Oh, that’s nice – thanks.
There’s hopefully just one last part of this problem I need to address (thank
you for all your help).
As mentioned my authenticated-user (the GSUser) is not in fact the name of the
user I want to impersonate. I need to figure out how to get the name of the
impersonated user into the environment.
The impersonated user is based on the geoserver workspace and remains constant
for the life of the workspace. My dream solution would be that I could store
the name of the impersonated user into the workspace itself and somehow
leverage code that gets the name/value into the environment when a request is
dispatched. Poking around, I see that the WorkspaceInfoImpl has
set/getMetadataMap(). If I could put my own name/value pair for the
impersonated user into the MetadataMap for the workspace and then the
MetadataMap were found to be part of the environment that would be the magic
answer.
Of course maybe it’s not that easy but does this trigger any suggestion you
might have? I know the impersonated user name when I create the workspace. I
just don’t know how to get that into the environment when a request against the
workspace is dispatched.
Do I need a dispatcher callback? If so can I make the callback installed by my
service code run before other services like WMS/WFS attempt accessing features
so this is all setup right?
Thank You - Walter
From: andrea.a...@gmail.com [mailto:andrea.a...@gmail.com] On Behalf Of Andrea
Aime
Sent: Wednesday, June 15, 2016 12:37 PM
To: Walter Stovall <walter.stov...@byers.com>
Cc: geoserver-devel@lists.sourceforge.net
Subject: Re: [Geoserver-devel] FW: Managing Oracle connections to different
schemas of the same database instance can't be done with the current geoserver
On Wed, Jun 15, 2016 at 6:25 PM, Walter Stovall
<walter.stov...@byers.com<mailto:walter.stov...@byers.com>> wrote:
Thanks. Looking to simplify this yet more. The solution below would still
require me to modify the datastore setup page in geoserver so the page would
let me request a proxy session be created.
Nope, it's auto generated from the connection params advertised by the store.
So no problems here, the extras would only show up when a Oracle store is
configured.
How ‘bad’ would be if I modified the geotools SessionCommandsListener to
specifically check for SET SESSION AUTHORIZATION being the statement getting
executed? When found, this is a directly executed pass-thru for non-Oracle
dialect but for Oracle this uses their proprietary API to do the equivalent.
That class is generic and unaware that Oracle even exists, I would not go there.
Cheers
Andrea
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i
file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo
è consentito esclusivamente al destinatario del messaggio, per le finalità
indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne
il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di
procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro
sistema. Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse,
costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the
attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act (Legislative
Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in
accord with its purpose, any disclosure, reproduction, copying, distribution,
or either dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the intended
recipient, please contact immediately the sender by telephone, fax or e-mail
and delete the information in this message that has been received in error. The
sender does not give any warranty or accept liability as the content, accuracy
or completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.
-------------------------------------------------------
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
