Re: [JBoss-user] RE: (JBoss-user) RE: (JBoss-user) Oracle Authentication
Greg Parker wrote: Sorry, I didn't intend to sound like such a dork. :-) Happens to us all at some point. Here is what I was getting at In a previous note you suggested two approaches: - have a separate connection pool for each user Depending on the number of users you have, it might be sufficient to set up the pools in jboss.jcml, or you might want to do it programmatically using JMX at runtime. We will potentially have 150 to 200 users to start with. Would this be an acceptable approach? And if so, how do I configure jboss.jcml to handle this. Probably not. You could have some way of generating your jboss.jcml from a list of users, but that seems kind of horrible. I think you probably want to stay away from this. You should be able to create pools at runtime using JMX. You could write an MBean that reads in a list of users and passwords and creates a connection pool for each. - don't use connection pools, i.e. create a new JDBC connection every time Doesn't this defeat some of the purpose behind using EJB's and jboss? Yes, you probably want to stay away from this as well. Probably (I use that word a lot) the best solution is one of: - fix the Minerva JDBC connection pools to take into account the username/password when giving out connections (see the conversation with Guy about this) - use the JCA-based JDBC connection pools. This is inconvenient because you need to manually deploy the resource adapter at the moment (you could write an MBean to do this for you at startup.) Toby. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] RE: (JBoss-user) Oracle Authentication
Thank you for your assistance. I want to make sure I understand the implications of this. If going I'm to establish my own connection string within the bean, this implies that I will be writing my own SQL code to go with it. Does this imply I can not implement CMP, only BMP or Session beans? Thank you, Greg Parker -Original Message- From: [EMAIL PROTECTED] at Internet Sent: Friday, April 06, 2001 5:46 PM To: [EMAIL PROTECTED] at Internet Subject: RE: [JBoss-user] Oracle Authentication File: RFC822.TXT Guy Rouillier wrote: I think J2EE (and JBoss) handle this, though I may have found a bug in You are quite right that the spec allows this. Apologies for the misinformation. The relevent section of the EJB2.0 spec that I have is 19.4. JBoss. In jboss.jcml, when you create your connection pool, provide a URL but do not provide a userid or password. The MBean will start up successfully. In your bean code, use this form of connect statement: Connection connection = ((DataSource)new InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse rid", "mypassword"); Now your connection will use the credentials of the userid provided. I've tried this and it seems to work Now, JBoss's support of this is obtained from Minerva. Looking at the code for XAPoolDataSource, we see: /** * Gets a new connection from the pool. If a new connection must be * created, it will use the specified user name and password. If there is * a connection available in the pool, it will be used, regardless of the * user name and password use to created it initially. */ public Connection getConnection(String user, String password) throws java.sql.SQLException { if(!initialized) initialize(); factory.setUser(user); factory.setPassword(password); return ((XAConnection)pool.getObject()).getConnection(); } So, Minerva does not do what you might expect, unless you are never returning your connections to the pool. This is superceded by the JCA stuff, which knows how to handle the case of requesting connections on behalf of different principals. Toby. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] RE: (JBoss-user) Oracle Authentication
See the discussion Toby and I are having - probably not feasible for CMP (though I haven't done enough with CMP to say authoritatively.) - Original Message - From: "Greg Parker" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 06, 2001 11:02 AM Subject: [JBoss-user] RE: (JBoss-user) Oracle Authentication Thank you for your assistance. I want to make sure I understand the implications of this. If going I'm to establish my own connection string within the bean, this implies that I will be writing my own SQL code to go with it. Does this imply I can not implement CMP, only BMP or Session beans? Thank you, Greg Parker -Original Message- From: [EMAIL PROTECTED] at Internet Sent: Friday, April 06, 2001 5:46 PM To: [EMAIL PROTECTED] at Internet Subject: RE: [JBoss-user] Oracle Authentication File: RFC822.TXT Guy Rouillier wrote: I think J2EE (and JBoss) handle this, though I may have found a bug in You are quite right that the spec allows this. Apologies for the misinformation. The relevent section of the EJB2.0 spec that I have is 19.4. JBoss. In jboss.jcml, when you create your connection pool, provide a URL but do not provide a userid or password. The MBean will start up successfully. In your bean code, use this form of connect statement: Connection connection = ((DataSource)new InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse rid", "mypassword"); Now your connection will use the credentials of the userid provided. I've tried this and it seems to work Now, JBoss's support of this