can we pass OS username while connection Database from Tomcat

[Vijay Kumar <vi...@gmail.com>]

Hi,

Is it possible to pass OS username when making connection to any Database
from Tomcat context.xml?

Thanks,
Vijay G

Re: can we pass OS username while connection Database from Tomcat

[André Warnier <aw...@ice-sa.com>]

Vijay, do not "top post". As you can see below, it makes it difficult to follow the 
conversation.

Vijay Kumar wrote:
> Hi Mark,
> 
> Thanks for your update.
> 
> I should have specify my requirement little more clear to you to understand
> what you are saying.
> 
> I have Oracle Database where my objects are installed and I have also a
> Linux instance where i installed Tomcat.
> I am currently creating connection to the Oracle database from Tomcat using
> 'apps' user as this schema is having all permissions.
> 
> One of my client want to monitor the connections that are created from my
> application. For this i want to pass my Linux user information (userid)
> while creating the connection from my application or in context.xml file.
> 
> Please suggest is it possible or not?
> 
> Regards,
> Vijay G
> 
> On Thu, May 28, 2015 at 1:14 PM, Mark Thomas <ma...@apache.org> wrote:
> 
>> On 28/05/2015 08:26, Vijay Kumar wrote:
>>> Hi,
>>>
>>> Is it possible to pass OS username when making connection to any Database
>>> from Tomcat context.xml?
>> In theory this should be possible if you are using SPNEGO authentication.
>>
>> Testing this to figure out what is required to make it work is on the
>> TODO list. It is likely that some combination of configuration, Tomcat
>> code changes and application changes will be required.
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[André Warnier <aw...@ice-sa.com>]

Vijay Kumar wrote:
> Hi Mark,
> 
> Thanks for your update.
> 
> I should have specify my requirement little more clear to you to understand
> what you are saying.
> 
> I have Oracle Database where my objects are installed and I have also a
> Linux instance where i installed Tomcat.
> I am currently creating connection to the Oracle database from Tomcat using
> 'apps' user as this schema is having all permissions.
> 
> One of my client want to monitor the connections that are created from my
> application. For this i want to pass my Linux user information (userid)
> while creating the connection from my application or in context.xml file.
> 
> Please suggest is it possible or not?
> 

Possible, it certainly is.
But is it the best solution to fulfill your customer's wishes, that is another question.

I believe that you have to think carefully about all the implications, in your application 
as well as on the performance of the system, before rushing to any kind of "solution".

For example, would it not be easier for your application to just write a line to some 
logfile, whenever it accesses the database on behalf of the logged-in user (and read and 
analyse that file later, and provide that information to your customer) ?
If your customer just wants to know who is really using the database and/or how much, that 
would be enough.

If you really want to open the connection to the database under each individual user-id, 
then it means for example that the database has to know each of those user-id's (and keep 
them up-to-date). It also means that different user-id's could have different access 
rights (or none), and that your application would have to take this into account.
And so on..  It is not just the fact of opening the connection.  It may be the whole 
design of your application that would need to change.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[Vijay Kumar <vi...@gmail.com>]

Hi Mark,

Thanks for your update.

I should have specify my requirement little more clear to you to understand
what you are saying.

I have Oracle Database where my objects are installed and I have also a
Linux instance where i installed Tomcat.
I am currently creating connection to the Oracle database from Tomcat using
'apps' user as this schema is having all permissions.

One of my client want to monitor the connections that are created from my
application. For this i want to pass my Linux user information (userid)
while creating the connection from my application or in context.xml file.

Please suggest is it possible or not?

Regards,
Vijay G

On Thu, May 28, 2015 at 1:14 PM, Mark Thomas <ma...@apache.org> wrote:

> On 28/05/2015 08:26, Vijay Kumar wrote:
> > Hi,
> >
> > Is it possible to pass OS username when making connection to any Database
> > from Tomcat context.xml?
>
> In theory this should be possible if you are using SPNEGO authentication.
>
> Testing this to figure out what is required to make it work is on the
> TODO list. It is likely that some combination of configuration, Tomcat
> code changes and application changes will be required.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: can we pass OS username while connection Database from Tomcat

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Vijay,

On 6/1/15 8:47 AM, Vijay Kumar wrote:
> Hi,
> 
> Client want to monitor whether the connection is established from
> my application or their existing applications. Because all these
> are connecting the database from APPS user.
> 
> 1) My Tomcat is installed on a different Linux environment under a
> user, so if i could at least pass this user then Client can able to
> identify that the connection is established from my Application.

