Re: proxy session w/ built-in dbcp + openjpa
BTW, I had to remove the tags from all of the pom.xml that depended upon tranql-parent and the tags in order for maven to find the correct maven-rar-plugin. There is definately some repository confusion going on...? Brian Gregory wrote: > > I would have hoped to not have to check out all of the tags and branches, > but this will work. > I'll let you know my progress... > > Thanks. > > -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15468419.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
BTW, I had to remove the tags from all of the pom.xml that depended upon tranql-parent and the tags in order for maven to find the correct maven-rar-plugin. There is definately some repository confusion going on...? Brian Gregory wrote: > > I would have hoped to not have to check out all of the tags and branches, > but this will work. > I'll let you know my progress... > > Thanks. > > -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15468420.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
I would have hoped to not have to check out all of the tags and branches, but this will work. I'll let you know my progress... Thanks. -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15464800.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
I imagine you have already discovered that due to sun's belief that backwards compatibility is not relevant for jdbc, you have to compile on jdk 1.5 or perhaps 1.4. I guess we are missing a compiler switch somewhere. I don't understand why you are seeing this problem with the maven-rar- plugin. I check out all of tranql at https://svn.codehaus.org/ tranql and for development purposes build all the connector stuff with the pom I'm attaching (which I put at the root). (ccing directly in case the attachment is removed) http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> 4.0.0 Fake Aggregate TranQL Project org.tranql tranql-fake 1.2-SNAPSHOT pom connector/trunk connector-ra/trunk vendors/db2/trunk vendors/derby/trunk vendors/mysql/trunk vendors/oracle/trunk vendors/postgresql/trunk hope this helps david jencks On Feb 13, 2008, at 7:48 AM, Brian Gregory wrote: Another build problem when trying to build tranql-oracle-connector: I'm not sure where this is defined - I cleaned out my repository just to make sure. BTW, What is the best way to structure what comes out of SVN to make sure it builds properly? I had to check out all of the trunks separately. [INFO] Scanning for projects... [INFO] Reactor build order: [INFO] TranQL Vendors :: Oracle [INFO] TranQL Vendors, oracle :: Common [INFO] TranQL Vendors, oracle :: Local RA [INFO] TranQL Vendors, oracle :: XA RA WAGON_VERSION: 1.0-beta-1 [INFO] -- -- [INFO] Building TranQL Vendors :: Oracle [INFO]task-segment: [install] [INFO] -- -- [INFO] [site:attach-descriptor] [INFO] [install:install] [INFO] Installing C:\tranql\tranql-vendor-oracle\pom.xml to C:\Users\Brian\.m2\repository\org\tranql\tranql-connector-oracle \1.4-SNAPSHOT\tranql-connector-oracle-1.4-SNAPSHOT.pom [INFO] -- -- [INFO] Building TranQL Vendors, oracle :: Common [INFO]task-segment: [install] [INFO] -- -- [INFO] [resources:resources] [INFO] Using default encoding to copy filtered resources. Downloading: http://repository.codehaus.org/com/oracle/jdbc/ojdbc14/10.2.0.2/ ojdbc14-10.2.0.2.pom Downloading: http://dist.codehaus.org/com.oracle.jdbc/poms/ojdbc14-10.2.0.2.pom Downloading: http://repo1.maven.org/maven2/com/oracle/jdbc/ojdbc14/10.2.0.2/ ojdbc14-10.2.0.2.pom [INFO] [compiler:compile] [INFO] Nothing to compile - all classes are up to date [INFO] [resources:testResources] [INFO] Using default encoding to copy filtered resources. [INFO] [compiler:testCompile] [INFO] No sources to compile [INFO] [surefire:test] [INFO] No tests to run. [INFO] [jar:jar] [INFO] [install:install] [INFO] Installing C:\tranql\tranql-vendor-oracle\tranql-connector-oracle-common\target \tranql-connector-oracle-common-1.4-SNAPSHOT.jar to C:\Users\Brian\.m2\repository\org\tranql\tranql-connector-oracle- common\1.4-SNAPSHOT\tranql-connector-oracle-common-1.4-SNAPSHOT.jar [INFO] -- -- [INFO] Building TranQL Vendors, oracle :: Local RA [INFO]task-segment: [install] [INFO] -- -- Downloading: http://snapshots.repository.codehaus.org/org/apache/maven/plugins/ maven-rar-plugin/2.2-SNAPSHOT/maven-rar-plugin-2.2-SNAPSHOT.pom Downloading: http://snapshots.repository.codehaus.org/org/apache/maven/plugins/ maven-rar-plugin/2.2-SNAPSHOT/maven-rar-plugin-2.2-SNAPSHOT.pom