ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clinton Begin <clinton.be...@gmail.com>
Subject Re: Connecting using User's Credentials
Date Thu, 23 Dec 2004 00:20:19 GMT
Steve, 

Could you test your app server datasource to see if
DataSource.getConnection (username, password) works?

If it does, we'll consider adding openSession(user,pass) or
setUserAuth(user,pass) in one of the APIs.

Afterall, it is a standard part of the JDBC API.  ;-)

Clinton

On Wed, 22 Dec 2004 16:35:21 -0600, stevem@teamics.com
<stevem@teamics.com> wrote:
>  
> This client's security policy requires that all users connect to Oracle
> using individual IDs and passwords.  I get the ID and password from the UI
> then pass them to the client's security JAR that tests if the user can make
> a connection to Oracle using those credentials.  It returns a user object if
> the operation was successful.  I may be able to get away with using the ID
> and password from the iBatis properties file after the user's Oracle ID and
> password have been validated, but the client would prefer that I continue
> using the user's ID and password for all connections.  Somebody mentioned
> using ThreadLocal variables.  If there was some kind of security helper I
> could pass in the credentials to be saved in ThreadLocal variables for use
> by any connections made from that thread.  Otherwise, I could be responsible
> for setting ThreadLocal variables following some naming convention.  A
> security helper class is probably the safer route. 
>  
>  
>  
>  
>  "Larry Meadors" <Larry.Meadors@plumcreek.com> 
> 
> 12/22/2004 02:40 PM 
>  
> Please respond to
>  ibatis-user-java@incubator.apache.org 
>  
>  
> To <ibatis-user-java@incubator.apache.org> 
>  
> cc 
>  
> Subject Re: Connecting using User's Credentials 
>  
>  
>  
>  
>  
> How would we provide the user/password?
>  
>  >>> clinton.begin@gmail.com 12/22/04 11:56 AM >>>
>  I agree too, but some users don't have a choice.
>  
>  It's too bad that getConnection(user,pass) isn't a reliable option...
>  
>  I wonder if we should do it anyway for those who have good drivers?
>  
>  
>  Clinton
>  
>  
>  On Wed, 22 Dec 2004 12:33:45 -0600, Vic Cekvenich <vin@friendvu.com>
>  wrote:
>  > I agree w/ Lary, this is a bad idea.
>  > .V
>  > 
>  > 
>  > Clinton Begin wrote:
>  > 
>  > >We could support DataSource.getConnection(username,password), but I
>  > >wonder how many datasources actually implement that properly?   For
>  > >example:
>  > >
>  > >    sqlMapClient.setAuthentication(username, password);
>  > >
>  > >or maybe...
>  > >
>  > >    sqlMapClient.openSession (username, password);
>  > >
>  > >Remember though, I'd wonder how many datasources actually implement
>  > >the getConnection(user,pass) properly....
>  > >
>  > >Thoughts?
>  > >
>  > >Clinton
>  > >
>  > >
>  > >On Tue, 21 Dec 2004 10:56:05 -0700, Larry Meadors
>  > ><Larry.Meadors@plumcreek.com> wrote:
>  > >
>  > >
>  > >>This can be done, and being the guy who wrote the code to do, I
>  would
>  > >>*strongly* advocate *not* doing it.
>  > >>
>  > >>Essentially, you need to set up a connection pool per user. There is
>  a
>  > >>package to do it in CVS using proxool, but it is not supported.
>  > >>
>  > >>Larry
>  > >>
>  > >>
>  > >>
>  > >>>>>bdruth@gmail.com 12/21/04 8:09 AM >>>
>  > >>>>>
>  > >>>>>
>  > >>Yes, there is a previous example of how to do this, I believe it is
>  on
>  > >>the old SourceForge forum, if I'm not mistaken. I'll go search for
>  the
>  > >>link to the particular thread if I can find it.
>  > >>
>  > >>On Tue, 21 Dec 2004 08:58:18 -0600, stevem@teamics.com
>  > >><stevem@teamics.com> wrote:
>  > >>
>  > >>
>  > >>>I'm using the ibatis DAO framework and SQLMapping to develop a web
>  > >>>application and it is working great.  I used Hibernate on the last
>  > >>>
>  > >>>
>  > >>project,
>  > >>
>  > >>
>  > >>>but the client insisted on having more control over the SQL.
>  > >>>
>  > >>>
>  > >>SQLMapping
>  > >>
>  > >>
>  > >>>takes care of that.  Now the DBA is insisting that each user
>  > >>>
>  > >>>
>  > >>authenticate
>  > >>
>  > >>
>  > >>>with their own Oracle ID and password.  Can I pass in the
>  connection
>  > >>>credentials at run time rather than use what is in the config file?
>  > >>>
>  > >>>
>  > >>>
>  > >>
>  > >>
>  > >
>  > >
>  > >
>  > >
>  > 
>  > 
>  > --
>  > RiA-SoA w/JDNC <http://www.SandraSF.com> forums
>  > - help develop a coomunity
>  > My blog <http://www.sandrasf.com/adminBlog>
>  >
>  
>  
>

Mime
View raw message