What about the most obvious solution to this: simply change the
username you use to connect to Oracle from *this particular*
application? You don't have to detect the OS user and forward it over
to Oracle; just change the <Resource> element to mention whatever
username you want to use.

??!

> 2) By querying the v$session table in Oracle we can get all the
> connection information but we can't identify the connections that
> are created from my application because all the applications are
> connecting database through APPS user.
> 
> We can achieve this by creating a new schema and providing all the
> required permissions to my schema and accessing the database from
> the created schema but is there any option where we can achieve my
> requirement. I found that by providing a attribute called
> 'connectionProperties' in Resource Tag of the context.xml is
> achieved this. But am not seeing any information about the Program
> name after connecting to database. Eg : 
> connectionProperties="v$session.program=dev-cs"

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVbF2sAAoJEBzwKT+lPKRYAzEP/2v//Ky1N4+vzadsqNej9dt/
KvQv+ZnIN2VYmQKJRmGlG/iW/F3sXnn58qwt4VhRBr5OMOBzfM6bPA7+VxksgSG2
PqLeLvqknET1M87LUb2c6cpaGEZUjereM0S+s68e7mwoneYqrBfIJOJMVbJOmsk+
zd73TZ2+fVw6uKLMQSJ2w+9736YKjtFlzE8kV1sQeqfulioJ+rG7v/msZTGJ9Dp4
t1HW6fOvpZHQVU0pHSzmAG3pIIXCunEmfoBL3PTZYkj9uicli3tFdw/iI3JkqA1L
A1hxJ05bEDYimjbI0pA/kbz1Pdtj0aWrEP3Y1/SnTMgP6TOaYSY9Lms+lA5Hza9z
V7HtEzjEkWe0PM3qSI31Ib09e2qn4deeJdEtMCSVoZn7MePmmVZ1KmAhvsgAWQ3D
HuLuZ2rixyPx0MduNjOUJzjCQQ/8D5igwrscuMAUP7FQcDKWumpVoRBAO6OMKeNF
6OZrzqB+RcLl/xNJh0cWXBmFhA0fnLfdkNpKgOcFcjZiJe7IoFZ/llf2lqzlWEyn
tepws4lnbX3qiMlE/oVLHfRZc9KdBnmcO12BmWiPrfFsEIcEjfbL8xGvsOd2tSv3
Cdza7Zg4LTW2/Sh0KKCu7cA6TS/VC/yPr3rHkvGdtmza0PoNXYMHVaSA3R+20TAc
tUSotGCdPP/ZkfXKzX7B
=AffH
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: can we pass OS username while connection Database from Tomcat

[Jeffrey Janner <Je...@PolyDyne.com>]

I believe what you are asking for is already available.  See inline comments below.

> -----Original Message-----
> From: Vijay Kumar [mailto:vijy.gandra@gmail.com]
> Sent: Monday, June 01, 2015 7:48 AM
> To: Tomcat Users List
> Subject: Re: can we pass OS username while connection Database from
> Tomcat
> 
> Hi,
> 
> Client want to monitor whether the connection is established from my
> application or their existing applications. Because all these are
> connecting the database from APPS user.
> 
> 1) My Tomcat is installed on a different Linux environment under a user,
> so
> if i could at least pass this user then Client can able to identify that
> the connection is established from my Application.
> 
> 2) By querying the v$session table in Oracle we can get all the
> connection
> information but we can't identify the connections that are created from
> my
> application because all the applications are connecting database through
> APPS user.
> 

V$SESSION already contains the columns MACHINE and OSUSER and these values should be populated by the Oracle driver.  They are on all my systems.  Should be everything you need to meet your requirement, unless you are running on the same box and same O/S user as your client's legacy programs.


> We can achieve this by creating a new schema and providing all the
> required
> permissions to my schema and accessing the database from the created
> schema
> but is there any option where we can achieve my requirement.
> I found that by providing a attribute called 'connectionProperties' in
> Resource Tag of the context.xml is achieved this. But am not seeing any
> information about the Program name after connecting to database.
> Eg :
> connectionProperties="v$session.program=dev-cs"
 
This is the V$SESSION column PROGRAM, which the Oracle Thin Client does not set automatically.  The Thick client (OCI drivers) will set it for you. I think you can modify your code to set it when creating the connection, but I'm not sure how.

