2 Replies Latest reply on Jul 16, 2002 10:50 PM by michael

    JBoss 3.0, EJB's, and DataSource authentication

    michael Newbie

      Hi folks,

      I'm fairly new to JBoss/J2EE and I'm having a difficult time understanding how datasource authentication is managed by JBoss. I've created a schema's-worth of CMP/CMR EJB's using a Postgres data source, but that data source was created with the proper username and password entries in login-conf.xml. Before moving forward with development, I'd like to understand how I can secure my data source within JBoss. In other words, I wish to restrict access to my data sources, but I still want the auto-magic persistence/management of CMP EJB's.

      My short term question is how I can implement one of the following data source security schemes (or something better):

      * tell my EJB's (or my .ear, perhaps) what username/password to use when obtaining connections from the data source

      * embed a data source within my .ear, with restrictions allowing only code in that .ear to access the data source

      * create a data source that only a particular code base (my .ear) can access


      My main goal is to get the data source authentication information out of Jboss-scope and into an application-scope. Any pointers would be greatly appreciated. I have a feeling that I'm not looking for the correct terminology in the documentation and forum archives.

      Thanks,
      Michael

        • 1. Re: JBoss 3.0, EJB's, and DataSource authentication
          marc fleury Master

          Datasources are configured to bind a pool to the JNDI namespace. This is done at the MBean level. I will create a datasource forum shortly so we can put these questions there. The snippet you want to configure with 3.0 is a bit obscure in it's declaration, for now you need to look at the hsqldb example (with distribution) and look for the "driver,url,username, passwd" combo xml snippet in there.

          The datasource is deployed dynamically through the deploy directory of your installation (so you can dynamically add/remove them). Check the default installation for a working example. Your datasource will then be available under that name space and you can configure your beans to use that datasource.

          • 2. Re: JBoss 3.0, EJB's, and DataSource authentication
            michael Newbie

            Thanks for answering Marc. I think that I'm understanding, but I have a couple more questions (I didn't see a datasource forum yet).

            Are some elements of the JNDI namespace application specific, rather than global across jboss?

            Am I supposed to deploy an .ear specific datasource from inside the application context? An mbean inside an application? (That doesn't sound right to me.)

            Should I provide the authentication information in the JNDI context when I look up the datasource? I assume that this would take advantage of the per-username/password pooling that the pool manager offers. This *does* feel right to me, as it would provide the application scoped authentication that I'm looking for. I just can't find any information on how to do this.


            Thanks, I'm having a great time using Jboss,

            Michael