You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Brian Gregory <bg...@g-webdesign.com> on 2008/02/11 03:52:23 UTC
proxy session w/ built-in dbcp + openjpa
I'm attempting to use proxy session w/ oracle and the built-in dbcp + openjpa
in geronimo but I'm hung up at the start. I've done this before with c3p0 +
hibernate but c3p0 has a ConnectionCustomizer class that allows you to
register for checkout and checkin events from the connection pool, thus
allowing the proxy user to be modified prior to connections being used.
Unfortunately I can't find a way to do this with dbcp, but I have a few
ideas:
1. Subclass the dbcp PoolingDataSource such that proxy users are set up in
the getConnection() method - Although I would have to define a database pool
w/ that would use the new class (no idea) and setup openjpa to use this
database pool (not sure either)
2. Use c3p0 w/ openjpa instead of the built-in dbcp. Is there a way to
deploy a database pool in geronimo w/ a 3rd party pooling library? Is there
a good way to set up a 3rd party db pool if not?
Any other ideas are appreciated.
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15404731.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
BTW, I had to remove the <parent> tags from all of the pom.xml that depended
upon tranql-parent and the <scm> tags in order for maven to find the correct
maven-rar-plugin. There is definately some repository confusion going on...?
Brian Gregory wrote:
>
> I would have hoped to not have to check out all of the tags and branches,
> but this will work.
> I'll let you know my progress...
>
> Thanks.
>
>
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15468419.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
BTW, I had to remove the <parent> tags from all of the pom.xml that depended
upon tranql-parent and the <scm> tags in order for maven to find the correct
maven-rar-plugin. There is definately some repository confusion going on...?
Brian Gregory wrote:
>
> I would have hoped to not have to check out all of the tags and branches,
> but this will work.
> I'll let you know my progress...
>
> Thanks.
>
>
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15468420.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
I would have hoped to not have to check out all of the tags and branches, but
this will work.
I'll let you know my progress...
Thanks.
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15464800.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by David Jencks <da...@yahoo.com>.
I imagine you have already discovered that due to sun's belief that
backwards compatibility is not relevant for jdbc, you have to compile
on jdk 1.5 or perhaps 1.4. I guess we are missing a compiler switch
somewhere.
I don't understand why you are seeing this problem with the maven-rar-
plugin. I check out all of tranql at https://svn.codehaus.org/
tranql and for development purposes build all the connector stuff
with the pom I'm attaching (which I put at the root).
(ccing directly in case the attachment is removed)
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
Another build problem when trying to build tranql-oracle-connector:
I'm not sure where this is defined - I cleaned out my repository just to
make sure.
BTW, What is the best way to structure what comes out of SVN to make sure it
builds properly? I had to check out all of the trunks separately.
[INFO] Scanning for projects...
[INFO] Reactor build order:
[INFO] TranQL Vendors :: Oracle
[INFO] TranQL Vendors, oracle :: Common
[INFO] TranQL Vendors, oracle :: Local RA
[INFO] TranQL Vendors, oracle :: XA RA
WAGON_VERSION: 1.0-beta-1
[INFO]
------------------------------------------------------------------------
[INFO] Building TranQL Vendors :: Oracle
[INFO] task-segment: [install]
[INFO]
------------------------------------------------------------------------
[INFO] [site:attach-descriptor]
[INFO] [install:install]
[INFO] Installing C:\tranql\tranql-vendor-oracle\pom.xml to
C:\Users\Brian\.m2\repository\org\tranql\tranql-connector-oracle\1.4-SNAPSHOT\tranql-connector-oracle-1.4-SNAPSHOT.pom
[INFO]
------------------------------------------------------------------------
[INFO] Building TranQL Vendors, oracle :: Common
[INFO] task-segment: [install]
[INFO]
------------------------------------------------------------------------
[INFO] [resources:resources]
[INFO] Using default encoding to copy filtered resources.
Downloading:
http://repository.codehaus.org/com/oracle/jdbc/ojdbc14/10.2.0.2/ojdbc14-10.2.0.2.pom
Downloading:
http://dist.codehaus.org/com.oracle.jdbc/poms/ojdbc14-10.2.0.2.pom
Downloading:
http://repo1.maven.org/maven2/com/oracle/jdbc/ojdbc14/10.2.0.2/ojdbc14-10.2.0.2.pom
[INFO] [compiler:compile]
[INFO] Nothing to compile - all classes are up to date
[INFO] [resources:testResources]
[INFO] Using default encoding to copy filtered resources.