For this use case, Google is your friend.  Or ask on an Oracle/Java forum.

> 
> Thanks,
> Vijay G
> 
> On Fri, May 29, 2015 at 8:48 PM, Jeffrey Janner
> <Jeffrey.Janner@polydyne.com
> > wrote:
> 
> > Please see response below post:
> >
> > > -----Original Message-----
> > > From: Vijay Kumar [mailto:vijy.gandra@gmail.com]
> > > Sent: Thursday, May 28, 2015 7:22 AM
> > > To: Tomcat Users List
> > > Subject: Re: can we pass OS username while connection Database from
> > > Tomcat
> > >
> > > Hi ,
> > >
> > > I am referring User_Id as Linux User_id where we installed Tomcat.
> > >
> > > My Oracle Database don't know about this user_id.
> > >
> > >
> > > Thanks,
> > > Vijay G
> > >
> > Vijay -
> > As another tomcat->oracle integrator, I do have to ask, exactly what
> is it
> > your client is trying to monitor and what tool is he going to use?
> > But first let's clarify the question:
> >         1) Tomcat is running as the O/S user "apps" and your client
> wants
> > to see the connections from O/S user apps?  And why?  This may already
> be
> > available in the database structures.
> > or
> >         2) Tomcat is connecting to the database using the schema name
> > "apps" and the client want to see these connections?  That's already
> > available on the Oracle side.  This depends on what tool the client is
> > using.
> > Or
> >         3) the client wants to see the user names of the application
> users
> > in the monitoring tool?  Depending on this answer and the tool used,
> you
> > are really getting into Oracle programming territory, as there are
> several
> > ways to do this.
> >
> > As for answering the straight-forward question, a quick Google search
> > found several replies, all requiring changes to the application code
> that
> > connects to the database. Actually from what I understand, the Oracle
> > drivers already provide this, at least the latest versions.
> >
> > Jeff
> >
> >
> > > On Thu, May 28, 2015 at 3:20 PM, André Warnier <aw...@ice-sa.com>
> wrote:
> > >
> > > > Vijay Kumar wrote:
> > > >
> > > >> Hi Mark,
> > > >>
> > > >> Please find below my exact requirement.
> > > >>
> > > >> I have Oracle Database where my objects are installed and I have
> also
> > > a
> > > >> Linux instance where i installed Tomcat.
> > > >> I am currently creating connection to the Oracle database from
> Tomcat
> > > >> using
> > > >> 'apps' user as this schema is having all permissions.
> > > >>
> > > >> One of my client want to monitor the connections that are created
> > > from my
> > > >> application. For this i want to pass my Linux user information
> > > (userid)
> > > >> while creating the connection from my application or in
> context.xml
> > > file.
> > > >>
> > > >> Please suggest the approaches? If SPENGO can you redirect me any
> > > doc/post
> > > >> how to achieve this?
> > > >>
> > > >>  Vijay,
> > > > you are repeating yourself (and still top-posting), but you are
> not
> > > > providing the crucial information which would enable someone to
> really
> > > help
> > > > you.
> > > > For example, what "Linux user information (userid)" are you
> talking
> > > about ?
> > > >
> > > > Is it the Linux user-id under which Tomcat is running ?
> > > > That would probably be "tomcat", so that is probably not going to
> help
> > > you
> > > > fulfill your customer's wishes.
> > > >
> > > > Is it the user-id of the /user/ of your Tomcat application ?
> > > > In that case, how does Tomcat know this user-id ? Do the users
> login
> > > into
> > > > your application ? How ? What is the user authentication mechanism
> > > being
> > > > used, now, at the Tomcat level ?
> > > >
> > > > Does the Oracle database also know this user-id ? How ?
> > > >
> > > > What does "One of my client want to monitor the connections" mean,
> > > exactly
> > > > ? what does the customer want to know, and when ? Is this customer
> the
> > > only
> > > > user/manager of the Oracle database, or are there multiple
> > > users/managers
> > > > of the Oracle database ?
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------------------
> ---
> > > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > > For additional commands, e-mail: users-help@tomcat.apache.org
> > > >
> > > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[Vijay Kumar <vi...@gmail.com>]

Hi,

Client want to monitor whether the connection is established from my
application or their existing applications. Because all these are
connecting the database from APPS user.

