EE (and JBoss) handle this, though I may have found a bug in

You are quite right that the spec allows this. Apologies for the
misinformation.

The relevent section of the EJB2.0 spec that I have is 19.4.

 JBoss.  In jboss.jcml, when you create your connection pool, provide a URL
 but do not provide a userid or password.  The MBean will start up
 successfully.  In your bean code, use this form of connect statement:
 
Connection connection = ((DataSource)new
 InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse
 rid", "mypassword");
 
 Now your connection will use the credentials of the userid provided.  I've
 tried this and it seems to work

Now, JBoss's support of this is obtained from Minerva. Looking at the
code for XAPoolDataSource, we see:

/**
 * Gets a new connection from the pool.  If a new connection must be
 * created, it will use the specified user name and password.  If there is
 * a connection available in the pool, it will be used, regardless of the
 * user name and password use to created it initially.
 */
public Connection getConnection(String user, String password) throws 
java.sql.SQLException {
if(!initialized) initialize();
factory.setUser(user);
factory.setPassword(password);
return ((XAConnection)pool.getObject()).getConnection();
}

So, Minerva does not do what you might expect, unless you are never
returning your connections to the pool.

This is superceded by the JCA stuff, which knows how to handle the case
of requesting connections on behalf of different principals.

Toby.


___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user