geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: proxy session w/ built-in dbcp + openjpa
Date Tue, 12 Feb 2008 17:09:10 GMT

On Feb 11, 2008, at 7:09 PM, Brian Gregory wrote:

> I've done a little research since the last post and found that tranql
> documentation is pretty much non-existent, not to mention the  
> project looks
> mostly dead.

It's always pleasant to have ones hard work recognized and  
acknowledged.  Of course, documentation contributions for tranql  
would be welcomed.  For some reason the tranql contributors so far  
have not seemed to feel the lack of documentation to be a serious  
impediment to their work.

There are two parts to tranql, the j2ca connectors which get improved  
periodically, mostly by people supplying database-specific extensions  
such as support for the feature you are interested in, and the  
persistence engine which is not currently under active development:  
its last use was in the openejb2 CMP engine.

> Anyway, I have a custom LoginModule that with do the front-line
> authentication straight from Oracle users and populate the  
> principals as
> needed. I also have JPA code working from a console defined  
> database pool,
> but was just looking for that one piece that would allow me to to  
> the proxy.

This doesn't exactly answer the question I asked, namely "which  
method do you use to get the connection"  However my guess is that  
jpa is using ds.getConnection() rather than ds.getConnection(user,pw).

This means you want container managed security for your connection  
pool, an optional j2ca feature that geronimo happens to support.   
However its not trivial to set up.

First you ned a LoginModule that will extract the appropriate  
credentials (user name and password) from some source such as the  
CallbackHandler or a map and come up with a PasswordCredential  
containing this info and the ManagedConnectionFactory you are trying  
to use.  We supply CallerIdentityPasswordCredentialLoginModule which  
might work for you or you can use it to see what is necessary.

To deploy this in your security realm you need a  
PasswordCredentialLoginModuleWrapperGBean which has the normal  
LoginModuleGBean info plus a reference to the  
ManagedConnectionFactoryWrapper which is where the MCF comes from.

Finally in your connector plan you need to specify <container-managed- 

You will have to edit the appropriate geronimo plans directly as the  
console wizards do not support these options.
> I think I understand what you're suggesting but how do I get  
> geronimo to use
> the new class instead of the default? I used the console database pool
> configuration and it doesn't contain any class references besides  
> the jdbc
> driver.

I was suggesting you modify the tranql oracle managed connection  
factory classes and assemble your own rars.  I don't know if you will  
need more config-properties in order to use this oracle feature  
appropriately.  In any case you can probably use a plan generated for  
one of the oracle specific rars as a starting point, but you'll have  
to deploy the connector directly rather than from the db wizard.  A  
plan for the generic tranql wrapper is not a very useful starting point.

david jencks

> The console doesn't seem to generate a working deployment descriptor:
> <?xml version="1.0" encoding="UTF-8"?>
> <connector xmlns=" 
> connector-1.2">
>     <dep:environment
> xmlns:dep="">
>         <dep:moduleId>
>             <dep:groupId>console.dbpool</dep:groupId>
>             <dep:artifactId>TestPool</dep:artifactId>
>             <dep:version>1.0</dep:version>
>             <dep:type>rar</dep:type>
>         </dep:moduleId>
>         <dep:dependencies>
>             <dep:dependency>
>                 <dep:groupId></dep:groupId>
>                 <dep:artifactId>oracle-jdbc-driver</dep:artifactId>
>                 <dep:version></dep:version>
>                 <dep:type>jar</dep:type>
>             </dep:dependency>
>         </dep:dependencies>
>     </dep:environment>
>     <resourceadapter>
>         <outbound-resourceadapter>
>             <connection-definition>
> <connectionfactory-interface>javax.sql.DataSource</ 
> connectionfactory-interface>
>                 <connectiondefinition-instance>
>                     <name>TestPool</name>
>                     <config-property-setting
> name="Driver">oracle.jdbc.OracleDriver</config-property-setting>
>                     <config-property-setting
> name="Password">test</config-property-setting>
>                     <config-property-setting
> name="UserName">test</config-property-setting>
>                     <config-property-setting
> name="ConnectionURL">jdbc:oracle:thin:@localhost:1521:SID</config- 
> property-setting>
>                     <connectionmanager>
>                         <local-transaction/>
>                         <single-pool>
>                             <max-size>10</max-size>
>                             <min-size>0</min-size>
>                             <match-one/>
>                         </single-pool>
>                     </connectionmanager>
>                 </connectiondefinition-instance>
>             </connection-definition>
>         </outbound-resourceadapter>
>     </resourceadapter>
> </connector>
> djencks wrote:
>> On Feb 11, 2008, at 6:35 AM, Brian Gregory wrote:
>>> 1. Misconception on my part, what library is used for connection
>>> pooling?
>>> (Where is this is the docs?)
>> Dunno about docs.  The basic implementation is in
>> geronimo-connector
>>   and the gbean wrappers and deployment code are in
>> connector
>>> 2. Proxy session is another name for changing the user credentials
>>> on an
>>> oracle connection. OracleConnection.openProxySession()
>>> 3. I'm not familiar with tranql. Can you point me to the
>>> documentation?
>> Again, no docs I know of.
>> especially vendors/oracle/trunk
>> I think what you want to do is override
>> AbstractXADataSourceMCF.matchManagedConnections in the oracle
>> subclass so if there is no match on connections with their existing
>> credentials it calls openProxySession on one of the connections to
>> switch users.  If openProxySession is very lightweight then just
>> calling it without a search would be reasonable.
>> Out of curiousity, how are you supplying the correct user to the
>> connector?  Application managed security (datasource.getConnection
>> (user, password) or container managed security (using the identity of
>> the logged in user as tracked by the app server, possibly mapped with
>> an appropriate login module)?
>> Hope this helps and let us know if you run into problems or  
>> succeed :-)
>> thanks
>> david jencks
> -- 
> View this message in context: 
> w--built-in-dbcp-%2B-openjpa-tp15404731s134p15425716.html
> Sent from the Apache Geronimo - Users mailing list archive at  

View raw message