1) My Tomcat is installed on a different Linux environment under a user, so
if i could at least pass this user then Client can able to identify that
the connection is established from my Application.

2) By querying the v$session table in Oracle we can get all the connection
information but we can't identify the connections that are created from my
application because all the applications are connecting database through
APPS user.

We can achieve this by creating a new schema and providing all the required
permissions to my schema and accessing the database from the created schema
but is there any option where we can achieve my requirement.
I found that by providing a attribute called 'connectionProperties' in
Resource Tag of the context.xml is achieved this. But am not seeing any
information about the Program name after connecting to database.
Eg :
connectionProperties="v$session.program=dev-cs"

Thanks,
Vijay G

On Fri, May 29, 2015 at 8:48 PM, Jeffrey Janner <Jeffrey.Janner@polydyne.com
> wrote:

> Please see response below post:
>
> > -----Original Message-----
> > From: Vijay Kumar [mailto:vijy.gandra@gmail.com]
> > Sent: Thursday, May 28, 2015 7:22 AM
> > To: Tomcat Users List
> > Subject: Re: can we pass OS username while connection Database from
> > Tomcat
> >
> > Hi ,
> >
> > I am referring User_Id as Linux User_id where we installed Tomcat.
> >
> > My Oracle Database don't know about this user_id.
> >
> >
> > Thanks,
> > Vijay G
> >
> Vijay -
> As another tomcat->oracle integrator, I do have to ask, exactly what is it
> your client is trying to monitor and what tool is he going to use?
> But first let's clarify the question:
>         1) Tomcat is running as the O/S user "apps" and your client wants
> to see the connections from O/S user apps?  And why?  This may already be
> available in the database structures.
> or
>         2) Tomcat is connecting to the database using the schema name
> "apps" and the client want to see these connections?  That's already
> available on the Oracle side.  This depends on what tool the client is
> using.
> Or
>         3) the client wants to see the user names of the application users
> in the monitoring tool?  Depending on this answer and the tool used, you
> are really getting into Oracle programming territory, as there are several
> ways to do this.
>
> As for answering the straight-forward question, a quick Google search
> found several replies, all requiring changes to the application code that
> connects to the database. Actually from what I understand, the Oracle
> drivers already provide this, at least the latest versions.
>
> Jeff
>
>
> > On Thu, May 28, 2015 at 3:20 PM, André Warnier <aw...@ice-sa.com> wrote:
> >
> > > Vijay Kumar wrote:
> > >
> > >> Hi Mark,
> > >>
> > >> Please find below my exact requirement.
> > >>
> > >> I have Oracle Database where my objects are installed and I have also
> > a
> > >> Linux instance where i installed Tomcat.
> > >> I am currently creating connection to the Oracle database from Tomcat
> > >> using
> > >> 'apps' user as this schema is having all permissions.
> > >>
> > >> One of my client want to monitor the connections that are created
> > from my
> > >> application. For this i want to pass my Linux user information
> > (userid)
> > >> while creating the connection from my application or in context.xml
> > file.
> > >>
> > >> Please suggest the approaches? If SPENGO can you redirect me any
> > doc/post
> > >> how to achieve this?
> > >>
> > >>  Vijay,
> > > you are repeating yourself (and still top-posting), but you are not
> > > providing the crucial information which would enable someone to really
> > help
> > > you.
> > > For example, what "Linux user information (userid)" are you talking
> > about ?
> > >
> > > Is it the Linux user-id under which Tomcat is running ?
> > > That would probably be "tomcat", so that is probably not going to help
> > you
> > > fulfill your customer's wishes.
> > >
> > > Is it the user-id of the /user/ of your Tomcat application ?
> > > In that case, how does Tomcat know this user-id ? Do the users login
> > into
> > > your application ? How ? What is the user authentication mechanism
> > being
> > > used, now, at the Tomcat level ?
> > >
> > > Does the Oracle database also know this user-id ? How ?
> > >
> > > What does "One of my client want to monitor the connections" mean,
> > exactly
> > > ? what does the customer want to know, and when ? Is this customer the
> > only
> > > user/manager of the Oracle database, or are there multiple
> > users/managers
> > > of the Oracle database ?
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