Downloading: http://dist.codehaus.org/org.apache.maven.plugins/poms/maven-rar- plugin-2.2-SNAPSHOT.pom [INFO] -- -- [ERROR] BUILD ERROR [INFO] -- -- [INFO] Error building POM (may not be this project's POM). Project ID: org.apache.maven.plugins:maven-rar-plugin Reason: POM 'org.apache.maven.plugins:maven-rar-plugin' not found in repository: Unable to download the artifact from any repository org.apache.maven.plugins:maven-rar-plugin:pom:2.2-SNAPSHOT from the specified remote repositories: codehaus-m1 (http://dist.codehaus.org), codehaus (http://repository.codehaus.org), codehaus-snapshots (http://snapshots.repository.codehaus.org), central (http://repo1.maven.org/maven2) for project org.apache.maven.plugins:maven-rar-plugin [INFO] -- -- [INFO] For more information, run Maven with the -e switch [INFO] --
Re: proxy session w/ built-in dbcp + openjpa
Another build problem when trying to build tranql-oracle-connector: I'm not sure where this is defined - I cleaned out my repository just to make sure. BTW, What is the best way to structure what comes out of SVN to make sure it builds properly? I had to check out all of the trunks separately. [INFO] Scanning for projects... [INFO] Reactor build order: [INFO] TranQL Vendors :: Oracle [INFO] TranQL Vendors, oracle :: Common [INFO] TranQL Vendors, oracle :: Local RA [INFO] TranQL Vendors, oracle :: XA RA WAGON_VERSION: 1.0-beta-1 [INFO] [INFO] Building TranQL Vendors :: Oracle [INFO]task-segment: [install] [INFO] [INFO] [site:attach-descriptor] [INFO] [install:install] [INFO] Installing C:\tranql\tranql-vendor-oracle\pom.xml to C:\Users\Brian\.m2\repository\org\tranql\tranql-connector-oracle\1.4-SNAPSHOT\tranql-connector-oracle-1.4-SNAPSHOT.pom [INFO] [INFO] Building TranQL Vendors, oracle :: Common [INFO]task-segment: [install] [INFO] [INFO] [resources:resources] [INFO] Using default encoding to copy filtered resources. Downloading: http://repository.codehaus.org/com/oracle/jdbc/ojdbc14/10.2.0.2/ojdbc14-10.2.0.2.pom Downloading: http://dist.codehaus.org/com.oracle.jdbc/poms/ojdbc14-10.2.0.2.pom Downloading: http://repo1.maven.org/maven2/com/oracle/jdbc/ojdbc14/10.2.0.2/ojdbc14-10.2.0.2.pom [INFO] [compiler:compile] [INFO] Nothing to compile - all classes are up to date [INFO] [resources:testResources] [INFO] Using default encoding to copy filtered resources. [INFO] [compiler:testCompile] [INFO] No sources to compile [INFO] [surefire:test] [INFO] No tests to run. [INFO] [jar:jar] [INFO] [install:install] [INFO] Installing C:\tranql\tranql-vendor-oracle\tranql-connector-oracle-common\target\tranql-connector-oracle-common-1.4-SNAPSHOT.jar to C:\Users\Brian\.m2\repository\org\tranql\tranql-connector-oracle-common\1.4-SNAPSHOT\tranql-connector-oracle-common-1.4-SNAPSHOT.jar [INFO] [INFO] Building TranQL Vendors, oracle :: Local RA [INFO]task-segment: [install] [INFO] Downloading: http://snapshots.repository.codehaus.org/org/apache/maven/plugins/maven-rar-plugin/2.2-SNAPSHOT/maven-rar-plugin-2.2-SNAPSHOT.pom Downloading: http://snapshots.repository.codehaus.org/org/apache/maven/plugins/maven-rar-plugin/2.2-SNAPSHOT/maven-rar-plugin-2.2-SNAPSHOT.pom Downloading: http://dist.codehaus.org/org.apache.maven.plugins/poms/maven-rar-plugin-2.2-SNAPSHOT.pom [INFO] [ERROR] BUILD ERROR [INFO] [INFO] Error building POM (may not be this project's POM). Project ID: org.apache.maven.plugins:maven-rar-plugin Reason: POM 'org.apache.maven.plugins:maven-rar-plugin' not found in repository: Unable to download the artifact from any repository org.apache.maven.plugins:maven-rar-plugin:pom:2.2-SNAPSHOT from the specified remote repositories: codehaus-m1 (http://dist.codehaus.org), codehaus (http://repository.codehaus.org), codehaus-snapshots (http://snapshots.repository.codehaus.org), central (http://repo1.maven.org/maven2) for project org.apache.maven.plugins:maven-rar-plugin [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 6 seconds [INFO] Finished at: Wed Feb 13 10:45:09 EST 2008 [INFO] Final Memory: 11M/21M [INFO] -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15459644.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
