You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@commons.apache.org by Andreas Kohlbecker <ko...@web.de> on 2005/11/17 12:06:54 UTC
[DBCP] PerUserPoolDataSource - Problem with changing passwords
(I already posted this question some weeks ago. Unfortunately I forgot
to add the 'reply to' address. Thus i'm trying it again ..)
We are using the DBCP PerUserPoolDataSource as GlobalNamingResource in
tomcat 5.5. Users have the option to change the password by a special
webpage. After a password has been changed, access to the database fails
because the password stored in the connection pool differs now from
the newly chosen password. Requesting a new Connection for this user by
calling the PerUserPoolDataSource.getConnection(String username, String
password) method throws an expected exception:
java.sql.SQLException: Given password did not match password used to
create the PooledConnection.
Thus: The old password is no longer accepted by the database. And using
the new one is denied by the InstanceKeyDataSource. How can this dilemma
be solved? Restarting the ServletContainer every time a user's password
is changed seem not feasible to me.
The only solution I found is to reimplement the PerUserPoolDataSource,
PerUserPoolDataSourceFactory and InstanceKeyObjectFactory in a separate
package and to change the 'getPooledConnectionAndInfo(String username,
String password)' method in such way, that it registers a new pool for a
user if its password has changed:
-----snipp-------
PooledConnectionAndInfo info = null;
try {
info = (PooledConnectionAndInfo)((ObjectPool) pool).borrowObject();
if(!info.getPassword().equals(password)){
// password has changed -> register new pool for this user
try {
key = getPoolKey(username);
registerPool(username, password);
pool = pools.get(key);
} catch (NamingException e) {
throw new SQLNestedException("RegisterPool failed", e);
}
info = (PooledConnectionAndInfo)((ObjectPool)
pool).borrowObject();
}
}
catch (Exception e) {
throw new SQLNestedException(
"Could not retrieve connection info from pool", e);
}
-----snipp-------
Is there another solution? If not, I would suggest updating the next
DBPC release to include an appropriate method to deal with password changes.
Andreas Kohlbecker
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [DBCP] PerUserPoolDataSource - Problem with changing passwords
Posted by Rakesh Patel <ra...@gmail.com>.
Hi,
I think the reason no one answered your post is that your use of DBCP is
very unusual. Generally, you would use DBCP to maintain a pool of
connections where each connection is identical (ie created with the same
username/password) and is NOT an actual application user.
This account is generic and allows access to the db but additional work
is required for authentication and authorisation.
This is how i used DBCP recently:
1. Created a table of usernames/passwords in the db. eg AKohlbecker.
2. Create a DB USER java_app/java_app.
3. Configure DBCP to create a pool of java_app connections.
4. Create a login page and collect username/password from form (eg
AKohlbecker/Cr1cket).
5. Using one of the connections, issue SQL to verify the
username/password provided.
The java_app account doesn't need to have its password changed.
Hope thats clear,
Rakesh
Andreas Kohlbecker wrote:
> Since i did not received any response on my question in this
> mailinglist since 10 days, this posting is now moved to the
> commons-dev@jakarta.apache.org mailinglist !!!
>
>
>
> Andreas Kohlbecker schrieb:
>
>> (I already posted this question some weeks ago. Unfortunately I forgot
>> to add the 'reply to' address. Thus i'm trying it again ..)
>>
>> We are using the DBCP PerUserPoolDataSource as GlobalNamingResource in
>> tomcat 5.5. Users have the option to change the password by a special
>> webpage. After a password has been changed, access to the database fails
>> because the password stored in the connection pool differs now from
>> the newly chosen password. Requesting a new Connection for this user by
>> calling the PerUserPoolDataSource.getConnection(String username, String
>> password) method throws an expected exception:
>>
>> java.sql.SQLException: Given password did not match password used to
>> create the PooledConnection.