[INFO] [compiler:testCompile]
[INFO] No sources to compile
[INFO] [surefire:test]
[INFO] No tests to run.
[INFO] [jar:jar]
[INFO] [install:install]
[INFO] Installing
C:\tranql\tranql-vendor-oracle\tranql-connector-oracle-common\target\tranql-connector-oracle-common-1.4-SNAPSHOT.jar
to
C:\Users\Brian\.m2\repository\org\tranql\tranql-connector-oracle-common\1.4-SNAPSHOT\tranql-connector-oracle-common-1.4-SNAPSHOT.jar
[INFO]
------------------------------------------------------------------------
[INFO] Building TranQL Vendors, oracle :: Local RA
[INFO] task-segment: [install]
[INFO]
------------------------------------------------------------------------
Downloading:
http://snapshots.repository.codehaus.org/org/apache/maven/plugins/maven-rar-plugin/2.2-SNAPSHOT/maven-rar-plugin-2.2-SNAPSHOT.pom
Downloading:
http://snapshots.repository.codehaus.org/org/apache/maven/plugins/maven-rar-plugin/2.2-SNAPSHOT/maven-rar-plugin-2.2-SNAPSHOT.pom
Downloading:
http://dist.codehaus.org/org.apache.maven.plugins/poms/maven-rar-plugin-2.2-SNAPSHOT.pom
[INFO]
------------------------------------------------------------------------
[ERROR] BUILD ERROR
[INFO]
------------------------------------------------------------------------
[INFO] Error building POM (may not be this project's POM).
Project ID: org.apache.maven.plugins:maven-rar-plugin
Reason: POM 'org.apache.maven.plugins:maven-rar-plugin' not found in
repository: Unable to download the artifact from any repository
org.apache.maven.plugins:maven-rar-plugin:pom:2.2-SNAPSHOT
from the specified remote repositories:
codehaus-m1 (http://dist.codehaus.org),
codehaus (http://repository.codehaus.org),
codehaus-snapshots (http://snapshots.repository.codehaus.org),
central (http://repo1.maven.org/maven2)
for project org.apache.maven.plugins:maven-rar-plugin
[INFO]
------------------------------------------------------------------------
[INFO] For more information, run Maven with the -e switch
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 6 seconds
[INFO] Finished at: Wed Feb 13 10:45:09 EST 2008
[INFO] Final Memory: 11M/21M
[INFO]
------------------------------------------------------------------------
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15459644.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
When attempting to build the latest tranql-connector from SVN:
(I'm using 1.6, could this be a problem? - I will be looking into it
further, but I wanted to let you know. BTW, is there a tranql specific forum
that we might continue this in? - or perhaps a new topic?)
[INFO] Scanning for projects...
WAGON_VERSION: 1.0-beta-2
[INFO]
------------------------------------------------------------------------
[INFO] Building TranQL :: Connector
[INFO] task-segment: [install]
[INFO]
------------------------------------------------------------------------
[INFO] Setting property: classpath.resource.loader.class =>
'org.codehaus.plexus.velocity.ContextClassLoaderResourceLoader'.
[INFO] Setting property: velocimacro.messages.on => 'false'.
[INFO] Setting property: resource.loader => 'classpath'.
[INFO] Setting property: resource.manager.logwhenfound => 'false'.
[INFO] [remote-resources:process {execution: default}]
[INFO] [resources:resources]
[INFO] Using default encoding to copy filtered resources.
