david sims wrote:
>
> Does anyone know if the EJB 1.1 or forthcoming 2.0 spec addresses the situation
> where each caller principal into an EJB container needs to create its own
> database connection.
>
> Typically, it seems that an EJB container will open a few pooled connections to
> the database all using a single username/password.
>
> But the security people don't like to see a "proxy" accessing the database.
> They want the actual EJB caller principal names to be used when creating
> database connections.
Check out your database server. If it supports "proxy authorization"
(a SQL standard feature that uses the "set session authorization" command)
then the app. server can change the effective DB user id on an already open
connection, so you get the benefits of connection pooling as well as effective
database auditing.
<vendor>
Sybase ASE (database) supports the standard "set session authorization" feature.
Sybase EAServer (app server) can use this together with connection pooling, as
long as the DBMS you are using supports the SQL standard syntax for this feature.
</vendor>
> I could write this code manually in my BMP beans. Not a problem. But is there a
> portable way I can do this? Do any of the specs address this issue?
This is a quality of implementation issue. Check with your DB vendor and app.
server vendor to see if they support it.
________________________________________________________________________________
Evan Ireland Sybase EAServer Engineering [EMAIL PROTECTED]
Wellington, New Zealand +64 4 934-5856
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