When attempting to build the latest tranql-connector from SVN: (I'm using 1.6, could this be a problem? - I will be looking into it further, but I wanted to let you know. BTW, is there a tranql specific forum that we might continue this in? - or perhaps a new topic?) [INFO] Scanning for projects... WAGON_VERSION: 1.0-beta-2 [INFO] [INFO] Building TranQL :: Connector [INFO]task-segment: [install] [INFO] [INFO] Setting property: classpath.resource.loader.class => 'org.codehaus.plexus.velocity.ContextClassLoaderResourceLoader'. [INFO] Setting property: velocimacro.messages.on => 'false'. [INFO] Setting property: resource.loader => 'classpath'. [INFO] Setting property: resource.manager.logwhenfound => 'false'. [INFO] [remote-resources:process {execution: default}] [INFO] [resources:resources] [INFO] Using default encoding to copy filtered resources. [INFO] [compiler:compile] [INFO] Compiling 18 source files to C:\tranql\tranql-connector\target\classes [INFO] [ERROR] BUILD FAILURE [INFO] [INFO] Compilation failure C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\ResultSetHandle.java:[43,7] org.tranql.connector.jdbc.ResultSetHandle is not abstract and does not override abstract method updateNClob(java.lang.String,java.io.Reader) in java.sql.ResultSet C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\StatementHandle.java:[30,7] org.tranql.connector.jdbc.StatementHandle is not abstract and does not override abstract method isPoolable() in java.sql.Statement C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\ConnectionHandle.java:[43,7] org.tranql.connector.jdbc.ConnectionHandle is not abstract and does not override abstract method createStruct(java.lang.String,java.lang.Object[]) in java.sql.Connection C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\ConnectionWrapper.java:[44,7] org.tranql.connector.jdbc.ConnectionWrapper is not abstract and does not override abstract method createStruct(java.lang.String,java.lang.Object[]) in java.sql.Connection C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\PreparedStatementWrapper.java:[30,7] org.tranql.connector.jdbc.PreparedStatementWrapper is not abstract and does not override abstract method setNClob(int,java.io.Reader) in java.sql.PreparedStatement C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\PreparedStatementHandle.java:[42,7] org.tranql.connector.jdbc.PreparedStatementHandle is not abstract and does not override abstract method setNClob(int,java.io.Reader) in java.sql.PreparedStatement C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\CallableStatementHandle.java:[40,7] org.tranql.connector.jdbc.CallableStatementHandle is not abstract and does not override abstract method setNClob(java.lang.String,java.io.Reader) in java.sql.CallableStatement C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\DatabaseMetaDataHandle.java:[31,7] org.tranql.connector.jdbc.DatabaseMetaDataHandle is not abstract and does not override abstract method getFunctionColumns(java.lang.String,java.lang.String,java.lang.String,java.lang.String) in java.sql.DatabaseMetaData C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\DataSource.java:[40,7] org.tranql.connector.jdbc.DataSource is not abstract and does not override abstract method isWrapperFor(java.lang.Class) in java.sql.Wrapper [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 5 seconds [INFO] Finished at: Wed Feb 13 10:39:50 EST 2008 [INFO] Final Memory: 13M/23M [INFO] -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15459612.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
On Feb 12, 2008, at 12:35 PM, Brian Gregory wrote: Ok, this might clear things up a bit: yup:-) // This needs to happen when a connection is pulled from the pool // and before the connection is used. // The "" could be pulled from the GeronimoUserPrincipal() // in the current session (?) if available java.util.Properties prop = new java.util.Properties(); prop.put(OracleConnection.PROXY_USER_NAME, ""); ((OracleConnection)conn).openProxySession (OracleConnection.PROXYTYPE_USER_NAME, prop); // This nees to happen when a connection is returned to the pool ((OracleConnection)conn).close(OracleConnection.PROXY_SESSION); And that's pretty much it. The LoginModule for the security realm is pretty much a standard JDBC Realm (with a little code to calculate Oracle password hashes) that populates the GeronimoUserPrincipal() and GeronimoGroupPrincipal(). The "proxy" part is just a way to let oracle know who the "real" user is for the audit trail and any user-bound security policies. So every oracle connection will be created using a fixed user/pw combination you configure somewhere, and in addition the actual user's username will be used to set up the proxy session? I looked into this a bit more and don't think there's a way to write a app server