users@glassfish.java.net

Re: Glassfish JAAS Security - Oracle Database Users.

From: Laird Nelson <ljnelson_at_gmail.com>
Date: Fri, 2 Dec 2011 10:11:03 -0500

On Fri, Dec 2, 2011 at 5:31 AM, <forums_at_java.net> wrote:

> I've got a request to try and tie up an JSF/EJB/JPA application to an
> Oracle
> database and use the user accounts within Oracle (which are all created as
> standard database authentication ones without any Enterprise Server or OS
> authentication) and their appropriate roles as the authentication and
> authorisation sources.
>

You're probably aware of this, but just in case, know that even if you do
this the Principal that you authenticate as will not (typically) be the
user who actually manipulates the database via JDBC connections. That is,
your connections in Java EE are owned by a connection pool, and the
connection pool typically connects to the database as a single user.

(For completeness, you are supposed to be able to call
someConnection.setClientInfo("ClientUser", "The name of the principal you
authenticated as") and JDBC vendors who support connection-level identity
switching are supposed to cause that single connection to take on that
user's identity temporarily, but I've never seen this work; maybe it does
on some databases. How you would do this with a JPA provider is also
beyond me.)

Again, my apologies if this is obvious to you, but it sometimes slips by
people who are trying to do something like you describe.

Best,
Laird

-- 
http://about.me/lairdnelson