users@glassfish.java.net

Re: Database Passthrough

From: Gregory Gerard <ggerard_at_mac.com>
Date: Sat, 06 Nov 2010 12:37:29 -0700 (PDT)

Date: Sat, 6 Nov 2010 12:36:48 -0700
To: "users_at_glassfish.dev.java.net" <users_at_glassfish.dev.java.net>

I've been trying to find this out myself and asked last week.

Oracle calls it proxy authentication in their JDBC docs.

I've found nothing for glassfish except an article on the oracle blogs where the end note closed off the example code with "thread safety issues and resource leaks" so not production ready.

I found an implementation for JBoss but not portable to glassfish it would seem.

EclipseLink site had some extensions for proxy authentication and virtual private database support. There were lots of warnings about second level caching since objects in the cache have no security tags associated with them.

WebLogic seems to support it (I saw fields on their deployment descriptor).

Overall I don't have a good sense for how it would all fit together. The container should do it since the security is there as well. However the mapping of the application principal to the database login is fuzzy.

No access to bookmarks right now or I'd send the links I've found but the descriptions above will find them. Will post later.

On Nov 6, 2010, at 9:09, noreply_at_java.net wrote:

> [quote=hanodl]
>
> Hi
>
> I need to do my authentication for the user sessions on the database, Thus I
> need to pass through from the session to the database the username and
> password and all access on the database has to be with their own username and
> password, for only certain users will be granted the roles on the database.
>
> Does anyone have an idea how to do it?
>
> [/quote]
>
> Normally Glassfish (like most application servers) will use connection pools
> to provide access to the database. This means that in a typical
> installation all database access is performed by one database user on behalf
> of many application users.
>
> To achieve what you want, you would have to have /n/ connection pools and /n/
> users (i.e. one connection pool per user). Then you would need to write
> code that, at login time, would figure out which connection pool to associate
> with the current user. This is almost certainly not what you want to do.
> But it is possible.
>
> Best,
> Laird
>
>
> --
>
> [Message sent by forum member 'ljnelson']
>
> View Post: http://forums.java.net/node/713377
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>