independent connector that can deal with this. I think what you can do is: leave your login module setup alone specify container-manage-security in your connector plan modify the tranql oracle wrapper so that in the MCFs: add a method to set up the oracle proxy session given the Subject (from which you extract the GeronimoUserPrincipal) and the physical connection you override: createManagedConnection by copying the superclass code and calling the openProxySession method after getting the physical connection and creating your own ManagedConnection implementation (see below) and matchManagedConnections by calling super and then calling the openProxySession method. (the base methods are in AbstractLocalDataSourceMCF and AbstractXADataSourceMCF) You also need to override the ManagedConnection implementations so that the cleanup() method can end the oracle proxy session. Hope this is enough of a hint feel free to ask for more info. Maybe we'd could add a tranql login module that set up an oracle specific principal to transfer the user name? Then we could include this work in tranql and it wouldn't really be tied to geronimo. thanks david jencks Note from before: RARs ah. That's a new one for me. Learning curves are a bitch sometimes. And I'm still trying to catch up with learning maven (and the 6 million things it does). As you can probably tell, geronimo is a pretty new beast to me too. No problem about the help, I've got to work through it anyway. -- View this message in context: http://www.nabble.com/proxy-session- w--built-in-dbcp-%2B-openjpa-tp15404731s134p15442349.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Ok, this might clear things up a bit: // This needs to happen when a connection is pulled from the pool // and before the connection is used. // The "" could be pulled from the GeronimoUserPrincipal() // in the current session (?) if available java.util.Properties prop = new java.util.Properties(); prop.put(OracleConnection.PROXY_USER_NAME, ""); ((OracleConnection)conn).openProxySession(OracleConnection.PROXYTYPE_USER_NAME, prop); // This nees to happen when a connection is returned to the pool ((OracleConnection)conn).close(OracleConnection.PROXY_SESSION); And that's pretty much it. The LoginModule for the security realm is pretty much a standard JDBC Realm (with a little code to calculate Oracle password hashes) that populates the GeronimoUserPrincipal() and GeronimoGroupPrincipal(). The "proxy" part is just a way to let oracle know who the "real" user is for the audit trail and any user-bound security policies. Note from before: RARs ah. That's a new one for me. Learning curves are a bitch sometimes. And I'm still trying to catch up with learning maven (and the 6 million things it does). As you can probably tell, geronimo is a pretty new beast to me too. No problem about the help, I've got to work through it anyway. -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15442349.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
On Feb 12, 2008, at 11:29 AM, Brian Gregory wrote: It's always pleasant to have ones hard work recognized and acknowledged. Of course, documentation contributions for tranql would be welcomed. For some reason the tranql contributors so far have not seemed to feel the lack of documentation to be a serious impediment to their work. I'm sorry about the offense. My comment was from a position of lack of knowledge. no problem. I think its at least as annoying to find badly documented projects as to have your badly documented project criticized :-) This doesn't exactly answer the question I asked, namely "which method do you use to get the connection" However my guess is that jpa is using ds.getConnection() rather than ds.getConnection (user,pw). The EntityManager uses my configuration in persistence.xml to get connections from a supplied JNDI resource. This resource (for my config) is a console configured connection pool which has its own connection information (JDBC driver, username, and password). Yes, it probably uses ds.getConnection() at the bottom, but this is inside the OpenJPA code somewhere. ok, clear enough This means you want container managed security for your connection pool, an optional j2ca feature that geronimo happens to support. However its not trivial to set up. I already have a custom LoginModule that will populate the credentials (principals) as needed. This is configured and working. Is this what you are talking about? no, the j2ca spec makes it a