[INFO] [compiler:compile]
[INFO] Compiling 18 source files to
C:\tranql\tranql-connector\target\classes
[INFO]
------------------------------------------------------------------------
[ERROR] BUILD FAILURE
[INFO]
------------------------------------------------------------------------
[INFO] Compilation failure
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\ResultSetHandle.java:[43,7]
org.tranql.connector.jdbc.ResultSetHandle is not abstract and does not
override abstract method updateNClob(java.lang.String,java.io.Reader) in
java.sql.ResultSet
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\StatementHandle.java:[30,7]
org.tranql.connector.jdbc.StatementHandle is not abstract and does not
override abstract method isPoolable() in java.sql.Statement
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\ConnectionHandle.java:[43,7]
org.tranql.connector.jdbc.ConnectionHandle is not abstract and does not
override abstract method createStruct(java.lang.String,java.lang.Object[])
in java.sql.Connection
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\ConnectionWrapper.java:[44,7]
org.tranql.connector.jdbc.ConnectionWrapper is not abstract and does not
override abstract method createStruct(java.lang.String,java.lang.Object[])
in java.sql.Connection
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\PreparedStatementWrapper.java:[30,7]
org.tranql.connector.jdbc.PreparedStatementWrapper is not abstract and does
not override abstract method setNClob(int,java.io.Reader) in
java.sql.PreparedStatement
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\PreparedStatementHandle.java:[42,7]
org.tranql.connector.jdbc.PreparedStatementHandle is not abstract and does
not override abstract method setNClob(int,java.io.Reader) in
java.sql.PreparedStatement
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\CallableStatementHandle.java:[40,7]
org.tranql.connector.jdbc.CallableStatementHandle is not abstract and does
not override abstract method setNClob(java.lang.String,java.io.Reader) in
java.sql.CallableStatement
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\DatabaseMetaDataHandle.java:[31,7]
org.tranql.connector.jdbc.DatabaseMetaDataHandle is not abstract and does
not override abstract method
getFunctionColumns(java.lang.String,java.lang.String,java.lang.String,java.lang.String)
in java.sql.DatabaseMetaData
C:\tranql\tranql-connector\src\main\java\org\tranql\connector\jdbc\DataSource.java:[40,7]
org.tranql.connector.jdbc.DataSource is not abstract and does not override
abstract method isWrapperFor(java.lang.Class) in java.sql.Wrapper
[INFO]
------------------------------------------------------------------------
[INFO] For more information, run Maven with the -e switch
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 5 seconds
[INFO] Finished at: Wed Feb 13 10:39:50 EST 2008
[INFO] Final Memory: 13M/23M
[INFO]
------------------------------------------------------------------------
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15459612.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by David Jencks <da...@yahoo.com>.
On Feb 12, 2008, at 12:35 PM, Brian Gregory wrote:
>
> Ok, this might clear things up a bit:
yup:-)
>
> // This needs to happen when a connection is pulled from the pool
> // and before the connection is used.
> // The "<username>" could be pulled from the GeronimoUserPrincipal()
> // in the current session (?) if available
>
> java.util.Properties prop = new java.util.Properties();
> prop.put(OracleConnection.PROXY_USER_NAME, "<username>");
> ((OracleConnection)conn).openProxySession
> (OracleConnection.PROXYTYPE_USER_NAME,
> prop);
>
> // This nees to happen when a connection is returned to the pool
>
> ((OracleConnection)conn).close(OracleConnection.PROXY_SESSION);
>
> And that's pretty much it. The LoginModule for the security realm
> is pretty
> much a standard JDBC Realm (with a little code to calculate Oracle
> password
> hashes) that populates the GeronimoUserPrincipal() and
> GeronimoGroupPrincipal(). The "proxy" part is just a way to let
> oracle know
> who the "real" user is for the audit trail and any user-bound security
> policies.
So....
every oracle connection will be created using a fixed user/pw
combination you configure somewhere, and in addition the actual
user's username will be used to set up the proxy session?
I looked into this a bit more and don't think there's a way to write
a app server independent connector that can deal with this. I think
what you can do is:
leave your login module setup alone
specify container-manage-security in your connector plan
modify the tranql oracle wrapper so that in the MCFs:
add a method to set up the oracle proxy session given the Subject
(from which you extract the GeronimoUserPrincipal) and the physical
connection
you override:
createManagedConnection
by copying the superclass code and calling the openProxySession
method after getting the physical connection and creating your own
ManagedConnection implementation (see below)
and
matchManagedConnections
by calling super and then calling the openProxySession method.
(the base methods are in AbstractLocalDataSourceMCF and
AbstractXADataSourceMCF)
You also need to override the ManagedConnection implementations so
that the cleanup() method can end the oracle proxy session.
Hope this is enough of a hint.... feel free to ask for more info.
Maybe we'd could add a tranql login module that set up an oracle
specific principal to transfer the user name? Then we could include
this work in tranql and it wouldn't really be tied to geronimo.
thanks
david jencks
>
> Note from before: RARs ah. That's a new one for me. Learning curves
> are a
> bitch sometimes. And I'm still trying to catch up with learning
> maven (and
> the 6 million things it does). As you can probably tell, geronimo is a
> pretty new beast to me too.
>
> No problem about the help, I've got to work through it anyway.
