On Feb 11, 2008, at 7:09 PM, Brian Gregory wrote:
I've done a little research since the last post and found that tranql
documentation is pretty much non-existent, not to mention the
project looks
mostly dead.
It's always pleasant to have ones hard work recognized and
acknowledged. Of course, documentation contributions for tranql
would be welcomed. For some reason the tranql contributors so far
have not seemed to feel the lack of documentation to be a serious
impediment to their work.
There are two parts to tranql, the j2ca connectors which get improved
periodically, mostly by people supplying database-specific extensions
such as support for the feature you are interested in, and the
persistence engine which is not currently under active development:
its last use was in the openejb2 CMP engine.
Anyway, I have a custom LoginModule that with do the front-line
authentication straight from Oracle users and populate the
principals as
needed. I also have JPA code working from a console defined
database pool,
but was just looking for that one piece that would allow me to to
the proxy.
This doesn't exactly answer the question I asked, namely "which
method do you use to get the connection" However my guess is that
jpa is using ds.getConnection() rather than ds.getConnection(user,pw).
This means you want container managed security for your connection
pool, an optional j2ca feature that geronimo happens to support.
However its not trivial to set up.
First you ned a LoginModule that will extract the appropriate
credentials (user name and password) from some source such as the
CallbackHandler or a map and come up with a PasswordCredential
containing this info and the ManagedConnectionFactory you are trying
to use. We supply CallerIdentityPasswordCredentialLoginModule which
might work for you or you can use it to see what is necessary.
To deploy this in your security realm you need a
PasswordCredentialLoginModuleWrapperGBean which has the normal
LoginModuleGBean info plus a reference to the
ManagedConnectionFactoryWrapper which is where the MCF comes from.
Finally in your connector plan you need to specify <container-managed-
security/>
You will have to edit the appropriate geronimo plans directly as the
console wizards do not support these options.
I think I understand what you're suggesting but how do I get
geronimo to use
the new class instead of the default? I used the console database pool
configuration and it doesn't contain any class references besides
the jdbc
driver.
I was suggesting you modify the tranql oracle managed connection
factory classes and assemble your own rars. I don't know if you will
need more config-properties in order to use this oracle feature
appropriately. In any case you can probably use a plan generated for
one of the oracle specific rars as a starting point, but you'll have
to deploy the connector directly rather than from the db wizard. A
plan for the generic tranql wrapper is not a very useful starting point.
thanks
david jencks
The console doesn't seem to generate a working deployment descriptor:
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/
connector-1.2">
<dep:environment
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2";>
<dep:moduleId>
<dep:groupId>console.dbpool</dep:groupId>
<dep:artifactId>TestPool</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>rar</dep:type>
</dep:moduleId>
<dep:dependencies>
<dep:dependency>
<dep:groupId>com.oracle</dep:groupId>
<dep:artifactId>oracle-jdbc-driver</dep:artifactId>
<dep:version>10.2.0.1.0XE</dep:version>
<dep:type>jar</dep:type>
</dep:dependency>
</dep:dependencies>
</dep:environment>
<resourceadapter>
<outbound-resourceadapter>
<connection-definition>
<connectionfactory-interface>javax.sql.DataSource</
connectionfactory-interface>
<connectiondefinition-instance>
<name>TestPool</name>
<config-property-setting
name="Driver">oracle.jdbc.OracleDriver</config-property-setting>
<config-property-setting
name="Password">test</config-property-setting>
<config-property-setting
name="UserName">test</config-property-setting>
<config-property-setting
name="ConnectionURL">jdbc:oracle:thin:@localhost:1521:SID</config-
property-setting>
<connectionmanager>
<local-transaction/>
<single-pool>
<max-size>10</max-size>
<min-size>0</min-size>
<match-one/>
</single-pool>
</connectionmanager>
</connectiondefinition-instance>
</connection-definition>
</outbound-resourceadapter>
</resourceadapter>
</connector>
djencks wrote:
On Feb 11, 2008, at 6:35 AM, Brian Gregory wrote:
1. Misconception on my part, what library is used for connection
pooling?
(Where is this is the docs?)
Dunno about docs. The basic implementation is in
https://svn.apache.org/repos/asf/geronimo/components/txmanager/trunk/
geronimo-connector
and the gbean wrappers and deployment code are in
https://svn.apache.org/repos/asf/geronimo/server/trunk/plugins/
connector
2. Proxy session is another name for changing the user credentials
on an
oracle connection. OracleConnection.openProxySession()
3. I'm not familiar with tranql. Can you point me to the
documentation?
Again, no docs I know of.
https://svn.codehaus.org/tranql
especially vendors/oracle/trunk
I think what you want to do is override
AbstractXADataSourceMCF.matchManagedConnections in the oracle
subclass so if there is no match on connections with their existing
credentials it calls openProxySession on one of the connections to
switch users. If openProxySession is very lightweight then just
calling it without a search would be reasonable.
Out of curiousity, how are you supplying the correct user to the
connector? Application managed security (datasource.getConnection
(user, password) or container managed security (using the identity of
the logged in user as tracked by the app server, possibly mapped with
an appropriate login module)?
Hope this helps and let us know if you run into problems or
succeed :-)
thanks
david jencks
--
View this message in context: http://www.nabble.com/proxy-session-
w--built-in-dbcp-%2B-openjpa-tp15404731s134p15425716.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