RE: can we pass OS username while connection Database from Tomcat

[Jeffrey Janner <Je...@PolyDyne.com>]

Please see response below post:

> -----Original Message-----
> From: Vijay Kumar [mailto:vijy.gandra@gmail.com]
> Sent: Thursday, May 28, 2015 7:22 AM
> To: Tomcat Users List
> Subject: Re: can we pass OS username while connection Database from
> Tomcat
> 
> Hi ,
> 
> I am referring User_Id as Linux User_id where we installed Tomcat.
> 
> My Oracle Database don't know about this user_id.
> 
> 
> Thanks,
> Vijay G
> 
Vijay -
As another tomcat->oracle integrator, I do have to ask, exactly what is it your client is trying to monitor and what tool is he going to use?
But first let's clarify the question:
	1) Tomcat is running as the O/S user "apps" and your client wants to see the connections from O/S user apps?  And why?  This may already be available in the database structures.
or
	2) Tomcat is connecting to the database using the schema name "apps" and the client want to see these connections?  That's already available on the Oracle side.  This depends on what tool the client is using.
Or
	3) the client wants to see the user names of the application users in the monitoring tool?  Depending on this answer and the tool used, you are really getting into Oracle programming territory, as there are several ways to do this. 

As for answering the straight-forward question, a quick Google search found several replies, all requiring changes to the application code that connects to the database. Actually from what I understand, the Oracle drivers already provide this, at least the latest versions.

Jeff


> On Thu, May 28, 2015 at 3:20 PM, André Warnier <aw...@ice-sa.com> wrote:
> 
> > Vijay Kumar wrote:
> >
> >> Hi Mark,
> >>
> >> Please find below my exact requirement.
> >>
> >> I have Oracle Database where my objects are installed and I have also
> a
> >> Linux instance where i installed Tomcat.
> >> I am currently creating connection to the Oracle database from Tomcat
> >> using
> >> 'apps' user as this schema is having all permissions.
> >>
> >> One of my client want to monitor the connections that are created
> from my
> >> application. For this i want to pass my Linux user information
> (userid)
> >> while creating the connection from my application or in context.xml
> file.
> >>
> >> Please suggest the approaches? If SPENGO can you redirect me any
> doc/post
> >> how to achieve this?
> >>
> >>  Vijay,
> > you are repeating yourself (and still top-posting), but you are not
> > providing the crucial information which would enable someone to really
> help
> > you.
> > For example, what "Linux user information (userid)" are you talking
> about ?
> >
> > Is it the Linux user-id under which Tomcat is running ?
> > That would probably be "tomcat", so that is probably not going to help
> you
> > fulfill your customer's wishes.
> >
> > Is it the user-id of the /user/ of your Tomcat application ?
> > In that case, how does Tomcat know this user-id ? Do the users login
> into
> > your application ? How ? What is the user authentication mechanism
> being
> > used, now, at the Tomcat level ?
> >
> > Does the Oracle database also know this user-id ? How ?
> >
> > What does "One of my client want to monitor the connections" mean,
> exactly
> > ? what does the customer want to know, and when ? Is this customer the
> only
> > user/manager of the Oracle database, or are there multiple
> users/managers
> > of the Oracle database ?
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Vijay,

On 5/28/15 8:21 AM, Vijay Kumar wrote:
> I am referring User_Id as Linux User_id where we installed Tomcat.
> 
> My Oracle Database don't know about this user_id.

Have you tried this?

<Context>
   <Resource name="jdbc/db"
	username="${user.name}"
        ...
    />
</Context>

I know that catalina.properties will do system-property expansion, I
think that server.xml will do it, but I'm not sure if context.xml will
do it, too.

Give it a try to see if it works.