bit more complicated :-) I could probably give you better advice here if I knew exactly what information the oracle openProxySession method needs, and where it comes from (user input? Lookup in an oracle table? Lookup in a flat file?) eg. user supplies user name and password login module does ??? openProxySession requires ??? derived from previous info by ??? First you ned a LoginModule that will extract the appropriate credentials (user name and password) from some source such as the CallbackHandler or a map and come up with a PasswordCredential containing this info and the ManagedConnectionFactory you are trying to use. We supply CallerIdentityPasswordCredentialLoginModule which might work for you or you can use it to see what is necessary. To deploy this in your security realm you need a PasswordCredentialLoginModuleWrapperGBean which has the normal LoginModuleGBean info plus a reference to the ManagedConnectionFactoryWrapper which is where the MCF comes from. Finally in your connector plan you need to specify managed- security/> I'm sorry but I have no idea what the above description is talking about. Currenlty I have not used tranql directly for anything and have no idea what these classes are (well, I can see them in the javadocs) and not sure what the connector plan is. I will look up CallerIdentityPasswordCredentialLoginModule and see if the javadocs will help. The problem is that the geronimo console has abstracted the details of this library away and I'm only now learning where to start. BTW, The codehause site does not have correct source control access information (it still lists CVS) - thanks for the SVN info. You will have to edit the appropriate geronimo plans directly as the console wizards do not support these options. This is fine. I was suggesting you modify the tranql oracle managed connection factory classes and assemble your own rars. I don't know if you will need more config-properties in order to use this oracle feature appropriately. In any case you can probably use a plan generated for one of the oracle specific rars as a starting point, but you'll have to deploy the connector directly rather than from the db wizard. A plan for the generic tranql wrapper is not a very useful starting point. I only started with the console generated delpoyment descriptor because I had no other reference. Ok, I was hoping that I didn't have to wade through the code, but I will. Container managed security doesn't seem to be a very popular feature. I'd love to get support for it into the tranql oracle wrapper and maybe get an example up somewhere. Your assistance would be appreciated :-) especially since I don't have oracle running here. thanks david jencks Thanks for the help. -- View this message in context: http://www.nabble.com/proxy-session- w--built-in-dbcp-%2B-openjpa-tp15404731s134p15440950.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
> It's always pleasant to have ones hard work recognized and > acknowledged. Of course, documentation contributions for tranql > would be welcomed. For some reason the tranql contributors so far > have not seemed to feel the lack of documentation to be a serious > impediment to their work. I'm sorry about the offense. My comment was from a position of lack of knowledge. > This doesn't exactly answer the question I asked, namely "which > method do you use to get the connection" However my guess is that > jpa is using ds.getConnection() rather than ds.getConnection(user,pw). The EntityManager uses my configuration in persistence.xml to get connections from a supplied JNDI resource. This resource (for my config) is a console configured connection pool which has its own connection information (JDBC driver, username, and password). Yes, it probably uses ds.getConnection() at the bottom, but this is inside the OpenJPA code somewhere. > This means you want container managed security for your connection > pool, an optional j2ca feature that geronimo happens to support. > However its not trivial to set up. I already have a custom LoginModule that will populate the credentials (principals) as needed. This is configured and working. Is this what you are talking about? > First you ned a LoginModule that will extract the appropriate > credentials (user name and password) from some source such as the > CallbackHandler or a map and come up with a PasswordCredential > containing this info and the ManagedConnectionFactory you are trying > to use. We supply