geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Gregory <>
Subject Re: proxy session w/ built-in dbcp + openjpa
Date Tue, 12 Feb 2008 19:29:03 GMT

> It's always pleasant to have ones hard work recognized and  
> acknowledged.  Of course, documentation contributions for tranql  
> would be welcomed.  For some reason the tranql contributors so far  
> have not seemed to feel the lack of documentation to be a serious  
>  impediment to their work.

I'm sorry about the offense. My comment was from a position of lack of

> This doesn't exactly answer the question I asked, namely "which  
> method do you use to get the connection"  However my guess is that  
> jpa is using ds.getConnection() rather than ds.getConnection(user,pw).

The EntityManager uses my configuration in persistence.xml to get
connections from a supplied JNDI resource. This resource (for my config) is
a console configured connection pool which has its own connection
information (JDBC driver, username, and password). Yes, it probably uses
ds.getConnection() at the bottom, but this is inside the OpenJPA code

> This means you want container managed security for your connection  
> pool, an optional j2ca feature that geronimo happens to support.   
> However its not trivial to set up.

I already have a custom LoginModule that will populate the credentials
(principals) as needed. This is configured and working. Is this what you are
talking about?

> First you ned a LoginModule that will extract the appropriate  
> credentials (user name and password) from some source such as the  
> CallbackHandler or a map and come up with a PasswordCredential  
> containing this info and the ManagedConnectionFactory you are trying  
> to use.  We supply CallerIdentityPasswordCredentialLoginModule which  
> might work for you or you can use it to see what is necessary.

> To deploy this in your security realm you need a  
> PasswordCredentialLoginModuleWrapperGBean which has the normal  
> LoginModuleGBean info plus a reference to the  
> ManagedConnectionFactoryWrapper which is where the MCF comes from.

> Finally in your connector plan you need to specify <container-managed- 
> security/>

I'm sorry but I have no idea what the above description is talking about.
Currenlty I have not used tranql directly for anything and have no idea what
these classes are (well, I can see them in the javadocs) and not sure what
the connector plan is. 

I will look up CallerIdentityPasswordCredentialLoginModule and see if the
javadocs will help. The problem is that the geronimo console has abstracted
the details of this library away and I'm only now learning where to start. 

BTW, The codehause site does not have correct source control access
information (it still lists CVS) - thanks for the SVN info. 

> You will have to edit the appropriate geronimo plans directly as the  
> console wizards do not support these options.

This is fine.

> I was suggesting you modify the tranql oracle managed connection  
> factory classes and assemble your own rars.  I don't know if you will  
> need more config-properties in order to use this oracle feature  
> appropriately.  In any case you can probably use a plan generated for  
> one of the oracle specific rars as a starting point, but you'll have  
> to deploy the connector directly rather than from the db wizard.  A  
> plan for the generic tranql wrapper is not a very useful starting point.

I only started with the console generated delpoyment descriptor because I
had no other reference.

Ok, I was hoping that I didn't have to wade through the code, but I will. 
Thanks for the help.

View this message in context:
Sent from the Apache Geronimo - Users mailing list archive at

View raw message