geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: proxy session w/ built-in dbcp + openjpa
Date Tue, 12 Feb 2008 19:59:17 GMT

On Feb 12, 2008, at 11:29 AM, Brian Gregory wrote:

>> It's always pleasant to have ones hard work recognized and
>> acknowledged.  Of course, documentation contributions for tranql
>> would be welcomed.  For some reason the tranql contributors so far
>> have not seemed to feel the lack of documentation to be a serious
>>  impediment to their work.
> I'm sorry about the offense. My comment was from a position of lack of
> knowledge.

no problem.  I think its at least as annoying to find badly  
documented projects as to have your badly documented project  
criticized :-)
>> This doesn't exactly answer the question I asked, namely "which
>> method do you use to get the connection"  However my guess is that
>> jpa is using ds.getConnection() rather than ds.getConnection 
>> (user,pw).
> The EntityManager uses my configuration in persistence.xml to get
> connections from a supplied JNDI resource. This resource (for my  
> config) is
> a console configured connection pool which has its own connection
> information (JDBC driver, username, and password). Yes, it probably  
> uses
> ds.getConnection() at the bottom, but this is inside the OpenJPA code
> somewhere.

ok, clear enough
>> This means you want container managed security for your connection
>> pool, an optional j2ca feature that geronimo happens to support.
>> However its not trivial to set up.
> I already have a custom LoginModule that will populate the credentials
> (principals) as needed. This is configured and working. Is this  
> what you are
> talking about?

no, the j2ca spec makes it a bit more complicated :-)

I could probably give you better advice here if I knew exactly what  
information the oracle openProxySession method needs, and where it  
comes from (user input?  Lookup in an oracle table?  Lookup in a flat  


user supplies user name and password
login module does ???

openProxySession requires ??? derived from previous info by ???

>> First you ned a LoginModule that will extract the appropriate
>> credentials (user name and password) from some source such as the
>> CallbackHandler or a map and come up with a PasswordCredential
>> containing this info and the ManagedConnectionFactory you are trying
>> to use.  We supply CallerIdentityPasswordCredentialLoginModule which
>> might work for you or you can use it to see what is necessary.
>> To deploy this in your security realm you need a
>> PasswordCredentialLoginModuleWrapperGBean which has the normal
>> LoginModuleGBean info plus a reference to the
>> ManagedConnectionFactoryWrapper which is where the MCF comes from.
>> Finally in your connector plan you need to specify <container- 
>> managed-
>> security/>
> I'm sorry but I have no idea what the above description is talking  
> about.
> Currenlty I have not used tranql directly for anything and have no  
> idea what
> these classes are (well, I can see them in the javadocs) and not  
> sure what
> the connector plan is.
> I will look up CallerIdentityPasswordCredentialLoginModule and see  
> if the
> javadocs will help. The problem is that the geronimo console has  
> abstracted
> the details of this library away and I'm only now learning where to  
> start.
> BTW, The codehause site does not have correct source control access
> information (it still lists CVS) - thanks for the SVN info.
>> You will have to edit the appropriate geronimo plans directly as the
>> console wizards do not support these options.
> This is fine.
>> I was suggesting you modify the tranql oracle managed connection
>> factory classes and assemble your own rars.  I don't know if you will
>> need more config-properties in order to use this oracle feature
>> appropriately.  In any case you can probably use a plan generated for
>> one of the oracle specific rars as a starting point, but you'll have
>> to deploy the connector directly rather than from the db wizard.  A
>> plan for the generic tranql wrapper is not a very useful starting  
>> point.
> I only started with the console generated delpoyment descriptor  
> because I
> had no other reference.
> Ok, I was hoping that I didn't have to wade through the code, but I  
> will.

Container managed security doesn't seem to be a very popular  
feature.  I'd love to get support for it into the tranql oracle  
wrapper and maybe get an example up somewhere.  Your assistance would  
be appreciated :-) especially since I don't have oracle running here.

david jencks

> Thanks for the help.
> -- 
> View this message in context: 
> w--built-in-dbcp-%2B-openjpa-tp15404731s134p15440950.html
> Sent from the Apache Geronimo - Users mailing list archive at  

View raw message