CallerIdentityPasswordCredentialLoginModule which > might work for you or you can use it to see what is necessary. > To deploy this in your security realm you need a > PasswordCredentialLoginModuleWrapperGBean which has the normal > LoginModuleGBean info plus a reference to the > ManagedConnectionFactoryWrapper which is where the MCF comes from. > Finally in your connector plan you need to specify security/> I'm sorry but I have no idea what the above description is talking about. Currenlty I have not used tranql directly for anything and have no idea what these classes are (well, I can see them in the javadocs) and not sure what the connector plan is. I will look up CallerIdentityPasswordCredentialLoginModule and see if the javadocs will help. The problem is that the geronimo console has abstracted the details of this library away and I'm only now learning where to start. BTW, The codehause site does not have correct source control access information (it still lists CVS) - thanks for the SVN info. > You will have to edit the appropriate geronimo plans directly as the > console wizards do not support these options. This is fine. > I was suggesting you modify the tranql oracle managed connection > factory classes and assemble your own rars. I don't know if you will > need more config-properties in order to use this oracle feature > appropriately. In any case you can probably use a plan generated for > one of the oracle specific rars as a starting point, but you'll have > to deploy the connector directly rather than from the db wizard. A > plan for the generic tranql wrapper is not a very useful starting point. I only started with the console generated delpoyment descriptor because I had no other reference. Ok, I was hoping that I didn't have to wade through the code, but I will. Thanks for the help. -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15440950.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
On Feb 11, 2008, at 7:09 PM, Brian Gregory wrote: I've done a little research since the last post and found that tranql documentation is pretty much non-existent, not to mention the project looks mostly dead. It's always pleasant to have ones hard work recognized and acknowledged. Of course, documentation contributions for tranql would be welcomed. For some reason the tranql contributors so far have not seemed to feel the lack of documentation to be a serious impediment to their work. There are two parts to tranql, the j2ca connectors which get improved periodically, mostly by people supplying database-specific extensions such as support for the feature you are interested in, and the persistence engine which is not currently under active development: its last use was in the openejb2 CMP engine. Anyway, I have a custom LoginModule that with do the front-line authentication straight from Oracle users and populate the principals as needed. I also have JPA code working from a console defined database pool, but was just looking for that one piece that would allow me to to the proxy. This doesn't exactly answer the question I asked, namely "which method do you use to get the connection" However my guess is that jpa is using ds.getConnection() rather than ds.getConnection(user,pw). This means you want container managed security for your connection pool, an optional j2ca feature that geronimo happens to support. However its not trivial to set up. First you ned a LoginModule that will extract the appropriate credentials (user name and password) from some source such as the CallbackHandler or a map and come up with a PasswordCredential containing this info and the ManagedConnectionFactory you are trying to use. We supply CallerIdentityPasswordCredentialLoginModule which might work for you or you can use it to see what is necessary. To deploy this in your security realm you need a PasswordCredentialLoginModuleWrapperGBean which has the normal LoginModuleGBean info plus a reference to the ManagedConnectionFactoryWrapper which is where the MCF comes from. Finally in your connector plan you need to specify security/> You will have to edit the appropriate geronimo plans directly as the console wizards do not support these options. I think I understand what you're suggesting but how do I get geronimo to use the new class instead of the default? I used the console database pool configuration and it doesn't contain any class references besides the jdbc driver. I was suggesting you modify the tranql oracle managed connection factory