>
>
> --
> View this message in context: http://www.nabble.com/proxy-session-
> w--built-in-dbcp-%2B-openjpa-tp15404731s134p15442349.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
Ok, this might clear things up a bit:
// This needs to happen when a connection is pulled from the pool
// and before the connection is used.
// The "<username>" could be pulled from the GeronimoUserPrincipal()
// in the current session (?) if available
java.util.Properties prop = new java.util.Properties();
prop.put(OracleConnection.PROXY_USER_NAME, "<username>");
((OracleConnection)conn).openProxySession(OracleConnection.PROXYTYPE_USER_NAME,
prop);
// This nees to happen when a connection is returned to the pool
((OracleConnection)conn).close(OracleConnection.PROXY_SESSION);
And that's pretty much it. The LoginModule for the security realm is pretty
much a standard JDBC Realm (with a little code to calculate Oracle password
hashes) that populates the GeronimoUserPrincipal() and
GeronimoGroupPrincipal(). The "proxy" part is just a way to let oracle know
who the "real" user is for the audit trail and any user-bound security
policies.
Note from before: RARs ah. That's a new one for me. Learning curves are a
bitch sometimes. And I'm still trying to catch up with learning maven (and
the 6 million things it does). As you can probably tell, geronimo is a
pretty new beast to me too.
No problem about the help, I've got to work through it anyway.
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15442349.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by David Jencks <da...@yahoo.com>.
On Feb 12, 2008, at 11:29 AM, Brian Gregory wrote:
>
>> It's always pleasant to have ones hard work recognized and
>> acknowledged. Of course, documentation contributions for tranql
>> would be welcomed. For some reason the tranql contributors so far
>> have not seemed to feel the lack of documentation to be a serious
>> impediment to their work.
>
> I'm sorry about the offense. My comment was from a position of lack of
> knowledge.
>
no problem. I think its at least as annoying to find badly
documented projects as to have your badly documented project
criticized :-)
>
>> This doesn't exactly answer the question I asked, namely "which
>> method do you use to get the connection" However my guess is that
>> jpa is using ds.getConnection() rather than ds.getConnection
>> (user,pw).
>
> The EntityManager uses my configuration in persistence.xml to get
> connections from a supplied JNDI resource. This resource (for my
> config) is
> a console configured connection pool which has its own connection
> information (JDBC driver, username, and password). Yes, it probably
> uses
> ds.getConnection() at the bottom, but this is inside the OpenJPA code
> somewhere.
ok, clear enough
>
>> This means you want container managed security for your connection
>> pool, an optional j2ca feature that geronimo happens to support.
>> However its not trivial to set up.
>
> I already have a custom LoginModule that will populate the credentials
> (principals) as needed. This is configured and working. Is this
> what you are
> talking about?
no, the j2ca spec makes it a bit more complicated :-)
I could probably give you better advice here if I knew exactly what
information the oracle openProxySession method needs, and where it
comes from (user input? Lookup in an oracle table? Lookup in a flat
file?)
eg.
user supplies user name and password
login module does ???
openProxySession requires ??? derived from previous info by ???
>
>> First you ned a LoginModule that will extract the appropriate
>> credentials (user name and password) from some source such as the
>> CallbackHandler or a map and come up with a PasswordCredential
>> containing this info and the ManagedConnectionFactory you are trying
>> to use. We supply CallerIdentityPasswordCredentialLoginModule which
>> might work for you or you can use it to see what is necessary.
>
>> To deploy this in your security realm you need a
>> PasswordCredentialLoginModuleWrapperGBean which has the normal
>> LoginModuleGBean info plus a reference to the
>> ManagedConnectionFactoryWrapper which is where the MCF comes from.
>
>> Finally in your connector plan you need to specify <container-
>> managed-
>> security/>
>
> I'm sorry but I have no idea what the above description is talking
> about.
> Currenlty I have not used tranql directly for anything and have no
> idea what
> these classes are (well, I can see them in the javadocs) and not
> sure what
> the connector plan is.
>
> I will look up CallerIdentityPasswordCredentialLoginModule and see
> if the
> javadocs will help. The problem is that the geronimo console has
> abstracted
> the details of this library away and I'm only now learning where to
> start.
>
> BTW, The codehause site does not have correct source control access
> information (it still lists CVS) - thanks for the SVN info.
>
>> You will have to edit the appropriate geronimo plans directly as the
>> console wizards do not support these options.
>
> This is fine.
