Re: Connecting using User's Credentials
[EMAIL PROTECTED] 12/22/04 10:41 PM Now this caseit's also a bad design idea. From your perspective, it may be (and I agree with you in this case). But it may just be that we just do not understand the context that it is framed within. It may be the best possible solution. If the cost to allow it is low, I think we should do it...whether we understand why or not. BTW: The ThreadUserDataSource class now wraps any driver (using proxool) to allow this. DataSource.getConnection(user, password) will connect using the user/password passed in. DataSource.getConnection() will look at the ThreadUser to figure out the user/password to use. The cost to implement it was low, so I did. :-) Larry
Re: Connecting using User's Credentials
that they are designed for the rule Then I guess we don't need to support maps anymore. Cuz, some people don't follow the rule ;-) On Wed, 22 Dec 2004 23:41:05 -0600, Vic Cekvenich [EMAIL PROTECTED] wrote: Clinton Begin wrote: I agree too, but some users don't have a choice. One cool thing about light weight frameworks is ... that they are designed for the rule, and not for the exception. For special cases, I just get a jdbc connection and do my jdbc level thing. Now this caseit's also a bad design idea. .V -- RiA-SoA w/JDNC http://www.SandraSF.com forums - help develop a coomunity My blog http://www.sandrasf.com/adminBlog
Re: Connecting using User's Credentials
Brandon Goodin wrote: that they are designed for the rule Then I guess we don't need to support maps anymore. Cuz, some people don't follow the rule ;-) :-) Yeah, we should do ALL do O/R and not use SQL. Not! ;-) -- RiA-SoA w/JDNC http://www.SandraSF.com forums - help develop a coomunity My blog http://www.sandrasf.com/adminBlog
Re: Connecting using User's Credentials
I agree w/ Lary, this is a bad idea. .V Clinton Begin wrote: We could support DataSource.getConnection(username,password), but I wonder how many datasources actually implement that properly? For example: sqlMapClient.setAuthentication(username, password); or maybe... sqlMapClient.openSession (username, password); Remember though, I'd wonder how many datasources actually implement the getConnection(user,pass) properly Thoughts? Clinton On Tue, 21 Dec 2004 10:56:05 -0700, Larry Meadors [EMAIL PROTECTED] wrote: This can be done, and being the guy who wrote the code to do, I would *strongly* advocate *not* doing it. Essentially, you need to set up a connection pool per user. There is a package to do it in CVS using proxool, but it is not supported. Larry [EMAIL PROTECTED] 12/21/04 8:09 AM Yes, there is a previous example of how to do this, I believe it is on the old SourceForge forum, if I'm not mistaken. I'll go search for the link to the particular thread if I can find it. On Tue, 21 Dec 2004 08:58:18 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm using the ibatis DAO framework and SQLMapping to develop a web application and it is working great. I used Hibernate on the last project, but the client insisted on having more control over the SQL. SQLMapping takes care of that. Now the DBA is insisting that each user authenticate with their own Oracle ID and password. Can I pass in the connection credentials at run time rather than use what is in the config file? -- RiA-SoA w/JDNC http://www.SandraSF.com forums - help develop a coomunity My blog http://www.sandrasf.com/adminBlog
Re: Connecting using User's Credentials
This client's security policy requires that all users connect to Oracle using individual IDs and passwords. I get the ID and password from the UI then pass them to the client's security JAR that tests if the user can make a connection to Oracle using those credentials. It returns a user object if the operation was successful. I may be able to get away with using the ID and password from the iBatis properties file after the user's Oracle ID and password have been validated, but the client would prefer that I continue using the user's ID and password for all connections. Somebody mentioned using ThreadLocal variables. If there was some kind of security helper I could pass in the credentials to be saved in ThreadLocal variables for use by any connections made from that thread. Otherwise, I could be responsible for setting ThreadLocal variables following some naming convention. A security helper class is probably the safer route. Larry Meadors [EMAIL PROTECTED] 12/22/2004 02:40 PM Please respond to ibatis-user-java@incubator.apache.org To ibatis-user-java@incubator.apache.org cc Subject Re: Connecting using User's Credentials How would we provide the user/password? [EMAIL PROTECTED] 12/22/04 11:56 AM I agree too, but some users don't have a choice. It's too bad that getConnection(user,pass) isn't a reliable option... I wonder if we should do it anyway for those who have good drivers? Clinton On Wed, 22 Dec 2004 12:33:45 -0600, Vic Cekvenich [EMAIL PROTECTED] wrote: I agree w/ Lary, this is a bad idea. .V Clinton Begin wrote: We could support DataSource.getConnection(username,password), but I wonder how many datasources actually implement that properly? For example: sqlMapClient.setAuthentication(username, password); or maybe... sqlMapClient.openSession (username, password); Remember though, I'd wonder how many datasources actually implement the getConnection(user,pass) properly Thoughts? Clinton On Tue, 21 Dec 2004 10:56:05 -0700, Larry Meadors [EMAIL PROTECTED] wrote: This can be done, and being the guy who wrote the code to do, I