RE: [JBoss-dev] Oracle specific jca adapter
david, do you have any ideas on how i could implement this scenerio? Ryan -Original Message- From: Sonnek, Ryan [mailto:[EMAIL PROTECTED]] Sent: Monday, January 20, 2003 10:21 AM To: '[EMAIL PROTECTED]' Subject: RE: [JBoss-dev] Oracle specific jca adapter thank you for all of your help david. i spent some time this weekend looking through the jca code in jboss-all and jboss-head, and i must admit i'm a bit overwhelmed. =) there's a lot more there than i expected. i was thinking it would be a simple extension of some base class and then resolving that class in the oracle-ds.xml, but i'm not so sure that's how it works now. i was hoping to be able and use the CallerIdentityLoginModule in order to have the user log in through JAAS (hopefully an ldap server), and then when getConnection() is called, extract that principal and call the stored procedure with that user name. the slightly misleading piece to this is that the actual connection to the database is still made as a generic accout specific in the oracle-ds.xml. here's the sequence of events that i'm trying to create (as i understand it). 1. user logs into JAAS login module to set principal (ldap in my case). 2. user queries database and BMP object calls getConnection(). 3. datasource is configured to connect to database as a specific account (using config-properties in the oracle-ds.xml) 4. before returning the connection to the BMP object, the following code needs to be executed: String sql = BEGIN contexts.set_username( ? ) ; END ;; stmt = connection.prepareCall(sql) ; stmt.setString(1, the_logged_in_username); stmt.execute(); return connection; if possible to use the CallerIdentityLoginModule, where can i intercept the getConnection() call and run this statement before returning the connection to the caller. if i have misunderstood how the JBossCX module operates, please feel free to clarify. thank you again. Ryan -Original Message- From: David Jencks [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 5:50 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-dev] Oracle specific jca adapter I would imagine this would need to be called whenever the user changes. This can be detected when getConnection is called on ManagedConnection. I'd check to see if the user has actually changed. If you implement this you should change the pooling parameter Criteria to ByNothing for this adapter because this basically means Oracle is supporting reauthentication. To actually use this feature you will need to do application managed security (bad idea IMO) (i.e. calling datasource.getConnection(user, pw)) or use a login module that supplies more than one Subject such as the CallerIdentityLoginModule. Good luck! I'll be mostly offline till monday or tuesday when I can probably answer more questions. david jencks --- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
RE: [JBoss-dev] Oracle specific jca adapter
mail problems, maybe this try will work Begin forwarded message: From: David Jencks [EMAIL PROTECTED] Date: Mon Jan 27, 2003 7:15:08 PM US/Eastern To: [EMAIL PROTECTED] Subject: Re: [JBoss-dev] Oracle specific jca adapter On Monday, January 27, 2003, at 04:46 PM, Sonnek, Ryan wrote: david, do you have any ideas on how i could implement this scenerio? yes. First, the login module doesn't need to be part of the adapter: you can use the CallerIdentity module at least for development and testing. I'm a little hampered by not knowing anything about what Oracle actually needs you to do, so some of this is guesswork:-) 1. If all the connections should be initially logged in as a particular user, say the default user specified in the oracle-ds.xml, change the code in XAManagedConnectionFactory.createManagedConnection to use this user/pw instead of looking around in the subject/cri. If this doesn't matter, don't make this change. 2. Subclass BaseWrapperManagedConnection and implement getConnection(subject, cri) to extract the user/pw from the props generated from the subject and cri and call the oracle stuff using this security info. Actually you should save this user/pw in the ManagedConnection instance and only call the Oracle stuff when it changes. You probably also want to make sure there are no connection handles attached before you do this:-) (handles.isEmpty()) 3. You probably also need to override ManagedConnectionFactory matchManagedConnections to call these Oracle methods with the user/pw from the props from the subject/cri. Make sure you save this info so the oracle methods arent called twice. This is in case jboss will try to associate a prexisting connection handle with this managed connection: the associate method doesn't bring in any security info. AFAIK, thats all folks. Ask if you have any questions. If you do, maybe including more info about what oracle needs would help me see the problems. thanks david jencks Ryan -Original Message- From: Sonnek, Ryan [mailto:[EMAIL PROTECTED]] Sent: Monday, January 20, 2003 10:21 AM To: '[EMAIL PROTECTED]' Subject: RE: [JBoss-dev] Oracle specific jca adapter thank you for all of your help david. i spent some time this weekend looking through the jca code in jboss-all and jboss-head, and i must admit i'm a bit overwhelmed. =) there's a lot more there than i expected. i was thinking it would be a simple extension of some base class and then resolving that class in the oracle-ds.xml, but i'm not so sure that's how it works now. i was hoping to be able and use the CallerIdentityLoginModule in order to have the user log in through JAAS (hopefully an ldap server), and then when getConnection() is called, extract that principal and call the stored procedure with that user name. the slightly misleading piece to this is that the actual connection to the database is still made as a generic accout specific in the oracle-ds.xml. here's the sequence of events that i'm trying to create (as i understand it). 1. user logs into JAAS login module to set principal (ldap in my case). 2. user queries database and BMP object calls getConnection(). 