You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Andreas Kohlbecker <ko...@web.de> on 2005/11/28 08:29:22 UTC

[DBCP] PerUserPoolDataSource - Problem with changing passwords

I already posted this question some weeks ago to the 
commons-user@jakarta.apache.org mailing list. Since I did not receive 
any answer I decided to post it to the developers mailing list. Also 
because I recommend fixing a potential? bug or more a lack in the 
sourcecode.

---

We are using the DBCP PerUserPoolDataSource as GlobalNamingResource in
tomcat 5.5. Users have the option to change the password by a special
webpage. After a password has been changed, access to the database fails
because the password stored in the connection pool differs now from
the newly chosen password. Requesting a new Connection for this user by
calling the PerUserPoolDataSource.getConnection(String username, String
password) method throws an expected exception:

java.sql.SQLException: Given password did not match password used to
create the PooledConnection.

Thus: The old password is no longer accepted by the database. And using
the new one is denied by the InstanceKeyDataSource. How can this dilemma
be solved? Restarting the ServletContainer every time a user's password
is changed seem not feasible to me.

The only solution I found is to reimplement the PerUserPoolDataSource,
PerUserPoolDataSourceFactory and InstanceKeyObjectFactory in a separate
package and to change the 'getPooledConnectionAndInfo(String username,
String password)' method in such way, that it registers a new pool for a
user if its password has changed:

-----snipp-------

PooledConnectionAndInfo info = null;
     try {
         info = (PooledConnectionAndInfo)((ObjectPool) pool).borrowObject();
         if(!info.getPassword().equals(password)){
             // password has changed -> register new pool for this user
             try {
                 key = getPoolKey(username);
                 registerPool(username, password);
                 pool = pools.get(key);
             } catch (NamingException e) {
                 throw new SQLNestedException("RegisterPool failed", e);
             }
             info = (PooledConnectionAndInfo)((ObjectPool)
pool).borrowObject();
         }
     }
     catch (Exception e) {
         throw new SQLNestedException(
             "Could not retrieve connection info from pool", e);
     }

-----snipp-------

Is there another solution? If not, I would suggest updating the next
DBPC release to include an appropriate method to deal with password changes.

Andreas Kohlbecker


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org