>
>> I was suggesting you modify the tranql oracle managed connection
>> factory classes and assemble your own rars. I don't know if you will
>> need more config-properties in order to use this oracle feature
>> appropriately. In any case you can probably use a plan generated for
>> one of the oracle specific rars as a starting point, but you'll have
>> to deploy the connector directly rather than from the db wizard. A
>> plan for the generic tranql wrapper is not a very useful starting
>> point.
>
> I only started with the console generated delpoyment descriptor
> because I
> had no other reference.
>
> Ok, I was hoping that I didn't have to wade through the code, but I
> will.
Container managed security doesn't seem to be a very popular
feature. I'd love to get support for it into the tranql oracle
wrapper and maybe get an example up somewhere. Your assistance would
be appreciated :-) especially since I don't have oracle running here.
thanks
david jencks
> Thanks for the help.
>
> --
> View this message in context: http://www.nabble.com/proxy-session-
> w--built-in-dbcp-%2B-openjpa-tp15404731s134p15440950.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
> It's always pleasant to have ones hard work recognized and
> acknowledged. Of course, documentation contributions for tranql
> would be welcomed. For some reason the tranql contributors so far
> have not seemed to feel the lack of documentation to be a serious
> impediment to their work.
I'm sorry about the offense. My comment was from a position of lack of
knowledge.
> This doesn't exactly answer the question I asked, namely "which
> method do you use to get the connection" However my guess is that
> jpa is using ds.getConnection() rather than ds.getConnection(user,pw).
The EntityManager uses my configuration in persistence.xml to get
connections from a supplied JNDI resource. This resource (for my config) is
a console configured connection pool which has its own connection
information (JDBC driver, username, and password). Yes, it probably uses
ds.getConnection() at the bottom, but this is inside the OpenJPA code
somewhere.
> This means you want container managed security for your connection
> pool, an optional j2ca feature that geronimo happens to support.
> However its not trivial to set up.
I already have a custom LoginModule that will populate the credentials
(principals) as needed. This is configured and working. Is this what you are
talking about?
> First you ned a LoginModule that will extract the appropriate
> credentials (user name and password) from some source such as the
> CallbackHandler or a map and come up with a PasswordCredential
> containing this info and the ManagedConnectionFactory you are trying
> to use. We supply CallerIdentityPasswordCredentialLoginModule which
> might work for you or you can use it to see what is necessary.
> To deploy this in your security realm you need a
> PasswordCredentialLoginModuleWrapperGBean which has the normal
> LoginModuleGBean info plus a reference to the
> ManagedConnectionFactoryWrapper which is where the MCF comes from.
> Finally in your connector plan you need to specify <container-managed-
> security/>
I'm sorry but I have no idea what the above description is talking about.
Currenlty I have not used tranql directly for anything and have no idea what
these classes are (well, I can see them in the javadocs) and not sure what
the connector plan is.
I will look up CallerIdentityPasswordCredentialLoginModule and see if the
javadocs will help. The problem is that the geronimo console has abstracted
the details of this library away and I'm only now learning where to start.
BTW, The codehause site does not have correct source control access
information (it still lists CVS) - thanks for the SVN info.
> You will have to edit the appropriate geronimo plans directly as the
> console wizards do not support these options.
This is fine.
> I was suggesting you modify the tranql oracle managed connection
> factory classes and assemble your own rars. I don't know if you will
> need more config-properties in order to use this oracle feature
> appropriately. In any case you can probably use a plan generated for
> one of the oracle specific rars as a starting point, but you'll have
> to deploy the connector directly rather than from the db wizard. A
> plan for the generic tranql wrapper is not a very useful starting point.
I only started with the console generated delpoyment descriptor because I
had no other reference.
Ok, I was hoping that I didn't have to wade through the code, but I will.
Thanks for the help.
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15440950.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by David Jencks <da...@yahoo.com>.
On Feb 11, 2008, at 7:09 PM, Brian Gregory wrote:
>
> I've done a little research since the last post and found that tranql
> documentation is pretty much non-existent, not to mention the
> project looks
> mostly dead.
It's always pleasant to have ones hard work recognized and
acknowledged. Of course, documentation contributions for tranql
would be welcomed. For some reason the tranql contributors so far
have not seemed to feel the lack of documentation to be a serious
impediment to their work.
There are two parts to tranql, the j2ca connectors which get improved
periodically, mostly by people supplying database-specific extensions
such as support for the feature you are interested in, and the
persistence engine which is not currently under active development:
its last use was in the openejb2 CMP engine.