- -chris

> On Thu, May 28, 2015 at 3:20 PM, André Warnier <aw...@ice-sa.com>
> wrote:
> 
>> Vijay Kumar wrote:
>> 
>>> Hi Mark,
>>> 
>>> Please find below my exact requirement.
>>> 
>>> I have Oracle Database where my objects are installed and I
>>> have also a Linux instance where i installed Tomcat. I am
>>> currently creating connection to the Oracle database from
>>> Tomcat using 'apps' user as this schema is having all
>>> permissions.
>>> 
>>> One of my client want to monitor the connections that are
>>> created from my application. For this i want to pass my Linux
>>> user information (userid) while creating the connection from my
>>> application or in context.xml file.
>>> 
>>> Please suggest the approaches? If SPENGO can you redirect me
>>> any doc/post how to achieve this?
>>> 
>>> Vijay,
>> you are repeating yourself (and still top-posting), but you are
>> not providing the crucial information which would enable someone
>> to really help you. For example, what "Linux user information
>> (userid)" are you talking about ?
>> 
>> Is it the Linux user-id under which Tomcat is running ? That
>> would probably be "tomcat", so that is probably not going to help
>> you fulfill your customer's wishes.
>> 
>> Is it the user-id of the /user/ of your Tomcat application ? In
>> that case, how does Tomcat know this user-id ? Do the users login
>> into your application ? How ? What is the user authentication
>> mechanism being used, now, at the Tomcat level ?
>> 
>> Does the Oracle database also know this user-id ? How ?
>> 
>> What does "One of my client want to monitor the connections"
>> mean, exactly ? what does the customer want to know, and when ?
>> Is this customer the only user/manager of the Oracle database, or
>> are there multiple users/managers of the Oracle database ?
>> 
>> 
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVZzpqAAoJEBzwKT+lPKRY7NQP/0G6LCGWqKvNrjDFCeYzbYZE
gBiBe/VCgzCbEJAGr8ZS8qImAYobkiz+FcN5EXGXI7+XTZ0aXWG5QnQ6JtRBYScX
BZLKLhxnIaXqGXlXYenwgsQSrDtA2zPm5WqeQbrtkqJ/5jn3U44erZHncTOKGp5E
oBztT2lLCZr6Y2ORKZXISJgsvPSMFJlxMvKRf2mbsk1kui2ReNlhfjSdh4dyaTru
Tz7G5CkvGshaEL+qo3HQRvdhjr6ha3s6SW8VASXEP0Y46xAKjBwvXg0MkqN6fVOw
BP/tUvTiQPSq7chgyLyu+heUAT+FFm3Wro1XEwOLbaiAHqdilccmcSSNnaxKdeLb
JHrcpjVvOQX2pqHYyeOPaAT7uC2z1r/f3kzxwBXSGoIdy3jN23E1ef263PlwCTqr
EdhSritM6Sj3BzOJJqWRkxdkxvwhZFCxElDPO9HgfcPnTEgGX5J9Bj29tIZHyUzB
mZKh7/hI9Q3nezZQtEWreh5urCIYkWWBSf7v6wp4TFx2J6yzmdkgSB87oq8Mh5Aw
CNckVVbQcPiABUiAPnYPDmBna+pZtbZ+CfmLHEioTlxNbrg7lEpdaPK0tiALjQMz
Dy0e68AaiLpdJTLE5YNKDpN+OKdE2NbPTJYKUp/+9fDIdMV/UeGKfUJl6mLbKSaq
3VFn03Usu6pw1N1d1+qV
=Hwdf
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[André Warnier <aw...@ice-sa.com>]

Vijay Kumar wrote:
> Hi ,
> 
> I am referring User_Id as Linux User_id where we installed Tomcat.
> 
> My Oracle Database don't know about this user_id.
> 
> 

We seem to have some communication issue.
But I have sinned a lot in my life, so this will probably count as redemption points.

Another try :

1) read this : http://tomcat.apache.org/lists.html
Paragraph "tomcat-users" --> important --> 6.

2) in Oracle, create the user "tomcat"

3) in your database configuration in server.xml or context.xml, replace "apps" by "tomcat".
And then tell us if this is the answer to your question, or why it is not.



