13 Replies Latest reply on Apr 20, 2009 12:49 PM by jorg1

    Paasing Credentials to Datasource

    dianne

      Is there a way to pass the user credentials to the datasource in order to get a connection with privileges specific to that user? Using a datasource with a generic account is not an option since database access is granted on the table level for each user in the organization I work for.

        • 1. Re: Paasing Credentials to Datasource
          norman

          I believe JBoss AS supports this at the datasource definition level.  I don't remember the configuration offhand because nobody actually seems to configure their database like that nowadays.

          • 2. Re: Paasing Credentials to Datasource
            dianne

            I am thinking of writing a custom ConnectionProvider similar to the
            DatasourceConnectionProvider from hibernate. I have a number of questions:
            1. What are the Seam configurations that need to be set to use the custom ConnectionProvider?
            2. How can I pass the user name and password from the login form to the custom connection provider?

            • 3. Re: Paasing Credentials to Datasource
              joblini

              Hi, Interesting question.  I did something similar, but using JDBC.


              A few thoughts ...


              1)  Hibernate properties are set in persistence.xml


              2)  EntityManager getDelegate method returns the underlying Hibernate provider


              3)  EntityManagerFactory.createEntityManager(map) is probably what you need to call, passing the connection info in map ?


              Obviously check the Hibernate Entity Manager user guide.  Dig around in the Seam source code to find the component responsible for calling EntityManagerFactory.  Chances are that you can plug in your own version. 


              Once you get this worked out, getting the username and the password from the login screen should be relatively straightforward.


              • 4. Re: Paasing Credentials to Datasource
                nickarls

                I don't think the option of integrating the seam authentication system with the connection management would be a bad idea.


                Sure, you probably lose some pooling/cacheing stuff but there are environments where the database is audited/secured on a user-level and customers like that sometimes have a hard time understanding that all connections from the application use the same db user.


                I believe I have seen this done in a Spring env sometimes

                • 5. Re: Paasing Credentials to Datasource
                  nickarls

                  Probably user modules?

                  • 6. Re: Paasing Credentials to Datasource
                    dianne

                    Ingo Jobling wrote on Apr 14, 2009 06:34:


                    I did something similar, but using JDBC.


                    Can you share what you did using JDBC? I am planning to check the Hibernate Entity Manager user guide to get more information.



                    Nicklas Karlsson wrote on 14. Apr 2009, 08:31


                    Sure, you probably lose some pooling/cacheing stuff but there are environments where the database is audited/secured on a user-level.

                    That is exactly the reason why I need to write a custom connection provider.

                    • 7. Re: Paasing Credentials to Datasource
                      nickarls

                      javax.sql.DataSource.getConnection(String, String)?

                      • 8. Re: Paasing Credentials to Datasource
                        dianne

                        Nicklas Karlsson wrote on Apr 14, 2009 12:36:


                        javax.sql.DataSource.getConnection(String, String)?

                        How can I tell Seam to pass the values to this method?

                        • 9. Re: Paasing Credentials to Datasource
                          nickarls

                          Just guessing but you could in persistence.xml point to a <jta-data-source> that would have overridden the getConnection (without params) to integrate with Seam.


                          Unless you find some better integration point while looking to the seam core persistence package. There might be proxies and factories that could be useful...

                          • 10. Re: Paasing Credentials to Datasource
                            dianne

                            But I still need to use the username and password from the login page to get the connection.

                            • 11. Re: Paasing Credentials to Datasource
                              dianne

                              I have tried to define the custom connection provider as a component but it does not seem to work. Here is what I have so far:



                              @Name("connectionProvider")
                              @Scope(ScopeType.SESSION)
                              public class CustomConnectionProvider implements ConnectionProvider{
                              
                                   private InitialContext ctx;
                              
                                   private String datasourceJndiName = "customcpDatasource";
                                   private String username;
                                   private String password;
                                   
                                   public String getUsername() {
                                        return username;
                                   }
                              
                                   public void setUsername(String setUsername) {
                                        this.username = username;
                                   }
                              
                                   public String getPassword() {
                                        return password;
                                   }
                              
                                   public void setPassword(String password) {
                                        this.password = password;
                                   }
                              
                                   public void close() throws HibernateException {}
                              
                                   public void closeConnection(Connection connection) throws SQLException {
                                        connection.close();          
                                   }
                              
                                   public void configure(Properties properties) throws HibernateException {
                                        try {
                                             ctx = new InitialContext(properties);
                                        } catch (NamingException e) {
                                             e.printStackTrace();
                                        }
                                   }
                              
                                   public Connection getConnection() throws SQLException {
                                        Connection connection = null;
                                        try {
                                             DataSource datasource = ((DataSource)ctx.lookup("java:/" +datasourceJndiName));
                                             connection = datasource.getConnection(username, password);
                                        } catch (NamingException e) {
                                             e.printStackTrace();
                                        }
                                        return connection;
                                   }
                              
                                   public boolean supportsAggressiveRelease() {
                                        return true;
                                   }
                              }


                              • 12. Re: Paasing Credentials to Datasource
                                nickarls

                                I don't see a place where connectionProvied would be resolved in Seam so I don't see how that could work.


                                And the problem with datasources is that they are usually appserver-level.


                                Try to browse through the org.jboss.seam.persistence it you see anything interesting. Or see if the spring guys have done similar, if they can, seam can probably, too ;-)

                                • 13. Re: Paasing Credentials to Datasource
                                  jorg1