On Feb 12, 2008, at 11:29 AM, Brian Gregory wrote:
It's always pleasant to have ones hard work recognized and
acknowledged. Of course, documentation contributions for tranql
would be welcomed. For some reason the tranql contributors so far
have not seemed to feel the lack of documentation to be a serious
impediment to their work.
I'm sorry about the offense. My comment was from a position of lack of
knowledge.
no problem. I think its at least as annoying to find badly
documented projects as to have your badly documented project
criticized :-)
This doesn't exactly answer the question I asked, namely "which
method do you use to get the connection" However my guess is that
jpa is using ds.getConnection() rather than ds.getConnection
(user,pw).
The EntityManager uses my configuration in persistence.xml to get
connections from a supplied JNDI resource. This resource (for my
config) is
a console configured connection pool which has its own connection
information (JDBC driver, username, and password). Yes, it probably
uses
ds.getConnection() at the bottom, but this is inside the OpenJPA code
somewhere.
ok, clear enough
This means you want container managed security for your connection
pool, an optional j2ca feature that geronimo happens to support.
However its not trivial to set up.
I already have a custom LoginModule that will populate the credentials
(principals) as needed. This is configured and working. Is this
what you are
talking about?
no, the j2ca spec makes it a bit more complicated :-)
I could probably give you better advice here if I knew exactly what
information the oracle openProxySession method needs, and where it
comes from (user input? Lookup in an oracle table? Lookup in a flat
file?)
eg.
user supplies user name and password
login module does ???
openProxySession requires ??? derived from previous info by ???
First you ned a LoginModule that will extract the appropriate
credentials (user name and password) from some source such as the
CallbackHandler or a map and come up with a PasswordCredential
containing this info and the ManagedConnectionFactory you are trying
to use. We supply CallerIdentityPasswordCredentialLoginModule which
might work for you or you can use it to see what is necessary.
To deploy this in your security realm you need a
PasswordCredentialLoginModuleWrapperGBean which has the normal
LoginModuleGBean info plus a reference to the
ManagedConnectionFactoryWrapper which is where the MCF comes from.
Finally in your connector plan you need to specify <container-
managed-
security/>
I'm sorry but I have no idea what the above description is talking
about.
Currenlty I have not used tranql directly for anything and have no
idea what
these classes are (well, I can see them in the javadocs) and not
sure what
the connector plan is.
I will look up CallerIdentityPasswordCredentialLoginModule and see
if the
javadocs will help. The problem is that the geronimo console has
abstracted
the details of this library away and I'm only now learning where to
start.
BTW, The codehause site does not have correct source control access
information (it still lists CVS) - thanks for the SVN info.
You will have to edit the appropriate geronimo plans directly as the
console wizards do not support these options.
This is fine.
I was suggesting you modify the tranql oracle managed connection
factory classes and assemble your own rars. I don't know if you will
need more config-properties in order to use this oracle feature
appropriately. In any case you can probably use a plan generated for
one of the oracle specific rars as a starting point, but you'll have
to deploy the connector directly rather than from the db wizard. A
plan for the generic tranql wrapper is not a very useful starting
point.
I only started with the console generated delpoyment descriptor
because I
had no other reference.
Ok, I was hoping that I didn't have to wade through the code, but I
will.
Container managed security doesn't seem to be a very popular
feature. I'd love to get support for it into the tranql oracle
wrapper and maybe get an example up somewhere. Your assistance would
be appreciated :-) especially since I don't have oracle running here.
thanks
david jencks
Thanks for the help.
--
View this message in context: http://www.nabble.com/proxy-session-
w--built-in-dbcp-%2B-openjpa-tp15404731s134p15440950.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