classes and assemble your own rars. I don't know if you will need more config-properties in order to use this oracle feature appropriately. In any case you can probably use a plan generated for one of the oracle specific rars as a starting point, but you'll have to deploy the connector directly rather than from the db wizard. A plan for the generic tranql wrapper is not a very useful starting point. thanks david jencks The console doesn't seem to generate a working deployment descriptor: http://geronimo.apache.org/xml/ns/j2ee/ connector-1.2"> http://geronimo.apache.org/xml/ns/deployment-1.2";> console.dbpool TestPool 1.0 rar com.oracle oracle-jdbc-driver 10.2.0.1.0XE jar javax.sql.DataSourceconnectionfactory-interface> TestPool oracle.jdbc.OracleDriver test test name="ConnectionURL">jdbc:oracle:thin:@localhost:1521:SIDproperty-setting> 10 0 djencks wrote: On Feb 11, 2008, at 6:35 AM, Brian Gregory wrote: 1. Misconception on my part, what library is used for connection pooling? (Where is this is the docs?) Dunno about docs. The basic implementation is in https://svn.apache.org/repos/asf/geronimo/components/txmanager/trunk/ geronimo-connector and the gbean wrappers and deployment code are in https://svn.apache.org/repos/asf/geronimo/server/trunk/plugins/ connector 2. Proxy session is another name for changing the user credentials on an oracle connection. OracleConnection.openProxySession() 3. I'm not familiar with tranql. Can you point me to the documentation? Again, no docs I know of. https://svn.codehaus.org/tranql especially vendors/oracle/trunk I think what you want to do is override AbstractXADataSourceMCF.matchManagedConnections in the oracle subclass so if there is no match on connecti
Re: proxy session w/ built-in dbcp + openjpa
I've done a little research since the last post and found that tranql documentation is pretty much non-existent, not to mention the project looks mostly dead. Anyway, I have a custom LoginModule that with do the front-line authentication straight from Oracle users and populate the principals as needed. I also have JPA code working from a console defined database pool, but was just looking for that one piece that would allow me to to the proxy. I think I understand what you're suggesting but how do I get geronimo to use the new class instead of the default? I used the console database pool configuration and it doesn't contain any class references besides the jdbc driver. The console doesn't seem to generate a working deployment descriptor: http://geronimo.apache.org/xml/ns/j2ee/connector-1.2";> http://geronimo.apache.org/xml/ns/deployment-1.2";> console.dbpool TestPool 1.0 rar com.oracle oracle-jdbc-driver 10.2.0.1.0XE jar javax.sql.DataSource TestPool oracle.jdbc.OracleDriver test test jdbc:oracle:thin:@localhost:1521:SID 10 0 djencks wrote: > > > On Feb 11, 2008, at 6:35 AM, Brian Gregory wrote: > >> >> 1. Misconception on my part, what library is used for connection >> pooling? >> (Where is this is the docs?) > > Dunno about docs. The basic implementation is in > > https://svn.apache.org/repos/asf/geronimo/components/txmanager/trunk/ > geronimo-connector > > and the gbean wrappers and deployment code are in > > https://svn.apache.org/repos/asf/geronimo/server/trunk/plugins/connector > >> 2. Proxy session is another name for changing the user credentials >> on an >> oracle connection. OracleConnection.openProxySession() >> 3. I'm not familiar with tranql. Can you point me to the >> documentation? > > Again, no docs I know of. > > https://svn.codehaus.org/tranql > > especially vendors/oracle/trunk > > I think what you want to do is override > AbstractXADataSourceMCF.matchManagedConnections in the oracle > subclass so if there is no match on connections with their existing > credentials it calls openProxySession on one of the connections to > switch users. If openProxySession is very lightweight then just > calling it without a search would be reasonable. > > Out of curiousity, how are you supplying the correct user to the > connector? Application managed security (datasource.getConnection > (user, password) or container managed security (using the identity of > the logged in user as tracked by the app server, possibly mapped with > an appropriate login module)? > > Hope this helps and let us know if you run into problems or succeed :-) > > thanks > david jencks > > -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15425716.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