3. datasource is configured to connect to database as a specific account (using config-properties in the oracle-ds.xml) 4. before returning the connection to the BMP object, the following code needs to be executed: String sql = BEGIN contexts.set_username( ? ) ; END ;; stmt = connection.prepareCall(sql) ; stmt.setString(1, the_logged_in_username); stmt.execute(); return connection; if possible to use the CallerIdentityLoginModule, where can i intercept the getConnection() call and run this statement before returning the connection to the caller. if i have misunderstood how the JBossCX module operates, please feel free to clarify. thank you again. Ryan -Original Message- From: David Jencks [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 5:50 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-dev] Oracle specific jca adapter I would imagine this would need to be called whenever the user changes. This can be detected when getConnection is called on ManagedConnection. I'd check to see if the user has actually changed. If you implement this you should change the pooling parameter Criteria to ByNothing for this adapter because this basically means Oracle is supporting reauthentication. To actually use this feature you will need to do application managed security (bad idea IMO) (i.e. calling datasource.getConnection(user, pw)) or use a login module that supplies more than one Subject such as the CallerIdentityLoginModule. Good luck! I'll be mostly offline till monday or tuesday when I can probably answer more questions. david jencks --- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get
RE: [JBoss-dev] Oracle specific jca adapter
thank you for all of your help david. i spent some time this weekend looking through the jca code in jboss-all and jboss-head, and i must admit i'm a bit overwhelmed. =) there's a lot more there than i expected. i was thinking it would be a simple extension of some base class and then resolving that class in the oracle-ds.xml, but i'm not so sure that's how it works now. i was hoping to be able and use the CallerIdentityLoginModule in order to have the user log in through JAAS (hopefully an ldap server), and then when getConnection() is called, extract that principal and call the stored procedure with that user name. the slightly misleading piece to this is that the actual connection to the database is still made as a generic accout specific in the oracle-ds.xml. here's the sequence of events that i'm trying to create (as i understand it). 1. user logs into JAAS login module to set principal (ldap in my case). 2. user queries database and BMP object calls getConnection(). 3. datasource is configured to connect to database as a specific account (using config-properties in the oracle-ds.xml) 4. before returning the connection to the BMP object, the following code needs to be executed: String sql = BEGIN contexts.set_username( ? ) ; END ;; stmt = connection.prepareCall(sql) ; stmt.setString(1, the_logged_in_username); stmt.execute(); return connection; if possible to use the CallerIdentityLoginModule, where can i intercept the getConnection() call and run this statement before returning the connection to the caller. if i have misunderstood how the JBossCX module operates, please feel free to clarify. thank you again. Ryan -Original Message- From: David Jencks [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 5:50 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-dev] Oracle specific jca adapter I would imagine this would need to be called whenever the user changes. This can be detected when getConnection is called on ManagedConnection. I'd check to see if the user has actually changed. If you implement this you should change the pooling parameter Criteria to ByNothing for this adapter because this basically means Oracle is supporting reauthentication. To actually use this feature you will need to do application managed security (bad idea IMO) (i.e. calling datasource.getConnection(user, pw)) or use a login module that supplies more than one Subject such as the CallerIdentityLoginModule. Good luck! I'll be mostly offline till monday or tuesday when I can probably answer more questions. david jencks --- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
Re: [JBoss-dev] Oracle specific jca adapter
When does Oracle want you to execute this stuff? Per statement? per getConnection? per tx Anyway, look in connector/src/main/org/jboss/resource/adapter/jdbc/ This contains the base classes and the local and xa specific subclasses are in the local and xa folders. There's an Oracle specific ManagedConnectionFactory for xa to work around some other oracle features. If you really need to do something whenever a connection handle is given to a user app, look in one of the ManagedConnection classes at getConnection. If you need to do something whenever a new physical connection is established to Oracle do it in the ManagedConnection constructor. You can intercept new statement and use-of-statement operations in the connection and statement wrappers. If you need to do them at the start of a transaction maybe you could wrap the XAResource?? thanks david jencks On Friday, January 17, 2003, at 04:43 PM, Sonnek, Ryan wrote: i'm working on a project currently that is requiring that for each connection to the database, a set of database packages are called before any insert/update/select/delete commands are run. i'd like to do this by writing an extension to the existing JCA modules to execute these packages before returning the java.sql.Connection object to the caller. i've gone through the pay docs and examples but i must admit that i'm a bit lost on where to start. any suggestions on what classes i need to extend and what xml files are needed would be greatly appreciated. oracle is really pushing this context setting as their recommended method of enterprise connections, and i'd be more than happy to submit anything i get working to the jboss base code as a patch. i just to be pointed in the right direction. thank you for all of your input! Ryan J. Sonnek Brown Printing Company J2EE Application Developer 507.835.0803 mailto:[EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
RE: [JBoss-dev] Oracle specific jca adapter
