Don't use the getConnection(user,pw) with the xadatasource loader stuff in 2.4. If there is a free connection in the pool, it returns it, no matter who the user is for that connection. Otherwise it sets the user/pw so subsequent connections obtained using getConection() use the last requested user/pw... I don't know why anyone would implement something like this...
If you need more than one user for your database use jboss 3.0.2 or 3.2. You may be able to either use the CallerIdentityLoginModule so the app user/pw becomes the database user or write a MappingIdentityLoginModule to perform an arbitrary app user to db user mapping. With these your app would use getConnection() and jboss supplies the user/pw using the login module.
I also don't quite understand what you are trying to do with your login module.
I have a customer that uses the databases own 'security' to authenticate the user. If 'getConnection(user,pwd)' fails they are not authenticated. The 'roles' are stored in a table in the same database.
I extended 'UsernamePasswordLoginModule'
I call 'getConnection(user,pwd)' in the 'validatePassword()' and the 'getRoleSets()' overrides.
Under 2.4 is it 'legal' to use the DriverManager directly in a LoginModule?... or is there a better way?
Under 3.0.0 I use 'ByApplication' as the criteria for the connection pool attribute. This all seems to work!!
> I have a customer that uses the databases own
> 'security' to authenticate the user. If
> 'getConnection(user,pwd)' fails they are not
> authenticated. The 'roles' are stored in a table in
> the same database.
This won't work in 2.4.x. You are apt to get back a connection logged in as a random user.
> I extended 'UsernamePasswordLoginModule'
> I call 'getConnection(user,pwd)' in the
> 'validatePassword()' and the 'getRoleSets()'
> Under 2.4 is it 'legal' to use the DriverManager
> directly in a LoginModule?... or is there a better
You can do that, it is a very inefficient way of validating security since you have to establish a db connection for each authentication attempt. There's no obvious (to me) way in 2.4.x to keep using this user's connection for the work they want to do after authentication.
> Under 3.0.0 I use 'ByApplication' as the criteria for
> the connection pool attribute. This all seems to
Do you have CallerIdentityLoginModule set up?
This is going to tend to have the same inefficiency problems as in 2.4, although at least jboss will keep giving you the same connection for the same user without any more work on your part.
Is there any way to query the db system tables to authenticate and always log in as the same user?
...What format is the 'binary' password in MSSQL Server in sysusers table? Under 2.4.x I may be able to do this hack...I don't like it...I think I'll force them to 3.0.x!!!!
What is the CallerIdentityLoginModule? I have not got familiar with with 3.0.x yet...
I currently have a 'working' 3.0.0 setup.
CallerIdentityLoginModule uses the user/pw that was used to log into the application to log into the db.
I'd work with 3.0.2 rather than 3.0.0.