> Thanks,
> Vijay G
> 
> On Thu, May 28, 2015 at 3:20 PM, André Warnier <aw...@ice-sa.com> wrote:
> 
>> Vijay Kumar wrote:
>>
>>> Hi Mark,
>>>
>>> Please find below my exact requirement.
>>>
>>> I have Oracle Database where my objects are installed and I have also a
>>> Linux instance where i installed Tomcat.
>>> I am currently creating connection to the Oracle database from Tomcat
>>> using
>>> 'apps' user as this schema is having all permissions.
>>>
>>> One of my client want to monitor the connections that are created from my
>>> application. For this i want to pass my Linux user information (userid)
>>> while creating the connection from my application or in context.xml file..
>>>
>>> Please suggest the approaches? If SPENGO can you redirect me any doc/post
>>> how to achieve this?
>>>
>>>  Vijay,
>> you are repeating yourself (and still top-posting), but you are not
>> providing the crucial information which would enable someone to really help
>> you.
>> For example, what "Linux user information (userid)" are you talking about ?
>>
>> Is it the Linux user-id under which Tomcat is running ?
>> That would probably be "tomcat", so that is probably not going to help you
>> fulfill your customer's wishes.
>>
>> Is it the user-id of the /user/ of your Tomcat application ?
>> In that case, how does Tomcat know this user-id ? Do the users login into
>> your application ? How ? What is the user authentication mechanism being
>> used, now, at the Tomcat level ?
>>
>> Does the Oracle database also know this user-id ? How ?
>>
>> What does "One of my client want to monitor the connections" mean, exactly
>> ? what does the customer want to know, and when ? Is this customer the only
>> user/manager of the Oracle database, or are there multiple users/managers
>> of the Oracle database ?
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[Vijay Kumar <vi...@gmail.com>]

Hi ,

I am referring User_Id as Linux User_id where we installed Tomcat.

My Oracle Database don't know about this user_id.


Thanks,
Vijay G

On Thu, May 28, 2015 at 3:20 PM, André Warnier <aw...@ice-sa.com> wrote:

> Vijay Kumar wrote:
>
>> Hi Mark,
>>
>> Please find below my exact requirement.
>>
>> I have Oracle Database where my objects are installed and I have also a
>> Linux instance where i installed Tomcat.
>> I am currently creating connection to the Oracle database from Tomcat
>> using
>> 'apps' user as this schema is having all permissions.
>>
>> One of my client want to monitor the connections that are created from my
>> application. For this i want to pass my Linux user information (userid)
>> while creating the connection from my application or in context.xml file.
>>
>> Please suggest the approaches? If SPENGO can you redirect me any doc/post
>> how to achieve this?
>>
>>  Vijay,
> you are repeating yourself (and still top-posting), but you are not
> providing the crucial information which would enable someone to really help
> you.
> For example, what "Linux user information (userid)" are you talking about ?
>
> Is it the Linux user-id under which Tomcat is running ?
> That would probably be "tomcat", so that is probably not going to help you
> fulfill your customer's wishes.
>
> Is it the user-id of the /user/ of your Tomcat application ?
> In that case, how does Tomcat know this user-id ? Do the users login into
> your application ? How ? What is the user authentication mechanism being
> used, now, at the Tomcat level ?
>
> Does the Oracle database also know this user-id ? How ?
>
> What does "One of my client want to monitor the connections" mean, exactly
> ? what does the customer want to know, and when ? Is this customer the only
> user/manager of the Oracle database, or are there multiple users/managers
> of the Oracle database ?
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: can we pass OS username while connection Database from Tomcat

[André Warnier <aw...@ice-sa.com>]

Vijay Kumar wrote:
> Hi Mark,
> 
> Please find below my exact requirement.
> 
> I have Oracle Database where my objects are installed and I have also a
> Linux instance where i installed Tomcat.
> I am currently creating connection to the Oracle database from Tomcat using
> 'apps' user as this schema is having all permissions.
> 
> One of my client want to monitor the connections that are created from my
> application. For this i want to pass my Linux user information (userid)
> while creating the connection from my application or in context.xml file.
> 
> Please suggest the approaches? If SPENGO can you redirect me any doc/post
> how to achieve this?
> 
Vijay,
you are repeating yourself (and still top-posting), but you are not providing the crucial 
information which would enable someone to really help you.
For example, what "Linux user information (userid)" are you talking about ?

Is it the Linux user-id under which Tomcat is running ?
That would probably be "tomcat", so that is probably not going to help you fulfill your 
customer's wishes.

Is it the user-id of the /user/ of your Tomcat application ?
In that case, how does Tomcat know this user-id ? Do the users login into your application 
? How ? What is the user authentication mechanism being used, now, at the Tomcat level ?

Does the Oracle database also know this user-id ? How ?

What does "One of my client want to monitor the connections" mean, exactly ? what does the 
customer want to know, and when ? Is this customer the only user/manager of the Oracle 
database, or are there multiple users/managers of the Oracle database ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[Vijay Kumar <vi...@gmail.com>]

Hi Mark,

Please find below my exact requirement.

