You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ojb-user@db.apache.org by Chris Halverson <cd...@halverson.org> on 2003/06/10 16:57:04 UTC
Multiple users, Connection Pool (related to FAQ)
OK, I see this question in the FAQ, so I've done some research, so
don't jump on me too badly :)
Basically, I need to implement what is in the FAQ, multiple users
connecting to the same database with different
usernames/passwords. The FAQ says:
For it define one jdbc-connection-descriptor , now you can use the
same jcdAlias name with different User/Password . OJB copy the
defined jdbc-connection-descriptor and replace the username and
password with the given User/Password . Keep in mind, when the
connection-pool element enables connection pooling, every user get
its separate pool. See How does OJB handle connection pooling .
The connection pooling part doesn't give much information, or at least
not enough that I'm figuring it out. For example, if I have a base
connection-descriptor as:
<jdbc-connection-descriptor
jcd-alias="oracle"
default-connection="false"
protocol="jdbc"
subprotocol="oracle"
platform="Oracle"
driver="oracle.jdbc.driver.OracleDriver"
jdbc-level="2.0"
dbalias="thin:@host:1521:DB"
username="username"
password="password"
/>
How do I go about making this happen w/ different users? Do I have to
create a new JdbcConnectionDescriptor setting the username and
password? Then how do I get a PB out of this? Some real code would be
helpful.
Sorry if this is obvious, the docs make it sound like it is but I'm
just not getting it. Thanks for any help!
cdh
--
Chris D. Halverson http://www.halverson.org/
Re: Multiple users, Connection Pool (related to FAQ)
Posted by Chris Halverson <cd...@halverson.org>.
"Armin Waibel" <ar...@code-au-lait.de> writes:
> - setup one jdbc-connection-descriptor
>> <jdbc-connection-descriptor
>> jcd-alias="oracle"
>> default-connection="false"
>> protocol="jdbc"
>> subprotocol="oracle"
>> platform="Oracle"
>> driver="oracle.jdbc.driver.OracleDriver"
>> jdbc-level="2.0"
>> dbalias="thin:@host:1521:DB"
>> username=""
>> password=""
>> />
> Say you have user 'guest' and user 'admin'.
> PBKey guestKey = new PBKey("oracle", "guest", "passwd1");
> PBKey adminKey = new PBKey("oracle", "admin", "passwd2");
Thanks for the quick response, here's a potential issue though.
OK, I can do that, no problem. However, I need to create these in an
authorization situation. I'm using SecurityFilter
(http://securityfilter.sf.net/) w/ Struts to do
authorization. SecurityFilter does this as a filter, so I don't have
access to the HttpRequest or anything. What I need to do is store the
resulting PB or PBKey or something useful into the connection manager
(or something). Then I could (I'm guessing) access that anywhere.
So I guess my real question is how and where can I save this
information? Do I need a custom connection manager? Does that even
matter here?
Does that make sense?
> Preconditioned it work for you, could you send me a short explanation
> of this in your own words to integrate in FAQ (maybe this will make
> it easier for the next user ;-)).
I can try :)
cdh
--
Chris D. Halverson http://www.halverson.org/
Re: Multiple users, Connection Pool (related to FAQ)
Posted by Armin Waibel <ar...@code-au-lait.de>.
Hi Chris,
as in the FAQ you have to possibilities:
- setup a jdbc-connection-descriptor for each
user (each with different jcd-alias name). you have
full control of used connection-pool and sequence-manager
- setup one jdbc-connection-descriptor
> <jdbc-connection-descriptor
> jcd-alias="oracle"
> default-connection="false"
> protocol="jdbc"
> subprotocol="oracle"
> platform="Oracle"
> driver="oracle.jdbc.driver.OracleDriver"
> jdbc-level="2.0"
> dbalias="thin:@host:1521:DB"
> username=""
> password=""
> />
Say you have user 'guest' and user 'admin'.
PBKey guestKey = new PBKey("oracle", "guest", "passwd1");
PBKey adminKey = new PBKey("oracle", "admin", "passwd2");
PersistenceBroker broker = PBF.createPersistenceBroker(guestKey);
use adminKey to lookup a PB instance for 'admin'.
This should work.
Preconditioned it work for you, could you send me
a short explanation of this in your own words to
integrate in FAQ (maybe this will make it easier
for the next user ;-)).
regards,
Armin
----- Original Message -----
From: "Chris Halverson" <cd...@halverson.org>
To: <oj...@db.apache.org>
Sent: Tuesday, June 10, 2003 4:57 PM
Subject: Multiple users, Connection Pool (related to FAQ)
> OK, I see this question in the FAQ, so I've done some research, so
> don't jump on me too badly :)
>
> Basically, I need to implement what is in the FAQ, multiple users
> connecting to the same database with different
> usernames/passwords. The FAQ says:
>
> For it define one jdbc-connection-descriptor , now you can use the
> same jcdAlias name with different User/Password . OJB copy the
> defined jdbc-connection-descriptor and replace the username and
> password with the given User/Password . Keep in mind, when the
> connection-pool element enables connection pooling, every user get
> its separate pool. See How does OJB handle connection pooling .
