File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JDBC and the fly likes Authentication, where? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Authentication, where?" Watch "Authentication, where?" New topic
Author

Authentication, where?

Dennis Zandvliet
Ranch Hand

Joined: Jun 19, 2008
Posts: 60
What's the difference between authenticating like this in you're code

dataSource.getConnection(userName, password);

Or doing authentication by configuring in the datasource

Component-managed authentication with JAAS - J2C authentication data

Is there a performance issue?

Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

The difference is one is in code the other is declarative.

My experience suggests some of the datasource implementations out there (I'm looking at you WebSphere) will not use the user name and password passed via the getConnection method.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Dennis Zandvliet
Ranch Hand

Joined: Jun 19, 2008
Posts: 60
Paul Sturrock wrote:The difference is one is in code the other is declarative.

My experience suggests some of the datasource implementations out there (I'm looking at you WebSphere) will not use the user name and password passed via the getConnection method.


But what is the difference in practice? Is their performance difference?

Paul Sturrock wrote:

My experience suggests some of the datasource implementations out there (I'm looking at you WebSphere) will not use the user name and password passed via the getConnection method.


How will it then authenticate against the database?
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336


But what is the difference in practice? Is their performance difference?

I can't say categorically, but I'd guess no. Why should it perform any better than the existing datasource connection method?


How will it then authenticate against the database?

This is already configured in the DataSource. Why authenticate again?
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30057
    
149

Dennis Zandvliet wrote:But what is the difference in practice?

Security. If you configure the password via the datasource, it doesn't need to be in the source code or a property file. This also prevents the developers from having to know the password. The server team can set it.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Dennis Zandvliet
Ranch Hand

Joined: Jun 19, 2008
Posts: 60
Paul Sturrock wrote:
I can't say categorically, but I'd guess no. Why should it perform any better than the existing datasource connection method?


Because maybe, depending on how the driver has been implemented, for each call it re-authenticates the 'user'.

Paul Sturrock wrote:
This is already configured in the DataSource. Why authenticate again?


I mean when it's not yet configured in the Datasource.
Dennis Zandvliet
Ranch Hand

Joined: Jun 19, 2008
Posts: 60
Jeanne Boyarsky wrote:
Dennis Zandvliet wrote:But what is the difference in practice?

Security. If you configure the password via the datasource, it doesn't need to be in the source code or a property file. This also prevents the developers from having to know the password. The server team can set it.


That's the only difference in practice?
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30057
    
149

Dennis Zandvliet wrote:That's the only difference in practice?

I don't know. That such a big difference that hard coding the password was never an option where I work. Which wouldn't expose me to any other limitations.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentication, where?
 
Similar Threads
Security frameworks for application frameworks
Security Maintenance
ladp authentication
How is Authentication done in projects?
servlet security