would *strongly* advocate *not* doing it. Essentially, you need to set up a connection pool per user. There is a package to do it in CVS using proxool, but it is not supported. Larry [EMAIL PROTECTED] 12/21/04 8:09 AM Yes, there is a previous example of how to do this, I believe it is on the old SourceForge forum, if I'm not mistaken. I'll go search for the link to the particular thread if I can find it. On Tue, 21 Dec 2004 08:58:18 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm using the ibatis DAO framework and SQLMapping to develop a web application and it is working great. I used Hibernate on the last project, but the client insisted on having more control over the SQL. SQLMapping takes care of that. Now the DBA is insisting that each user authenticate with their own Oracle ID and password. Can I pass in the connection credentials at run time rather than use what is in the config file? -- RiA-SoA w/JDNC http://www.SandraSF.com forums - help develop a coomunity My blog http://www.sandrasf.com/adminBlog
Re: Connecting using User's Credentials
Hmm, the ThreadUserDataSource could be modified to return a user-specific connection using this API instead of the thread user. That would make it possible to use proxool to turn any driver into a DataSource that implements this method. Larry [EMAIL PROTECTED] 12/22/04 5:20 PM Steve, Could you test your app server datasource to see if DataSource.getConnection (username, password) works? If it does, we'll consider adding openSession(user,pass) or setUserAuth(user,pass) in one of the APIs. Afterall, it is a standard part of the JDBC API. ;-) Clinton On Wed, 22 Dec 2004 16:35:21 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This client's security policy requires that all users connect to Oracle using individual IDs and passwords. I get the ID and password from the UI then pass them to the client's security JAR that tests if the user can make a connection to Oracle using those credentials. It returns a user object if the operation was successful. I may be able to get away with using the ID and password from the iBatis properties file after the user's Oracle ID and password have been validated, but the client would prefer that I continue using the user's ID and password for all connections. Somebody mentioned using ThreadLocal variables. If there was some kind of security helper I could pass in the credentials to be saved in ThreadLocal variables for use by any connections made from that thread. Otherwise, I could be responsible for setting ThreadLocal variables following some naming convention. A security helper class is probably the safer route. Larry Meadors [EMAIL PROTECTED] 12/22/2004 02:40 PM Please respond to ibatis-user-java@incubator.apache.org To ibatis-user-java@incubator.apache.org cc Subject Re: Connecting using User's Credentials How would we provide the user/password? [EMAIL PROTECTED] 12/22/04 11:56 AM I agree too, but some users don't have a choice. It's too bad that getConnection(user,pass) isn't a reliable option... I wonder if we should do it anyway for those who have good drivers? Clinton On Wed, 22 Dec 2004 12:33:45 -0600, Vic Cekvenich [EMAIL PROTECTED] wrote: I agree w/ Lary, this is a bad idea. .V Clinton Begin wrote: We could support DataSource.getConnection(username,password), but I wonder how many datasources actually implement that properly? For example: sqlMapClient.setAuthentication(username, password); or maybe... sqlMapClient.openSession (username, password); Remember though, I'd wonder how many datasources actually implement the getConnection(user,pass) properly Thoughts? Clinton On Tue, 21 Dec 2004 10:56:05 -0700, Larry Meadors [EMAIL PROTECTED] wrote: This can be done, and being the guy who wrote the code to do, I would *strongly* advocate *not* doing it. Essentially, you need to set up a connection pool per user. There is a package to do it in CVS using proxool, but it is not supported. Larry [EMAIL PROTECTED] 12/21/04 8:09 AM Yes, there is a previous example of how to do this, I believe it is on the old SourceForge forum, if I'm not mistaken. I'll go search for the link to the particular thread if I can find it. On Tue, 21 Dec 2004 08:58:18 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm using the ibatis DAO framework and SQLMapping to develop a web application and it is working great. I used Hibernate on the last project, but the client insisted on having more control over the SQL. SQLMapping takes care of that. Now the DBA is insisting that each user authenticate with their own Oracle ID and password. Can I pass in the connection credentials at run time rather than use what is in the config file? -- RiA-SoA w/JDNC http://www.SandraSF.com forums - help develop a coomunity My blog http://www.sandrasf.com/adminBlog
Re: Connecting using User's Credentials