>
> Anyway, I have a custom LoginModule that with do the front-line
> authentication straight from Oracle users and populate the
> principals as
> needed. I also have JPA code working from a console defined
> database pool,
> but was just looking for that one piece that would allow me to to
> the proxy.
This doesn't exactly answer the question I asked, namely "which
method do you use to get the connection" However my guess is that
jpa is using ds.getConnection() rather than ds.getConnection(user,pw).
This means you want container managed security for your connection
pool, an optional j2ca feature that geronimo happens to support.
However its not trivial to set up.
First you ned a LoginModule that will extract the appropriate
credentials (user name and password) from some source such as the
CallbackHandler or a map and come up with a PasswordCredential
containing this info and the ManagedConnectionFactory you are trying
to use. We supply CallerIdentityPasswordCredentialLoginModule which
might work for you or you can use it to see what is necessary.
To deploy this in your security realm you need a
PasswordCredentialLoginModuleWrapperGBean which has the normal
LoginModuleGBean info plus a reference to the
ManagedConnectionFactoryWrapper which is where the MCF comes from.
Finally in your connector plan you need to specify <container-managed-
security/>
You will have to edit the appropriate geronimo plans directly as the
console wizards do not support these options.
>
> I think I understand what you're suggesting but how do I get
> geronimo to use
> the new class instead of the default? I used the console database pool
> configuration and it doesn't contain any class references besides
> the jdbc
> driver.
I was suggesting you modify the tranql oracle managed connection
factory classes and assemble your own rars. I don't know if you will
need more config-properties in order to use this oracle feature
appropriately. In any case you can probably use a plan generated for
one of the oracle specific rars as a starting point, but you'll have
to deploy the connector directly rather than from the db wizard. A
plan for the generic tranql wrapper is not a very useful starting point.
thanks
david jencks
>
> The console doesn't seem to generate a working deployment descriptor:
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/
> connector-1.2">
> <dep:environment
> xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
> <dep:moduleId>
> <dep:groupId>console.dbpool</dep:groupId>
> <dep:artifactId>TestPool</dep:artifactId>
> <dep:version>1.0</dep:version>
> <dep:type>rar</dep:type>
> </dep:moduleId>
> <dep:dependencies>
> <dep:dependency>
> <dep:groupId>com.oracle</dep:groupId>
> <dep:artifactId>oracle-jdbc-driver</dep:artifactId>
> <dep:version>10.2.0.1.0XE</dep:version>
> <dep:type>jar</dep:type>
> </dep:dependency>
> </dep:dependencies>
> </dep:environment>
> <resourceadapter>
> <outbound-resourceadapter>
> <connection-definition>
>
> <connectionfactory-interface>javax.sql.DataSource</
> connectionfactory-interface>
> <connectiondefinition-instance>
> <name>TestPool</name>
> <config-property-setting
> name="Driver">oracle.jdbc.OracleDriver</config-property-setting>
> <config-property-setting
> name="Password">test</config-property-setting>
> <config-property-setting
> name="UserName">test</config-property-setting>
> <config-property-setting
> name="ConnectionURL">jdbc:oracle:thin:@localhost:1521:SID</config-
> property-setting>
> <connectionmanager>
> <local-transaction/>
> <single-pool>
> <max-size>10</max-size>
> <min-size>0</min-size>
> <match-one/>
> </single-pool>
> </connectionmanager>
> </connectiondefinition-instance>
> </connection-definition>
> </outbound-resourceadapter>
> </resourceadapter>
> </connector>
>
>
>
>
> djencks wrote:
>>
>>
>> On Feb 11, 2008, at 6:35 AM, Brian Gregory wrote:
>>
>>>
>>> 1. Misconception on my part, what library is used for connection
>>> pooling?
>>> (Where is this is the docs?)
>>
>> Dunno about docs. The basic implementation is in
>>
>> https://svn.apache.org/repos/asf/geronimo/components/txmanager/trunk/
>> geronimo-connector
>>
>> and the gbean wrappers and deployment code are in
>>
>> https://svn.apache.org/repos/asf/geronimo/server/trunk/plugins/
>> connector
>>
>>> 2. Proxy session is another name for changing the user credentials
>>> on an
>>> oracle connection. OracleConnection.openProxySession()
>>> 3. I'm not familiar with tranql. Can you point me to the
>>> documentation?
>>
>> Again, no docs I know of.