>>
>> Thus: The old password is no longer accepted by the database. And using
>> the new one is denied by the InstanceKeyDataSource. How can this dilemma
>> be solved? Restarting the ServletContainer every time a user's password
>> is changed seem not feasible to me.
>>
>> The only solution I found is to reimplement the PerUserPoolDataSource,
>> PerUserPoolDataSourceFactory and InstanceKeyObjectFactory in a separate
>> package and to change the 'getPooledConnectionAndInfo(String username,
>> String password)' method in such way, that it registers a new pool for a
>> user if its password has changed:
>>
>> -----snipp-------
>>
>> PooledConnectionAndInfo info = null;
>> try {
>> info = (PooledConnectionAndInfo)((ObjectPool)
>> pool).borrowObject();
>> if(!info.getPassword().equals(password)){
>> // password has changed -> register new pool for this user
>> try {
>> key = getPoolKey(username);
>> registerPool(username, password);
>> pool = pools.get(key);
>> } catch (NamingException e) {
>> throw new SQLNestedException("RegisterPool failed", e);
>> }
>> info = (PooledConnectionAndInfo)((ObjectPool)
>> pool).borrowObject();
>> }
>> }
>> catch (Exception e) {
>> throw new SQLNestedException(
>> "Could not retrieve connection info from pool", e);
>> }
>>
>> -----snipp-------
>>
>> Is there another solution? If not, I would suggest updating the next
>> DBPC release to include an appropriate method to deal with password
>> changes.
>>
>> Andreas Kohlbecker
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [DBCP] PerUserPoolDataSource - Problem with changing passwords
Posted by Andreas Kohlbecker <ko...@web.de>.
Since i did not received any response on my question in this mailinglist
since 10 days, this posting is now moved to the
commons-dev@jakarta.apache.org mailinglist !!!
Andreas Kohlbecker schrieb:
> (I already posted this question some weeks ago. Unfortunately I forgot
> to add the 'reply to' address. Thus i'm trying it again ..)
>
> We are using the DBCP PerUserPoolDataSource as GlobalNamingResource in
> tomcat 5.5. Users have the option to change the password by a special
> webpage. After a password has been changed, access to the database fails
> because the password stored in the connection pool differs now from
> the newly chosen password. Requesting a new Connection for this user by
> calling the PerUserPoolDataSource.getConnection(String username, String
> password) method throws an expected exception:
>
> java.sql.SQLException: Given password did not match password used to
> create the PooledConnection.
>
> Thus: The old password is no longer accepted by the database. And using
> the new one is denied by the InstanceKeyDataSource. How can this dilemma
> be solved? Restarting the ServletContainer every time a user's password
> is changed seem not feasible to me.
>
> The only solution I found is to reimplement the PerUserPoolDataSource,
> PerUserPoolDataSourceFactory and InstanceKeyObjectFactory in a separate
> package and to change the 'getPooledConnectionAndInfo(String username,
> String password)' method in such way, that it registers a new pool for a
> user if its password has changed:
>
> -----snipp-------
>
> PooledConnectionAndInfo info = null;
> try {
> info = (PooledConnectionAndInfo)((ObjectPool) pool).borrowObject();
> if(!info.getPassword().equals(password)){
> // password has changed -> register new pool for this user
> try {
> key = getPoolKey(username);
> registerPool(username, password);
> pool = pools.get(key);
> } catch (NamingException e) {
> throw new SQLNestedException("RegisterPool failed", e);
> }
> info = (PooledConnectionAndInfo)((ObjectPool)
> pool).borrowObject();
> }
> }
> catch (Exception e) {
> throw new SQLNestedException(
> "Could not retrieve connection info from pool", e);
> }
>
> -----snipp-------
>
> Is there another solution? If not, I would suggest updating the next
> DBPC release to include an appropriate method to deal with password
> changes.
>
> Andreas Kohlbecker
>
>
--
--//---------------------
Andreas Kohlbecker
Driesener Straße 20
10439 Berlin
tel: 049-(0)30-47080966
kohlbecker@web.de
----------------------/--
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org