On Feb 11, 2008, at 6:35 AM, Brian Gregory wrote: 1. Misconception on my part, what library is used for connection pooling? (Where is this is the docs?) Dunno about docs. The basic implementation is in https://svn.apache.org/repos/asf/geronimo/components/txmanager/trunk/ geronimo-connector and the gbean wrappers and deployment code are in https://svn.apache.org/repos/asf/geronimo/server/trunk/plugins/connector 2. Proxy session is another name for changing the user credentials on an oracle connection. OracleConnection.openProxySession() 3. I'm not familiar with tranql. Can you point me to the documentation? Again, no docs I know of. https://svn.codehaus.org/tranql especially vendors/oracle/trunk I think what you want to do is override AbstractXADataSourceMCF.matchManagedConnections in the oracle subclass so if there is no match on connections with their existing credentials it calls openProxySession on one of the connections to switch users. If openProxySession is very lightweight then just calling it without a search would be reasonable. Out of curiousity, how are you supplying the correct user to the connector? Application managed security (datasource.getConnection (user, password) or container managed security (using the identity of the logged in user as tracked by the app server, possibly mapped with an appropriate login module)? Hope this helps and let us know if you run into problems or succeed :-) thanks david jencks Thanks for the help. Brian djencks wrote: Geronimo does not use dbcp, could you explain why you think it does? Could you explain what proxy sessions do? There might be a simple solution, but I have no idea what you are trying to achieve. For instance if you are trying to change the authentication information on an existing connection this can be achieved by adding a bit of code to the tranql oracle wrapper. thanks david jencks -- View this message in context: http://www.nabble.com/proxy-session- w--built-in-dbcp-%2B-openjpa-tp15404731s134p15412547.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
1. Misconception on my part, what library is used for connection pooling? (Where is this is the docs?) 2. Proxy session is another name for changing the user credentials on an oracle connection. OracleConnection.openProxySession() 3. I'm not familiar with tranql. Can you point me to the documentation? Thanks for the help. Brian djencks wrote: > > Geronimo does not use dbcp, could you explain why you think it does? > > Could you explain what proxy sessions do? There might be a simple > solution, but I have no idea what you are trying to achieve. For > instance if you are trying to change the authentication information > on an existing connection this can be achieved by adding a bit of > code to the tranql oracle wrapper. > > thanks > david jencks > > -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15412547.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Geronimo does not use dbcp, could you explain why you think it does? Could you explain what proxy sessions do? There might be a simple solution, but I have no idea what you are trying to achieve. For instance if you are trying to change the authentication information on an existing connection this can be achieved by adding a bit of code to the tranql oracle wrapper. thanks david jencks On Feb 10, 2008, at 6:52 PM, Brian Gregory wrote: I'm attempting to use proxy session w/ oracle and the built-in dbcp + openjpa in geronimo but I'm hung up at the start. I've done this before with c3p0 + hibernate but c3p0 has a ConnectionCustomizer class that allows you to register for checkout and checkin events from the connection pool, thus allowing the proxy user to be modified prior to connections being used. Unfortunately I can't find a way to do this with dbcp, but I have a few ideas: 1. Subclass the dbcp PoolingDataSource such that proxy users are set up in the getConnection() method - Although I would have to define a database pool w/ that would use the new class (no idea) and setup openjpa to use this database pool (not sure either) 2. Use c3p0 w/ openjpa instead of the built-in dbcp. Is there a way to deploy a database pool in geronimo w/ a 3rd party pooling library? Is there a good way to set up a 3rd party db pool if not? Any other ideas are appreciated. -- View this message in context: http://www.nabble.com/proxy-session- w--built-in-dbcp-%2B-openjpa-tp15404731s134p15404731.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.