>>
>> https://svn.codehaus.org/tranql
>>
>> especially vendors/oracle/trunk
>>
>> I think what you want to do is override
>> AbstractXADataSourceMCF.matchManagedConnections in the oracle
>> subclass so if there is no match on connections with their existing
>> credentials it calls openProxySession on one of the connections to
>> switch users. If openProxySession is very lightweight then just
>> calling it without a search would be reasonable.
>>
>> Out of curiousity, how are you supplying the correct user to the
>> connector? Application managed security (datasource.getConnection
>> (user, password) or container managed security (using the identity of
>> the logged in user as tracked by the app server, possibly mapped with
>> an appropriate login module)?
>>
>> Hope this helps and let us know if you run into problems or
>> succeed :-)
>>
>> thanks
>> david jencks
>>
>>
>
> --
> View this message in context: http://www.nabble.com/proxy-session-
> w--built-in-dbcp-%2B-openjpa-tp15404731s134p15425716.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
I've done a little research since the last post and found that tranql
documentation is pretty much non-existent, not to mention the project looks
mostly dead.
Anyway, I have a custom LoginModule that with do the front-line
authentication straight from Oracle users and populate the principals as
needed. I also have JPA code working from a console defined database pool,
but was just looking for that one piece that would allow me to to the proxy.
I think I understand what you're suggesting but how do I get geronimo to use
the new class instead of the default? I used the console database pool
configuration and it doesn't contain any class references besides the jdbc
driver.
The console doesn't seem to generate a working deployment descriptor:
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
<dep:environment
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
<dep:moduleId>
<dep:groupId>console.dbpool</dep:groupId>
<dep:artifactId>TestPool</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>rar</dep:type>
</dep:moduleId>
<dep:dependencies>
<dep:dependency>
<dep:groupId>com.oracle</dep:groupId>
<dep:artifactId>oracle-jdbc-driver</dep:artifactId>
<dep:version>10.2.0.1.0XE</dep:version>
<dep:type>jar</dep:type>
</dep:dependency>
</dep:dependencies>
</dep:environment>
<resourceadapter>
<outbound-resourceadapter>
<connection-definition>
<connectionfactory-interface>javax.sql.DataSource</connectionfactory-interface>
<connectiondefinition-instance>
<name>TestPool</name>
<config-property-setting
name="Driver">oracle.jdbc.OracleDriver</config-property-setting>
<config-property-setting
name="Password">test</config-property-setting>
<config-property-setting
name="UserName">test</config-property-setting>
<config-property-setting
name="ConnectionURL">jdbc:oracle:thin:@localhost:1521:SID</config-property-setting>
<connectionmanager>
<local-transaction/>
<single-pool>
<max-size>10</max-size>
<min-size>0</min-size>
<match-one/>
</single-pool>
</connectionmanager>
</connectiondefinition-instance>
</connection-definition>
</outbound-resourceadapter>
</resourceadapter>
</connector>
djencks wrote:
>
>
> On Feb 11, 2008, at 6:35 AM, Brian Gregory wrote:
>
>>
>> 1. Misconception on my part, what library is used for connection
>> pooling?
>> (Where is this is the docs?)
>
> Dunno about docs. The basic implementation is in
>
> https://svn.apache.org/repos/asf/geronimo/components/txmanager/trunk/
> geronimo-connector
>
> and the gbean wrappers and deployment code are in
>
> https://svn.apache.org/repos/asf/geronimo/server/trunk/plugins/connector
>
>> 2. Proxy session is another name for changing the user credentials
>> on an
>> oracle connection. OracleConnection.openProxySession()
>> 3. I'm not familiar with tranql. Can you point me to the
>> documentation?
>
> Again, no docs I know of.
>
> https://svn.codehaus.org/tranql
>
> especially vendors/oracle/trunk
>
> I think what you want to do is override
> AbstractXADataSourceMCF.matchManagedConnections in the oracle
> subclass so if there is no match on connections with their existing
> credentials it calls openProxySession on one of the connections to
> switch users. If openProxySession is very lightweight then just
> calling it without a search would be reasonable.
>
> Out of curiousity, how are you supplying the correct user to the
> connector? Application managed security (datasource.getConnection
> (user, password) or container managed security (using the identity of
> the logged in user as tracked by the app server, possibly mapped with
> an appropriate login module)?
>
> Hope this helps and let us know if you run into problems or succeed :-)
>
> thanks
> david jencks
>
>
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15425716.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by David Jencks <da...@yahoo.com>.
On Feb 11, 2008, at 6:35 AM, Brian Gregory wrote:
>
> 1. Misconception on my part, what library is used for connection
> pooling?
