thank you for all of your help david.
i spent some time this weekend looking through the jca code in jboss-all and
jboss-head, and i must admit i'm a bit overwhelmed. =) there's a lot more
there than i expected. i was thinking it would be a simple extension of
some base class and then resolving that class in the oracle-ds.xml, but i'm
not so sure that's how it works now.
i was hoping to be able and use the CallerIdentityLoginModule in order to
have the user log in through JAAS (hopefully an ldap server), and then when
getConnection() is called, extract that principal and call the stored
procedure with that user name. the slightly misleading piece to this is
that the actual connection to the database is still made as a generic accout
specific in the oracle-ds.xml.
here's the sequence of events that i'm trying to create (as i understand
it).
1. user logs into JAAS login module to set principal (ldap in my case).
2. user queries database and BMP object calls getConnection().
3. datasource is configured to connect to database as a specific account
(using config-properties in the oracle-ds.xml)
4. before returning the connection to the BMP object,
the following code needs to be executed:
String sql = "BEGIN contexts.set_username( ? ) ; END ;";
stmt = connection.prepareCall(sql) ;
stmt.setString(1, the_logged_in_username);
stmt.execute();
return connection;
if possible to use the CallerIdentityLoginModule, where can i intercept the
getConnection() call and run this statement before returning the connection
to the caller. if i have misunderstood how the JBossCX module operates,
please feel free to clarify.
thank you again.
Ryan
-----Original Message-----
From: David Jencks [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 17, 2003 5:50 PM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-dev] Oracle specific jca adapter
I would imagine this would need to be called whenever the user changes.
This can be detected when getConnection is called on
ManagedConnection. I'd check to see if the user has actually changed.
If you implement this you should change the pooling parameter
"Criteria" to "ByNothing" for this adapter because this basically
means Oracle is supporting reauthentication.
To actually use this feature you will need to do application managed
security (bad idea IMO) (i.e. calling datasource.getConnection(user,
pw)) or use a login module that supplies more than one Subject such as
the CallerIdentityLoginModule.
Good luck! I'll be mostly offline till monday or tuesday when I can
probably answer more questions.
david jencks
-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