Ok, that change is in CVS now. If you want to check it out and try it, feel free. I think it will work, and if not, I will refund your money...oh, wait it is free. I guess if it does not work, you can fix it for free if you want to. :-) Larry [EMAIL PROTECTED] 12/22/04 8:57 PM Hmm, the ThreadUserDataSource could be modified to return a user-specific connection using this API instead of the thread user. That would make it possible to use proxool to turn any driver into a DataSource that implements this method. Larry [EMAIL PROTECTED] 12/22/04 5:20 PM Steve, Could you test your app server datasource to see if DataSource.getConnection (username, password) works? If it does, we'll consider adding openSession(user,pass) or setUserAuth(user,pass) in one of the APIs. Afterall, it is a standard part of the JDBC API. ;-) Clinton On Wed, 22 Dec 2004 16:35:21 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This client's security policy requires that all users connect to Oracle using individual IDs and passwords. I get the ID and password from the UI then pass them to the client's security JAR that tests if the user can make a connection to Oracle using those credentials. It returns a user object if the operation was successful. I may be able to get away with using the ID and password from the iBatis properties file after the user's Oracle ID and password have been validated, but the client would prefer that I continue using the user's ID and password for all connections. Somebody mentioned using ThreadLocal variables. If there was some kind of security helper I could pass in the credentials to be saved in ThreadLocal variables for use by any connections made from that thread. Otherwise, I could be responsible for setting ThreadLocal variables following some naming convention. A security helper class is probably the safer route. Larry Meadors [EMAIL PROTECTED] 12/22/2004 02:40 PM Please respond to ibatis-user-java@incubator.apache.org To ibatis-user-java@incubator.apache.org cc Subject Re: Connecting using User's Credentials How would we provide the user/password? [EMAIL PROTECTED] 12/22/04 11:56 AM I agree too, but some users don't have a choice. It's too bad that getConnection(user,pass) isn't a reliable option... I wonder if we should do it anyway for those who have good drivers? Clinton On Wed, 22 Dec 2004 12:33:45 -0600, Vic Cekvenich [EMAIL PROTECTED] wrote: I agree w/ Lary, this is a bad idea. .V Clinton Begin wrote: We could support DataSource.getConnection(username,password), but I wonder how many datasources actually implement that properly? For example: sqlMapClient.setAuthentication(username, password); or maybe... sqlMapClient.openSession (username, password); Remember though, I'd wonder how many datasources actually implement the getConnection(user,pass) properly Thoughts? Clinton On Tue, 21 Dec 2004 10:56:05 -0700, Larry Meadors [EMAIL PROTECTED] wrote: This can be done, and being the guy who wrote the code to do, I would *strongly* advocate *not* doing it. Essentially, you need to set up a connection pool per user. There is a package to do it in CVS using proxool, but it is not supported. Larry [EMAIL PROTECTED] 12/21/04 8:09 AM Yes, there is a previous example of how to do this, I believe it is on the old SourceForge forum, if I'm not mistaken. I'll go search for the link to the particular thread if I can find it. On Tue, 21 Dec 2004 08:58:18 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm using the ibatis DAO framework and SQLMapping to develop a web application and it is working great. I used Hibernate on the last project, but the client insisted on having more control over the SQL. SQLMapping takes care of that. Now the DBA is insisting that each user authenticate with their own Oracle ID and password. Can I pass in the connection credentials at run time rather than use what is in the config file? -- RiA-SoA w/JDNC http://www.SandraSF.com forums - help develop a coomunity My blog http://www.sandrasf.com/adminBlog
Re: Connecting using User's Credentials
Clinton Begin wrote: I agree too, but some users don't have a choice. One cool thing about light weight frameworks is ... that they are designed for the rule, and not for the exception. For special cases, I just get a jdbc connection and do my jdbc level thing. Now this caseit's also a bad design idea. .V -- RiA-SoA w/JDNC http://www.SandraSF.com forums - help develop a coomunity My blog http://www.sandrasf.com/adminBlog
Re: Connecting using User's Credentials
Yes, there is a previous example of how to do this, I believe it is on the old SourceForge forum, if I'm not mistaken. I'll go search for the link to the particular thread if I can find it. On Tue, 21 Dec 2004 08:58:18 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm using the ibatis DAO framework and SQLMapping to develop a web application and it is working great. I used Hibernate on the last project, but the client insisted on having more control over the SQL. SQLMapping takes care of that. Now the DBA is insisting that each user authenticate with their own Oracle ID and password. Can I pass in the connection credentials at run time rather than use what is in the config file?
Re: Connecting using User's Credentials
This can be done, and being the guy who wrote the code to do, I would *strongly* advocate *not* doing it. Essentially, you need to set up a connection pool per user. There is a package to do it in CVS using proxool, but it is not supported. Larry [EMAIL PROTECTED] 12/21/04 8:09 AM Yes, there is a previous example of how to do this, I believe it is on the old SourceForge forum, if I'm not mistaken. I'll go search for the link to the particular thread if I can find it. On Tue, 21 Dec 2004 08:58:18 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm using the ibatis DAO framework and SQLMapping to develop a web application and it is working great. I used Hibernate on the last project, but the client insisted on having more control over the SQL. SQLMapping takes care of that. Now the DBA is insisting that each user authenticate with their own Oracle ID and password. Can I pass in the connection credentials at run time rather than use what is in the config file?