> (Where is this is the docs?)
Dunno about docs. The basic implementation is in
https://svn.apache.org/repos/asf/geronimo/components/txmanager/trunk/
geronimo-connector
and the gbean wrappers and deployment code are in
https://svn.apache.org/repos/asf/geronimo/server/trunk/plugins/connector
> 2. Proxy session is another name for changing the user credentials
> on an
> oracle connection. OracleConnection.openProxySession()
> 3. I'm not familiar with tranql. Can you point me to the
> documentation?
Again, no docs I know of.
https://svn.codehaus.org/tranql
especially vendors/oracle/trunk
I think what you want to do is override
AbstractXADataSourceMCF.matchManagedConnections in the oracle
subclass so if there is no match on connections with their existing
credentials it calls openProxySession on one of the connections to
switch users. If openProxySession is very lightweight then just
calling it without a search would be reasonable.
Out of curiousity, how are you supplying the correct user to the
connector? Application managed security (datasource.getConnection
(user, password) or container managed security (using the identity of
the logged in user as tracked by the app server, possibly mapped with
an appropriate login module)?
Hope this helps and let us know if you run into problems or succeed :-)
thanks
david jencks
>
> Thanks for the help.
> Brian
>
>
> djencks wrote:
>>
>> Geronimo does not use dbcp, could you explain why you think it does?
>>
>> Could you explain what proxy sessions do? There might be a simple
>> solution, but I have no idea what you are trying to achieve. For
>> instance if you are trying to change the authentication information
>> on an existing connection this can be achieved by adding a bit of
>> code to the tranql oracle wrapper.
>>
>> thanks
>> david jencks
>>
>>
>
> --
> View this message in context: http://www.nabble.com/proxy-session-
> w--built-in-dbcp-%2B-openjpa-tp15404731s134p15412547.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>
Re: proxy session w/ built-in dbcp + openjpa
Posted by Brian Gregory <bg...@g-webdesign.com>.
1. Misconception on my part, what library is used for connection pooling?
(Where is this is the docs?)
2. Proxy session is another name for changing the user credentials on an
oracle connection. OracleConnection.openProxySession()
3. I'm not familiar with tranql. Can you point me to the documentation?
Thanks for the help.
Brian
djencks wrote:
>
> Geronimo does not use dbcp, could you explain why you think it does?
>
> Could you explain what proxy sessions do? There might be a simple
> solution, but I have no idea what you are trying to achieve. For
> instance if you are trying to change the authentication information
> on an existing connection this can be achieved by adding a bit of
> code to the tranql oracle wrapper.
>
> thanks
> david jencks
>
>
--
View this message in context: http://www.nabble.com/proxy-session-w--built-in-dbcp-%2B-openjpa-tp15404731s134p15412547.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: proxy session w/ built-in dbcp + openjpa
Posted by David Jencks <da...@yahoo.com>.
Geronimo does not use dbcp, could you explain why you think it does?
Could you explain what proxy sessions do? There might be a simple
solution, but I have no idea what you are trying to achieve. For
instance if you are trying to change the authentication information
on an existing connection this can be achieved by adding a bit of
code to the tranql oracle wrapper.
thanks
david jencks
On Feb 10, 2008, at 6:52 PM, Brian Gregory wrote:
>
> I'm attempting to use proxy session w/ oracle and the built-in dbcp
> + openjpa
> in geronimo but I'm hung up at the start. I've done this before
> with c3p0 +
> hibernate but c3p0 has a ConnectionCustomizer class that allows you to
> register for checkout and checkin events from the connection pool,
> thus
> allowing the proxy user to be modified prior to connections being
> used.
>
> Unfortunately I can't find a way to do this with dbcp, but I have a
> few
> ideas:
>
> 1. Subclass the dbcp PoolingDataSource such that proxy users are
> set up in
> the getConnection() method - Although I would have to define a
> database pool
> w/ that would use the new class (no idea) and setup openjpa to use
> this
> database pool (not sure either)
>
> 2. Use c3p0 w/ openjpa instead of the built-in dbcp. Is there a way to
> deploy a database pool in geronimo w/ a 3rd party pooling library?
> Is there
> a good way to set up a 3rd party db pool if not?
>
> Any other ideas are appreciated.
>
> --
> View this message in context: http://www.nabble.com/proxy-session-
> w--built-in-dbcp-%2B-openjpa-tp15404731s134p15404731.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>