Ok, this might clear things up a bit: // This needs to happen when a connection is pulled from the pool // and before the connection is used. // The "<username>" could be pulled from the GeronimoUserPrincipal() // in the current session (?) if available
java.util.Properties prop = new java.util.Properties(); prop.put(OracleConnection.PROXY_USER_NAME, "<username>"); ((OracleConnection)conn).openProxySession(OracleConnection.PROXYTYPE_USER_NAME, prop); // This nees to happen when a connection is returned to the pool ((OracleConnection)conn).close(OracleConnection.PROXY_SESSION); And that's pretty much it. The LoginModule for the security realm is pretty much a standard JDBC Realm (with a little code to calculate Oracle password hashes) that populates the GeronimoUserPrincipal() and GeronimoGroupPrincipal(). The "proxy" part is just a way to let oracle know who the "real" user is for the audit trail and any user-bound security policies. Note from before: RARs ah. That's a new one for me. Learning curves are a bitch sometimes. And I'm still trying to catch up with learning maven (and the 6 million things it does). As you can probably tell, geronimo is a pretty new beast to me too. No problem about the help, I've got to work through it anyway. -- View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15442349.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.