Re: Entity Beans w/ User-Specific DB Connections

David,
Did you ever figure out how to implement Oracle's "N-Tier Authentication" from CMP Entity beans?
thanks,
Dan

dgyoung_at_erols.com (David G. Young) wrote in message news:<6651b171.0307240345.6686a25_at_posting.google.com>...
> Thanks, Karen -- The N-Tier Authentication article is half of what I'm
> looking for. It gives good specifics on identifying the user to an
> Oracle database using an anonymous DB connection from a pool.
>
> The other half of what I need is how to use this with off-the-shelf
> persistence technologies. The examples in the article show custom
> Java/SQL code that must be inserted before a query. All J2EE
> containers I know -- including Oracle 9iAS -- do not appear to allow
> this for CMP Entity Beans. Other persistence technologies, like
> Oracle Toplink and JDO, have equivalent restrictions. The fundamental
> idea behind all these technologies appears to be that anonymous data
> access allows caching of persistent data on the middle-tier, so that
> access is made more efficient. I'd be happy to give up that
> optimization, if there is a way.
>
> Has anybody found a way to implement Oracle's "N-Tier Authentication"
> without writing custom persistence code?
>
> Thanks,
> David
>
> Karsten Farrell <kfarrell_at_belgariad.com> wrote in message news:<MPG.19889149683e43bd989800_at_news.la.sbcglobal.net>...
> > Hi David G. Young, thanks for writing this:
> > > Our team is building a classic three-tier J2EE system, but we're
> > > having a problem with needing user-specific database connections. Our
> > > customer requires us to use both J2EE, Oracle's Virtual Private
> > > Database (VPD) and Oracle audit trail. These Oracle-specific
> > > technologies require that the user associated with each database
> > > transaction be known by the database, either by a DB connection
> > > specific to the user, or by passing context information through a
> > > general purpose connection.
> > >
> > > The problem is that CMP uses a javax.sql.DataSource to get
> > > connections, which use the same database username/password for every
> > > access. Callback methods don't help either -- since ejbLoad gets
> > > called after the load takes place, there is no way to set the user
> > > context before the load happens.
> > >
> > > Has anybody found a solution to this problem?
> > >
> > > I would think it would be a very common desire to use database-level
> > > auditing in a J2EE system. I am trying to avoid having to write a
> > > huge amount of bug-prone custom persistence code in BMP EJBs or in
> > > DAOs.
> > >
> > > Any advice appreciated.
> > > David
> > >
> > >
> > > P.S. Other options I have considered seem to have the same problem.
> > > It appears all OR tools and technologies share this problem.
> > >
> > > JDO - Java Database Objects rely on a PersistenceManagerFactory, which
> > > must be set up with a single database username/password. Once this is
> > > set, it cannot be changed.
> > >
> > > Toplink - This Oracle tool can generate code with CMP EJBs, BMP EJBs,
> > > a JDO framework, or light Java classes. Each of the sub-solutions
> > > appears to use a database user-independent ServerSession object.
> > >
> >
> > Oracle Magazine May/June 2003 had a (very) brief discussion of N-Tier
> > Authentication (what Oracle terms the feature you're looking for). It's
> > not very comprehensive, but might give you a start:
> >
> > http://otn.oracle.com/oramag/oracle/03-may/o33trends.html
> >
> > You might also find some help with Java Authentication and Authorization
> > Service (JAAS), such as this article (URL will wrap):
> >
> > http://otn.oracle.com/sample_code/tech/java/j2ee/javacookbook/JAAS/OverVie
> > w.html
> >
> > I am a DBA, not a developer, so I don't know if these will help. Forgive
> > me if you already know all the stuff mentioned in these articles.
Received on Thu Aug 21 2003 - 20:26:32 CEST