ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry Meadors" <Larry.Mead...@plumcreek.com>
Subject Re: Connecting using User's Credentials
Date Thu, 23 Dec 2004 03:57:34 GMT
Hmm, the ThreadUserDataSource could be modified to return a
user-specific connection using this API instead of the thread user. 

That would make it possible to use proxool to turn any driver into a
DataSource that implements this method.

Larry

>>> clinton.begin@gmail.com 12/22/04 5:20 PM >>>
Steve, 

Could you test your app server datasource to see if
DataSource.getConnection (username, password) works?

If it does, we'll consider adding openSession(user,pass) or
setUserAuth(user,pass) in one of the APIs.

Afterall, it is a standard part of the JDBC API.  ;-)

Clinton

On Wed, 22 Dec 2004 16:35:21 -0600, stevem@teamics.com
<stevem@teamics.com> wrote:
>  
> This client's security policy requires that all users connect to
Oracle
> using individual IDs and passwords.  I get the ID and password from
the UI
> then pass them to the client's security JAR that tests if the user can
make
> a connection to Oracle using those credentials.  It returns a user
object if
> the operation was successful.  I may be able to get away with using
the ID
> and password from the iBatis properties file after the user's Oracle
ID and
> password have been validated, but the client would prefer that I
continue
> using the user's ID and password for all connections.  Somebody
mentioned
> using ThreadLocal variables.  If there was some kind of security
helper I
> could pass in the credentials to be saved in ThreadLocal variables for
use
> by any connections made from that thread.  Otherwise, I could be
responsible
> for setting ThreadLocal variables following some naming convention.  A
> security helper class is probably the safer route. 
>  
>  
>  
>  
>  "Larry Meadors" <Larry.Meadors@plumcreek.com> 
> 
> 12/22/2004 02:40 PM 
>  
> Please respond to
>  ibatis-user-java@incubator.apache.org 
>  
>  
> To <ibatis-user-java@incubator.apache.org> 
>  
> cc 
>  
> Subject Re: Connecting using User's Credentials 
>  
>  
>  
>  
>  
> How would we provide the user/password?
>  
>  >>> clinton.begin@gmail.com 12/22/04 11:56 AM >>>
>  I agree too, but some users don't have a choice.
>  
>  It's too bad that getConnection(user,pass) isn't a reliable option...
>  
>  I wonder if we should do it anyway for those who have good drivers?
>  
>  
>  Clinton
>  
>  
>  On Wed, 22 Dec 2004 12:33:45 -0600, Vic Cekvenich <vin@friendvu.com>
>  wrote:
>  > I agree w/ Lary, this is a bad idea.
>  > .V
>  > 
>  > 
>  > Clinton Begin wrote:
>  > 
>  > >We could support DataSource.getConnection(username,password), but
I
>  > >wonder how many datasources actually implement that properly?  
For
>  > >example:
>  > >
>  > >    sqlMapClient.setAuthentication(username, password);
>  > >
>  > >or maybe...
>  > >
>  > >    sqlMapClient.openSession (username, password);
>  > >
>  > >Remember though, I'd wonder how many datasources actually
implement
>  > >the getConnection(user,pass) properly....
>  > >
>  > >Thoughts?
>  > >
>  > >Clinton
>  > >
>  > >
>  > >On Tue, 21 Dec 2004 10:56:05 -0700, Larry Meadors
>  > ><Larry.Meadors@plumcreek.com> wrote:
>  > >
>  > >
>  > >>This can be done, and being the guy who wrote the code to do, I
>  would
>  > >>*strongly* advocate *not* doing it.
>  > >>
>  > >>Essentially, you need to set up a connection pool per user. There
is
>  a
>  > >>package to do it in CVS using proxool, but it is not supported.
>  > >>
>  > >>Larry
>  > >>
>  > >>
>  > >>
>  > >>>>>bdruth@gmail.com 12/21/04 8:09 AM >>>
>  > >>>>>
>  > >>>>>
>  > >>Yes, there is a previous example of how to do this, I believe it
is
>  on
>  > >>the old SourceForge forum, if I'm not mistaken. I'll go search
for
>  the
>  > >>link to the particular thread if I can find it.
>  > >>
>  > >>On Tue, 21 Dec 2004 08:58:18 -0600, stevem@teamics.com
>  > >><stevem@teamics.com> wrote:
>  > >>
>  > >>
>  > >>>I'm using the ibatis DAO framework and SQLMapping to develop a
web
>  > >>>application and it is working great.  I used Hibernate on the
last
>  > >>>
>  > >>>
>  > >>project,
>  > >>
>  > >>
>  > >>>but the client insisted on having more control over the SQL.
>  > >>>
>  > >>>
>  > >>SQLMapping
>  > >>
>  > >>
>  > >>>takes care of that.  Now the DBA is insisting that each user
>  > >>>
>  > >>>
>  > >>authenticate
>  > >>
>  > >>
>  > >>>with their own Oracle ID and password.  Can I pass in the
>  connection
>  > >>>credentials at run time rather than use what is in the config
file?
>  > >>>
>  > >>>
>  > >>>
>  > >>
>  > >>
>  > >
>  > >
>  > >
>  > >
>  > 
>  > 
>  > --
>  > RiA-SoA w/JDNC <http://www.SandraSF.com> forums
>  > - help develop a coomunity
>  > My blog <http://www.sandrasf.com/adminBlog>
>  >
>  
>  
>


Mime
View raw message