Check my question here <https://groups.google.com/forum/#!topic/orient-database/YaQpfigeUao> You are right, there is no beautiful way to authenticate different users in orientdb. I think currently you should go with a common web approach, you must create one db user with WRITER/READER role and connect to db under this user.
In my opinion Filter approach is not the best one. It is better to initialize db pool in one of the application listeners. Also if you have just started take a look at this <https://dropwizard.github.io/dropwizard/> project. Probably it is more suitable for your standalone application. Also I think you may try to create a custom OrientDB resource class. So db pool will be available straight away after deployment of your application. Check here <http://tomcat.apache.org/tomcat-7.0-doc/config/resources.html>. On Thursday, 10 July 2014 11:15:22 UTC+1, Argh Skwidge wrote: > > OK, A little more info. > > I'm developing RESTful services in a Tomcat 7 container. I'm probably > going to use Jersey for the REST and Guice for injection - but I'm not > committed to these frameworks just yet, I will use something else if it > plays better with OrientDB. > > I'm adding an OrientGraph instance to each request using the filter > pattern given in https://code.google.com/p/orient/wiki/JavaWebApps. I'm > using the OrientGraph constructor though: > > OrientGraph graph = new OrientGraph(dbUrl, username, password); > > and cleaning up when the filter returns with: > > graph.shutdown(); > > This is because I want to make use of the record level security [ > https://github.com/orientechnologies/orientdb/wiki/Security ] as it seems > like such an elegant solution to the problem of insecure direct object > references. [ > https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References > > ] Factory methods like acquire() and getTx() don't allow me to use > different authentication values each time, so I would end up having to > write my own security model all over again (why re-invent the wheel?) > > I planned to use container-managed authentication, so I am creating an > OrientDB Realm [ http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html > ] which will look up OUser and ORule records using with a global read-only > account. (Probably just, "reader".) > > I would like, eventually, to be able to configure things like clustering, > backup, remote access ports for administration, logging, pools, caches, > etc... at an application-wide level. This presumably should be done before > I create any OrientGraph instances. > > I can find suitable hooks in Tomcat to make sure this happens in a timely > fashion. But where are the correct hooks in OrientDB? > > On Thursday, 10 July 2014 03:33:22 UTC+12, Andrey Kovalev wrote: >> >> In my opinion developers of OrientDB won't be able to advice you what to >> do. Also you provided not too much information about your environment. >> Do you use any framework? Do you use any web server and etc? >> >> Let's say you have Tomcat only and you use servlets. I would initialize >> OrientDB database pool in application initialization/deployment listener >> and put it into application context. And then in your DAOs I will call >> getTx() or aquire() each time. Something like this. >> >> -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