I have Oracle Database where my objects are installed and I have also a
Linux instance where i installed Tomcat.
I am currently creating connection to the Oracle database from Tomcat using
'apps' user as this schema is having all permissions.

One of my client want to monitor the connections that are created from my
application. For this i want to pass my Linux user information (userid)
while creating the connection from my application or in context.xml file.

Please suggest the approaches? If SPENGO can you redirect me any doc/post
how to achieve this?

Regards,
Vijay G

On Thu, May 28, 2015 at 2:47 PM, Mark Thomas <ma...@apache.org> wrote:

> On 28/05/2015 09:59, André Warnier wrote:
> > Mark Thomas wrote:
> >> On 28/05/2015 08:26, Vijay Kumar wrote:
> >>> Hi,
> >>>
> >>> Is it possible to pass OS username when making connection to any
> >>> Database
> >>> from Tomcat context.xml?
> >>
> >> In theory this should be possible if you are using SPNEGO
> authentication.
> >>
> >> Testing this to figure out what is required to make it work is on the
> >> TODO list. It is likely that some combination of configuration, Tomcat
> >> code changes and application changes will be required.
> >>
> >
> > I think that the term "OS username" should be carefully defined here,
> > along with the precise circumstances in which this would apply.
>
> Agreed. My definition is "user authenticated via SPNEGO"
>
> > Also, connecting to a database using the user-id kind of defeats any
> > kind of db connection persistence/pooling/sharing at the container level.
>
> You can have per user pools. Depending on the app and the usage pattern
> of the DB there can still be some benefits.
>
> > If this kind of thing is desired anyway, should it then not be done at
> > the application level, where you can retrieve the UserPrincipal anyway ?
>
> There are certainly different approaches available to solve this
> problem. The best approach depends on the actual requirement. I've used
> a range of approaches to this type of problem in the past.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: can we pass OS username while connection Database from Tomcat

[Mark Thomas <ma...@apache.org>]

On 28/05/2015 09:59, André Warnier wrote:
> Mark Thomas wrote:
>> On 28/05/2015 08:26, Vijay Kumar wrote:
>>> Hi,
>>>
>>> Is it possible to pass OS username when making connection to any
>>> Database
>>> from Tomcat context.xml?
>>
>> In theory this should be possible if you are using SPNEGO authentication.
>>
>> Testing this to figure out what is required to make it work is on the
>> TODO list. It is likely that some combination of configuration, Tomcat
>> code changes and application changes will be required.
>>
> 
> I think that the term "OS username" should be carefully defined here,
> along with the precise circumstances in which this would apply.

Agreed. My definition is "user authenticated via SPNEGO"

> Also, connecting to a database using the user-id kind of defeats any
> kind of db connection persistence/pooling/sharing at the container level.

You can have per user pools. Depending on the app and the usage pattern
of the DB there can still be some benefits.

> If this kind of thing is desired anyway, should it then not be done at
> the application level, where you can retrieve the UserPrincipal anyway ?

There are certainly different approaches available to solve this
problem. The best approach depends on the actual requirement. I've used
a range of approaches to this type of problem in the past.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[André Warnier <aw...@ice-sa.com>]

Mark Thomas wrote:
> On 28/05/2015 08:26, Vijay Kumar wrote:
>> Hi,
>>
>> Is it possible to pass OS username when making connection to any Database
>> from Tomcat context.xml?
> 
> In theory this should be possible if you are using SPNEGO authentication.
> 
> Testing this to figure out what is required to make it work is on the
> TODO list. It is likely that some combination of configuration, Tomcat
> code changes and application changes will be required.
> 

I think that the term "OS username" should be carefully defined here, along with the 
precise circumstances in which this would apply.
Also, connecting to a database using the user-id kind of defeats any kind of db connection 
persistence/pooling/sharing at the container level.
If this kind of thing is desired anyway, should it then not be done at the application 
level, where you can retrieve the UserPrincipal anyway ?



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can we pass OS username while connection Database from Tomcat

[Mark Thomas <ma...@apache.org>]

On 28/05/2015 08:26, Vijay Kumar wrote:
> Hi,
> 
> Is it possible to pass OS username when making connection to any Database
> from Tomcat context.xml?

In theory this should be possible if you are using SPNEGO authentication.

Testing this to figure out what is required to make it work is on the
TODO list. It is likely that some combination of configuration, Tomcat
code changes and application changes will be required.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org