>
> The connection pooling part doesn't give much information, or at least
> not enough that I'm figuring it out. For example, if I have a base
> connection-descriptor as:
>
> <jdbc-connection-descriptor
> jcd-alias="oracle"
> default-connection="false"
> protocol="jdbc"
> subprotocol="oracle"
> platform="Oracle"
> driver="oracle.jdbc.driver.OracleDriver"
> jdbc-level="2.0"
> dbalias="thin:@host:1521:DB"
> username="username"
> password="password"
> />
>
> How do I go about making this happen w/ different users? Do I have to
> create a new JdbcConnectionDescriptor setting the username and
> password? Then how do I get a PB out of this? Some real code would be
> helpful.
>
> Sorry if this is obvious, the docs make it sound like it is but I'm
> just not getting it. Thanks for any help!
>
> cdh
>
> --
> Chris D. Halverson http://www.halverson.org/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ojb-user-unsubscribe@db.apache.org
> For additional commands, e-mail: ojb-user-help@db.apache.org
>
>
>
Re: encryption
Posted by Brian McCallister <mc...@forthillcompany.com>.
On Tuesday, June 10, 2003, at 02:21 PM, David C. Hicks wrote:
>
> I found when doing some encryption work earlier this year that
> Oracle's RAW column type was the right choice in order to store the
> data after encryption. You also have to make sure that you provide
> enough space for any padding bytes that your encryption algorithm may
> add to the data.
>
I have base64 encoded encrypted data and plugged it into a TEXT for
storage before, works nicely, and is friendly to deal with if you need
to access it manually later. I haven't played with Oracle doing this,
but we do it right now in Postgres and I cannot imagine it would be
terribly different.
Doing it in a Field Conversion makes sense to me as that is exactly
what it is - it just involves some data munging in addition to typical
Database -> JDBC -> Java Object conversions.
If you need to maintain the ability to change keys/algorithms et, wrap
the algorithm in a Strategy object dynamically loaded via reflection
(OJB has lots of examples of this) and put the key in a properties
object. It will take 15 more lines of code, but is infinitely more
flexible.
-Brian
Re: encryption
Posted by "David C. Hicks" <dh...@i-hicks.org>.
I would tend to agree with this. It is highly unlikely that you'll
change algorithms once your application is deployed. It certainly
doesn't make much sense to mix algorithms unless you're seriously
paranoid. Using a FieldConversion object also keeps your application
developer (you may be the same person) from having to do the encryption
work. One possible drawback is that you may want to use different
encryption keys for different fields. Using a FieldConversion would
make that more difficult. Just something to think about.
I found when doing some encryption work earlier this year that Oracle's
RAW column type was the right choice in order to store the data after
encryption. You also have to make sure that you provide enough space
for any padding bytes that your encryption algorithm may add to the data.
Dave
Conall O'Raghallaigh wrote:
>I would think separate converter classes the various algorithms, but I
>haven't gotten far enough into it to know what makes the most sense.
>
>-Conall
>
>
>
>
>
Re: encryption
Posted by Conall O'Raghallaigh <co...@medicineman.com>.
I would think separate converter classes the various algorithms, but I
haven't gotten far enough into it to know what makes the most sense.
-Conall
----- Original Message -----
From: "Jason McKerr" <mc...@nacse.org>
To: "OJB Users List" <oj...@db.apache.org>
Sent: Tuesday, June 10, 2003 11:01 AM
Subject: Re: encryption
> I haven't tried it in a FieldConversion method. I just use a simple
> encrypt method for certain columns.
>
> Would you create a conversion method for different hashing algo's (i.e.
> one for SHA-1 and one for MD5) or make it a parameter somehow?
>
> Jason
>
>
> On Tue, 2003-06-10 at 10:56, Conall O'Raghallaigh wrote:
> > Hi,
> >
> > I'm using OJB with Oracle and have a requirement to encrypt certain
columns
> > in the database. I was thinking of doing the encryption/decryption work
in a
> > FieldConversion object. Does anyone have any experience/suggestions on
this?
> > Do you think it's a good idea to do this in the FieldConversion, or
should
> > it be kept completely out of the data access layer?
> >
> > Thanks for your help,
> >
> > Conall
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: ojb-user-unsubscribe@db.apache.org
> > For additional commands, e-mail: ojb-user-help@db.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ojb-user-unsubscribe@db.apache.org
> For additional commands, e-mail: ojb-user-help@db.apache.org
Re: encryption
Posted by Jason McKerr <mc...@nacse.org>.
I haven't tried it in a FieldConversion method. I just use a simple
encrypt method for certain columns.
Would you create a conversion method for different hashing algo's (i.e.
one for SHA-1 and one for MD5) or make it a parameter somehow?
Jason
On Tue, 2003-06-10 at 10:56, Conall O'Raghallaigh wrote:
> Hi,
>
> I'm using OJB with Oracle and have a requirement to encrypt certain columns
> in the database. I was thinking of doing the encryption/decryption work in a
> FieldConversion object. Does anyone have any experience/suggestions on this?
> Do you think it's a good idea to do this in the FieldConversion, or should
> it be kept completely out of the data access layer?
>
> Thanks for your help,
>
> Conall
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ojb-user-unsubscribe@db.apache.org
> For additional commands, e-mail: ojb-user-help@db.apache.org
encryption
Posted by Conall O'Raghallaigh <co...@medicineman.com>.
Hi,
I'm using OJB with Oracle and have a requirement to encrypt certain columns
in the database. I was thinking of doing the encryption/decryption work in a
FieldConversion object. Does anyone have any experience/suggestions on this?
Do you think it's a good idea to do this in the FieldConversion, or should
it be kept completely out of the data access layer?
Thanks for your help,
Conall