is obtained from Minerva. Looking at the code for XAPoolDataSource, we see: /** * Gets a new connection from the pool. If a new connection must be * created, it will use the specified user name and password. If there is * a connection available in the pool, it will be used, regardless of the * user name and password use to created it initially. */ public Connection getConnection(String user, String password) throws java.sql.SQLException { if(!initialized) initialize(); factory.setUser(user); factory.setPassword(password); return ((XAConnection)pool.getObject()).getConnection(); } So, Minerva does not do what you might expect, unless you are never returning your connections to the pool. This is superceded by the JCA stuff, which knows how to handle the case of requesting connections on behalf of different principals. Toby. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] Oracle Authentication
Toby, I haven't taken the time to dig into the minerva code. Realistically, how far away are we from JCA? It shouldn't take long to update minerva so that it uses the userid to get a connection for that userid (I'm thinking of a hash) - I could take a crack at that. But if JCA is right around the corner, then it may not be worth the effort. Just curious - I see the userid and password being passed on to the factory - are you sure the pool.getObject()).getConnection() doesn't cause the factory to use the userid and password? I thought a little more about my scenario. Perhaps the reason if fails on the first attempt is that it is using the connection already in the pool (although, because I don't have a userid or password in the MBean, that connection is pretty worthless.) Then when the first call fails, perhaps the connection is discarded, so that the second call through causes the factory to generate a new connection with the userid and password given to it, and everything works after that. - Original Message - From: "Toby Allsopp" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 06, 2001 1:46 AM Subject: Re: [JBoss-user] Oracle Authentication Guy Rouillier wrote: I think J2EE (and JBoss) handle this, though I may have found a bug in You are quite right that the spec allows this. Apologies for the misinformation. The relevent section of the EJB2.0 spec that I have is 19.4. JBoss. In jboss.jcml, when you create your connection pool, provide a URL but do not provide a userid or password. The MBean will start up successfully. In your bean code, use this form of connect statement: Connection connection = ((DataSource)new InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse rid", "mypassword"); Now your connection will use the credentials of the userid provided. I've tried this and it seems to work Now, JBoss's support of this is obtained from Minerva. Looking at the code for XAPoolDataSource, we see: /** * Gets a new connection from the pool. If a new connection must be * created, it will use the specified user name and password. If there is * a connection available in the pool, it will be used, regardless of the * user name and password use to created it initially. */ public Connection getConnection(String user, String password) throws java.sql.SQLException { if(!initialized) initialize(); factory.setUser(user); factory.setPassword(password); return ((XAConnection)pool.getObject()).getConnection(); } So, Minerva does not do what you might expect, unless you are never returning your connections to the pool. This is superceded by the JCA stuff, which knows how to handle the case of requesting connections on behalf of different principals. Toby. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] RE: (JBoss-user) Oracle Authentication
Greg Parker wrote: Thank you for your assistance. I want to make sure I understand the implications of this. If going I'm to establish my own connection string within the bean, this implies that I will be writing my own SQL code to go with it. Does this imply I can not implement CMP, only BMP or Session beans? Well, yes... Writing your own SQL code means that, by defintion, you are not using CMP. If you want to have per-user connections with CMP then you will need to implement a principal mapping for JBossCX as I mentioned before. Toby. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] Oracle Authentication
On Thu, Apr 05, 2001 at 05:07:24PM -0700, Greg Parker wrote: Hello All I'm newbie with JBOSS. I need users to be able to login and authenticate themselves as a user into our Oracle database. So that their session and connection to Oracle is with their own personal ID. It seems that when the JBOSS server starts, it connects to Oracle with whatever JDBCUser and password is specified in the jboss.jcml file. Therefore, if I have a trigger in my Oracle database which inserts a userid into a record, it inserts the JDBCUser that is specified in the jboss.jcml file. I need the trigger to recognize who the user is that has opened that connection and insert their userid not the JDBCUser. How do I connect and create as session to our Oracle database through jboss, using a personal ID and password? Hi. This is something that is not easy to do in the current version of J2EE. You have a couple of options: - have a separate connection pool for each user Depending on the number of users you have, it might be sufficient to set up the pools in jboss.jcml, or you might want to do it programmatically using JMX at runtime. - don't use connection pools, i.e. create a new JDBC connection every time In the future, the way to do this will be using the J2EE Connector Architecture. You can probably do this using the current JCA support in JBoss, but you'll need to write some code. Look at org.jboss.resource.security.* in the jbosscx cvs module and it should be apparent that you can write a OneToOnePrincipalMapping class to do what you desire. Let me know if you decide to do this and you want any help. Toby. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] Oracle Authentication