oracle suggests that the context be set for each user executing a query. my initial thought was that each time getConnection() was called, the current principal of the caller would be used for these oracle packages. but, now that you mention it, wouldn't it have to be done for each transaction? it's whole intent is that instead of using individual connections to the database, it uses a generic connection pool, but it extracts the JAAS principal and sets it in the oracle context for use with triggers. it makes scence in a way since you get the benifits of acurate audit information without the overhead of individual connections to the database. my question now is should this be done on the individual statement level, or the transaction level? i vaguely understand the process of when getConnection() is called for BMP classes, but i don't know when it's caled for CMP classes. i need to ensure that each statement run by a particular user has the context information set. Ryan -Original Message- From: David Jencks [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 5:00 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-dev] Oracle specific jca adapter When does Oracle want you to execute this stuff? Per statement? per getConnection? per tx Anyway, look in connector/src/main/org/jboss/resource/adapter/jdbc/ This contains the base classes and the local and xa specific subclasses are in the local and xa folders. There's an Oracle specific ManagedConnectionFactory for xa to work around some other oracle features. If you really need to do something whenever a connection handle is given to a user app, look in one of the ManagedConnection classes at getConnection. If you need to do something whenever a new physical connection is established to Oracle do it in the ManagedConnection constructor. You can intercept new statement and use-of-statement operations in the connection and statement wrappers. If you need to do them at the start of a transaction maybe you could wrap the XAResource?? thanks david jencks On Friday, January 17, 2003, at 04:43 PM, Sonnek, Ryan wrote: i'm working on a project currently that is requiring that for each connection to the database, a set of database packages are called before any insert/update/select/delete commands are run. i'd like to do this by writing an extension to the existing JCA modules to execute these packages before returning the java.sql.Connection object to the caller. i've gone through the pay docs and examples but i must admit that i'm a bit lost on where to start. any suggestions on what classes i need to extend and what xml files are needed would be greatly appreciated. oracle is really pushing this context setting as their recommended method of enterprise connections, and i'd be more than happy to submit anything i get working to the jboss base code as a patch. i just to be pointed in the right direction. thank you for all of your input! Ryan J. Sonnek Brown Printing Company J2EE Application Developer 507.835.0803 mailto:[EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
Re: [JBoss-dev] Oracle specific jca adapter
I would imagine this would need to be called whenever the user changes. This can be detected when getConnection is called on ManagedConnection. I'd check to see if the user has actually changed. If you implement this you should change the pooling parameter Criteria to ByNothing for this adapter because this basically means Oracle is supporting reauthentication. To actually use this feature you will need to do application managed security (bad idea IMO) (i.e. calling datasource.getConnection(user, pw)) or use a login module that supplies more than one Subject such as the CallerIdentityLoginModule. Good luck! I'll be mostly offline till monday or tuesday when I can probably answer more questions. david jencks On Friday, January 17, 2003, at 06:22 PM, Sonnek, Ryan wrote: oracle suggests that the context be set for each user executing a query. my initial thought was that each time getConnection() was called, the current principal of the caller would be used for these oracle packages. but, now that you mention it, wouldn't it have to be done for each transaction? it's whole intent is that instead of using individual connections to the database, it uses a generic connection pool, but it extracts the JAAS principal and sets it in the oracle context for use with triggers. it makes scence in a way since you get the benifits of acurate audit information without the overhead of individual connections to the database. my question now is should this be done on the individual statement level, or the transaction level? i vaguely understand the process of when getConnection() is called for BMP classes, but i don't know when it's caled for CMP classes. i need to ensure that each statement run by a particular user has the context information set. Ryan -Original Message- From: David Jencks [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 5:00 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-dev] Oracle specific jca adapter When does Oracle want you to execute this stuff? Per statement? per getConnection? per tx Anyway, look in connector/src/main/org/jboss/resource/adapter/jdbc/ This contains the base classes and the local and xa specific subclasses are in the local and xa folders. There's an Oracle specific ManagedConnectionFactory for xa to work around some other oracle features. If you really need to do something whenever a connection handle is given to a user app, look in one of the ManagedConnection classes at getConnection. If you need to do something whenever a new physical connection is established to Oracle do it in the ManagedConnection constructor. You can intercept new statement and use-of-statement operations in the connection and statement wrappers. If you need to do them at the start of a transaction maybe you could wrap the XAResource?? thanks david jencks On Friday, January 17, 2003, at 04:43 PM, Sonnek, Ryan wrote: i'm working on a project currently that is requiring that for each connection to the database, a set of database packages are called before any insert/update/select/delete commands are run. i'd like to do this by writing an extension to the existing JCA modules to execute these packages before returning the java.sql.Connection object to the caller. i've gone through the pay docs and examples but i must admit that i'm a bit lost on where to start. any suggestions on what classes i need to extend and what xml files are needed would be greatly appreciated. oracle is really pushing this context setting as their recommended method of enterprise connections, and i'd be more than happy to submit anything i get working to the jboss base code as a patch. i just to be pointed in the right direction. thank you for all of your input! Ryan J. Sonnek Brown Printing Company J2EE Application Developer 507.835.0803 mailto:[EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development --- This SF.NET email is sponsored