aspose file tools*
The moose likes JDBC and the fly likes Form-Based Authentication and JDBC Connection Pool Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Form-Based Authentication and JDBC Connection Pool" Watch "Form-Based Authentication and JDBC Connection Pool" New topic
Author

Form-Based Authentication and JDBC Connection Pool

John Mooney
Greenhorn

Joined: Nov 22, 2006
Posts: 1
I�m trying to figure out how to pass the user�s ID and password, using form-based authentication and file realm, to our JDBC connection. I realize the users will have to keep their file realm ID and password synchronized with their database ID and password, but we have no choice because the database is RACF protected making JDBC realm out of the question. We have a Web application running on a Sun Application Server. This application is basically a report generator. Based on user inputs, the application will query a DB2 database on an IBM mainframe, and then display the results. Our requirements are that we have to pass the user�s ID and password to the database. I have a connection pool configured, although I�m not quite sure that makes any sense because how can the application server keep a pool of connections when we don�t provide a user ID and password with the connection pool properties? Anyway, I�ve searched high and low to figure out how to connect the user ID and password taken from the form, down to the JDBC connection. I�ve read somewhere that once we let the container handle authentication; we no longer have access to the user ID and password through the code. Currently we are temporarily disabling the form-based authentication and grabbing the user ID and password and passing it on down through the code to the JDBC connection, but that doesn�t sound correct and I would like to fix it. If anybody knows the answer, I would appreciate the help. Thanks!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41905
    
  63
Welcome to JavaRanch.
I have a connection pool configured, although I�m not quite sure that makes any sense because how can the application server keep a pool of connections when we don�t provide a user ID and password with the connection pool properties?

That's correct, the connection pool abstracts away from individual users. If everyone has their own password, then you need to create a new connection (or connection pool, although that might be overkill or unfeasible) for every user.
I�ve read somewhere that once we let the container handle authentication; we no longer have access to the user ID and password through the code.

That's true for the servers I know, and that is, of course, the whole point of container-managed authentication.
Currently we are temporarily disabling the form-based authentication and grabbing the user ID and password and passing it on down through the code to the JDBC connection, but that doesn�t sound correct and I would like to fix it.

It seems weird, but that's because web auth and DB auth are two different things - it's very unusual for the accounts or password to be identical. That's why there is no ready-made integration between the two.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Form-Based Authentication and JDBC Connection Pool