I think J2EE (and JBoss) handle this, though I may have found a bug in JBoss. In jboss.jcml, when you create your connection pool, provide a URL but do not provide a userid or password. The MBean will start up successfully. In your bean code, use this form of connect statement: Connection connection = ((DataSource)new InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse rid", "mypassword"); Now your connection will use the credentials of the userid provided. I've tried this and it seems to work BUT... I see some odd behavior. If I define the MBean in jboss.jcml and include a userid and password, i.e. attribute name="JDBCUser"auserid/attribute attribute name="Password"apassword/attribute then everything works as expected. However, if I define the MBean without the above two entries, JBoss starts up fine and creates the connection pool. I can deploy the EJB fine with no errors. But when I run the code with the above connection, I get an exception stating "table or view does not exist". But if I then immediately rerun the client a second time, it succeeds. So there seems to be a bug in JBoss here. It doesn't pick up the new credentials until the second attempt. - Original Message - From: "Toby Allsopp" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 05, 2001 9:34 PM Subject: Re: [JBoss-user] Oracle Authentication On Thu, Apr 05, 2001 at 05:07:24PM -0700, Greg Parker wrote: Hello All I'm newbie with JBOSS. I need users to be able to login and authenticate themselves as a user into our Oracle database. So that their session and connection to Oracle is with their own personal ID. It seems that when the JBOSS server starts, it connects to Oracle with whatever JDBCUser and password is specified in the jboss.jcml file. Therefore, if I have a trigger in my Oracle database which inserts a userid into a record, it inserts the JDBCUser that is specified in the jboss.jcml file. I need the trigger to recognize who the user is that has opened that connection and insert their userid not the JDBCUser. How do I connect and create as session to our Oracle database through jboss, using a personal ID and password? Hi. This is something that is not easy to do in the current version of J2EE. You have a couple of options: - have a separate connection pool for each user Depending on the number of users you have, it might be sufficient to set up the pools in jboss.jcml, or you might want to do it programmatically using JMX at runtime. - don't use connection pools, i.e. create a new JDBC connection every time In the future, the way to do this will be using the J2EE Connector Architecture. You can probably do this using the current JCA support in JBoss, but you'll need to write some code. Look at org.jboss.resource.security.* in the jbosscx cvs module and it should be apparent that you can write a OneToOnePrincipalMapping class to do what you desire. Let me know if you decide to do this and you want any help. Toby. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] Oracle Authentication
Guy Rouillier wrote: I think J2EE (and JBoss) handle this, though I may have found a bug in You are quite right that the spec allows this. Apologies for the misinformation. The relevent section of the EJB2.0 spec that I have is 19.4. JBoss. In jboss.jcml, when you create your connection pool, provide a URL but do not provide a userid or password. The MBean will start up successfully. In your bean code, use this form of connect statement: Connection connection = ((DataSource)new InitialContext().lookup("java:comp/env/jdbc/OracleDB")).getConnection("myuse rid", "mypassword"); Now your connection will use the credentials of the userid provided. I've tried this and it seems to work Now, JBoss's support of this is obtained from Minerva. Looking at the code for XAPoolDataSource, we see: /** * Gets a new connection from the pool. If a new connection must be * created, it will use the specified user name and password. If there is * a connection available in the pool, it will be used, regardless of the * user name and password use to created it initially. */ public Connection getConnection(String user, String password) throws java.sql.SQLException { if(!initialized) initialize(); factory.setUser(user); factory.setPassword(password); return ((XAConnection)pool.getObject()).getConnection(); } So, Minerva does not do what you might expect, unless you are never returning your connections to the pool. This is superceded by the JCA stuff, which knows how to handle the case of requesting connections on behalf of different principals. Toby. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user