4 Replies Latest reply on Oct 22, 2010 2:43 PM by mostserene

Custom/Wrapped JDBC Driver for DataSource

rbroberts Dec 18, 2009 11:28 PM

I have an application which need to look up the database password each time a new connection is created. In a standalone application using Hibernate, this is easy: I just set the property hibernate.connection.provider_class to point to a custom class which returns my wrapped DataSource. However, that property has no effect withing JBoss (at least I can't get it to have any effect). I'm using JBoss 5.0 with JDK 6.

I though perhaps I could get away with taking the vendor java.sql.Driver (in this case, org.postgresql.Driver) and extending it as a was of intercepting the calls to connect. However, while my driver is being loaded by JBoss and is referenced in my -ds.xml file, it doesn't actually seem to be getting used. It is also being initialized with the hsqldb URL instead of the one in my -ds.xml file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE datasources PUBLIC
        "-//JBoss//DTD JBOSS JCA Config 1.5//EN"
        "http://www.jboss.org/j2ee/dtd/jboss-ds_1_5.dtd">

<datasources>
    <local-tx-datasource>
        <jndi-name>pgsql/fvdrpg5</jndi-name>
        <connection-url>jdbc:postgresql:fvis5</connection-url>
        <driver-class>fvis.util.Driver</driver-class>
        <user-name>fvdrpg</user-name>
        <password></password>
    </local-tx-datasource>
</datasources>

So...am I barking up the wrong tree trying to do things this way? Do I need to write my own JCA code to get my custom datasource into JBoss, or is there a simpler way?

roland

1. Re: Custom/Wrapped JDBC Driver for DataSource

vickyk Dec 20, 2009 12:27 AM (in response to rbroberts)
rbroberts wrote:

However, while my driver is being loaded by JBoss and is referenced in my -ds.xml file, it doesn't actually seem to be getting used. It is also being initialized with the hsqldb URL instead of the one in my -ds.xml file.

        I don't understand this clearly, you need to explain it in detail.

        You application can read the password from the jca MBean e.g

        [vicky@posh bin]$ ./twiddle.sh -u admin -p admin invoke jboss.jca:name=DefaultDS,service=ManagedConnectionFactory getManagedConnectionFactoryAttribute userName sa

     For password you need to replace userName with password !
Actions
2. Re: Custom/Wrapped JDBC Driver for DataSource

rbroberts Dec 20, 2009 10:19 AM (in response to vickyk)

For our application, the password can and does change. Part of the design included some audit requirement that restrict developers from having access on the production system. However, sometimes we are granted temporary access in order to diagnose problems. The database password is stored in an external file controlled by the DBA. When our temporary access is revoked, the password is changed. Our application (not JBoss) uses a Hibernate ConnectionProvider to wrap the datasource (which is just an extended Oracle pooled datasource) to change all getConnection(user,password) into getConnection(user,lookupPassword(user))

There are other details like interlocking access to the password file (multiple readers, single writer) to avoid race conditions on reading the password and establishing a connection, but the above is the main issue. The password is not under application/developer control, it needs to be read from an external resource and can and does change.

So what I need is some way to do the equivalent of our current non-JBoss setup, grabbing the password from this external resource (file) every time I need to open a new connection.

roland
Actions
3. Re: Custom/Wrapped JDBC Driver for DataSource

adrian.brock Jan 12, 2010 9:21 AM (in response to rbroberts)

You need to write a JCA JAAS login module that retrieves the subject from your file,
configure it in conf/login-config.xml and then reference it using the <security-domain> in your -ds.xml
See:
http://community.jboss.org/wiki/ConfigJCALoginModule

There isn't one that explicitly does what you want, but they aren't that difficult to write - current impls are here:
http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossas/projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/resource/security/
Actions
4. Re: Custom/Wrapped JDBC Driver for DataSource

mostserene Oct 22, 2010 2:43 PM (in response to rbroberts)

I am having the same issue as
Custom/Wrapped JDBC Driver for DataSource
...

I need to instantiate a data source connection pool with a proxy user and at the session level switch the connection on behalf of the authenticated user.
I have a jaas security realm implmentation to create a custom principle,
I have a custom driver that wraps an oracle oci driver in order to inject properties from the custom principal configured in a a datasource
..
the issue is that the custom jdbc driver when set in a -ds.xml is ignored and the driver-url is the only element used to make the connection. The custom driver is never loaded.

I am using Pete Bennett's example in
http://community.jboss.org/wiki/IntegratingOracleVPDandJBoss with a custom JAAS realm

I have tried JBOSS 4.2 with JDK 1.6 on solaris
as well as JBOSS 5.0 with JDK 1.6 on solaris

The realm works, the datasource works, the application works, a custom jsp page can interrogate the underlying connection to see that it is a WrappedConnection but the driver never loads and worse yet never errors out

I see the reference to a jms /jca configuration and I have tried to set up the message queue but I don't see how it applies to the problem Roland and I are encountering. Is there a more fleshed out discussion regarding interrogating a principle to inject it's properties to the datasource driver?

Thanks
Actions

Go to original post