File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Form-Based Authentication and JDBC Connection Pool

 
John Mooney
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I�m trying to figure out how to pass the user�s ID and password, using form-based authentication and file realm, to our JDBC connection. I realize the users will have to keep their file realm ID and password synchronized with their database ID and password, but we have no choice because the database is RACF protected making JDBC realm out of the question. We have a Web application running on a Sun Application Server. This application is basically a report generator. Based on user inputs, the application will query a DB2 database on an IBM mainframe, and then display the results. Our requirements are that we have to pass the user�s ID and password to the database. I have a connection pool configured, although I�m not quite sure that makes any sense because how can the application server keep a pool of connections when we don�t provide a user ID and password with the connection pool properties? Anyway, I�ve searched high and low to figure out how to connect the user ID and password taken from the form, down to the JDBC connection. I�ve read somewhere that once we let the container handle authentication; we no longer have access to the user ID and password through the code. Currently we are temporarily disabling the form-based authentication and grabbing the user ID and password and passing it on down through the code to the JDBC connection, but that doesn�t sound correct and I would like to fix it. If anybody knows the answer, I would appreciate the help. Thanks!
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to JavaRanch.
I have a connection pool configured, although I�m not quite sure that makes any sense because how can the application server keep a pool of connections when we don�t provide a user ID and password with the connection pool properties?

That's correct, the connection pool abstracts away from individual users. If everyone has their own password, then you need to create a new connection (or connection pool, although that might be overkill or unfeasible) for every user.
I�ve read somewhere that once we let the container handle authentication; we no longer have access to the user ID and password through the code.

That's true for the servers I know, and that is, of course, the whole point of container-managed authentication.
Currently we are temporarily disabling the form-based authentication and grabbing the user ID and password and passing it on down through the code to the JDBC connection, but that doesn�t sound correct and I would like to fix it.

It seems weird, but that's because web auth and DB auth are two different things - it's very unusual for the accounts or password to be identical. That's why there is no ready-made integration between the two.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic