File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes What is the best method for JDBC connection in servlet without using a connection pool? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "What is the best method for JDBC connection in servlet without using a connection pool?" Watch "What is the best method for JDBC connection in servlet without using a connection pool?" New topic
Author

What is the best method for JDBC connection in servlet without using a connection pool?

Rob Micah
Ranch Hand

Joined: Aug 30, 2011
Posts: 94
I have a JDBC connection that needs to be made from my web application (servlet/bean) that won't have the login credentials until runtime. What's the best method for creating this connection at runtime?
Harsha Ka
Ranch Hand

Joined: Mar 14, 2010
Posts: 45

You can probably keep the credentials configurable in a properties file, read this and use it for your JDBC connections.


SCJP 1.6,Preparing (Tryin to prepare) for scwcd
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60053
    
  65

Though I would never create a connection in the controller layer. Make the credentials available as properties, and read/use them in the model layer. The controller layer should not be aware of DB stuff.

Of course, I'd never not use a connection pool either.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4637
    
    5

Bear Bibeault wrote:Of course, I'd never not use a connection pool either.

why?
Doesn't seem to be an "of course" decision at all to me.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60053
    
  65

Because container-managed connection pools have been extensively debugged and are really good at managing the connections. Why reinvent the wheel, especially when it's virtually impossible to create a better wheel?

Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4637
    
    5

@bear, I'm still confused. You seem to be saying you would never write a connection pool. But that is not what you posted. You posted that you would never use a well documented, well debugged connection pool.

Confused.....
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60053
    
  65

Pat Farrell wrote:You posted that you would never use a well documented, well debugged connection pool.

Nope. Read it again. I'd said I'd never not use a connection pool.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4637
    
    5

Bear Bibeault wrote:Nope. Read it again. I'd said I'd never not use a connection pool.


Didn't your 6th grade English teacher explain that double negatives cause confusion?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60053
    
  65

Done purposefully for emphasis.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4637
    
    5

Bear Bibeault wrote:Done purposefully for emphasis.


Fail!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60053
    
  65

Oh well. I don't have a copy editor for my forum posts.
Rob Micah
Ranch Hand

Joined: Aug 30, 2011
Posts: 94
Bear Bibeault wrote:Though I would never create a connection in the controller layer. Make the credentials available as properties, and read/use them in the model layer. The controller layer should not be aware of DB stuff.

Of course, I'd never not use a connection pool either.

If you would be so kind please spell out specifically what you mean by controller and model layer. I have to switch between different technologies a lot and I'm rusty on this topic.

Also the reason I can't use a connection pool is that the pool attempts to log in every so often with the last provided credentials. But once a user changes their password this causes repeated failed logins.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60053
    
  65

Rob Micah wrote:
If you would be so kind please spell out specifically what you mean by controller and model layer. I have to switch between different technologies a lot and I'm rusty on this topic.

Look up "MVC" and also read this article.

Also the reason I can't use a connection pool is that the pool attempts to log in every so often with the last provided credentials. But once a user changes their password this causes repeated failed logins.

You let end users change database passwords?
Harsha Ka
Ranch Hand

Joined: Mar 14, 2010
Posts: 45

Rob Micah wrote:
Also the reason I can't use a connection pool is that the pool attempts to log in every so often with the last provided credentials. But once a user changes their password this causes repeated failed logins.

Which credentials are you talking about?
Rob Micah
Ranch Hand

Joined: Aug 30, 2011
Posts: 94
Bear Bibeault wrote:You let end users change database passwords?

I don't let them do anything. I'm not the boss of this ass backwards system. I'm just trying to work with it. Thanks for the link.
Rob Micah
Ranch Hand

Joined: Aug 30, 2011
Posts: 94
Harsha Ka wrote:
Rob Micah wrote:
Also the reason I can't use a connection pool is that the pool attempts to log in every so often with the last provided credentials. But once a user changes their password this causes repeated failed logins.

Which credentials are you talking about?
Database credentials.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15641
    
  15

It sounds like you're expecting the webapp to use end user database rights and credentials.

That doesn't work very well in a multi-user shared resource environment such as a webapp. Common practice - and this dates all the way back to the days when I rode herd on mainframe apps - is that the resource subsystems need to have security rights that are the greatest common denominator of all the rights needed for all the users. You then limit the in-app rights on a per-user basis using a secondary security subsystem, either pre-supplied or coded as part of the app (or occasionally, both).

In the specific case of database resources, normally this is more than adequate, since unless you're building SQL on the fly in a public space (in other words, set yourself up for SQL Injection attacks ), you can simply limit access to the business functions that invoke the SQL and thereby control not only database malfeasance, but also possible internal corruption of the shared online environment.

There are some issues in this approach, though. Since we're talking the Greatest Common Denominator of rights, apps which have management functions built into them might need very broad rights indeed. Much broader than you'd like floating around playing target for bad code. Or, for that matter, unscrupulous coders slipping back-door "features" into the app. If it's a major concern, it's worth making the management functions into a separate app (web or offline) and using a different security account.

Java is an expensive and complex framework to develop for and with. As long as you have to do all the other things that Java demands, you might as well toss in the connection pools, since they don't require much work and return a lot of performance. If it isn't worth that much effort, it probably wasn't worth the effort of doing it in Java anyway.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: What is the best method for JDBC connection in servlet without using a connection pool?
 
Similar Threads
How to config Jboss3.x
Connection Object pointing to Null
need an advice in JDBC coding !!
JDBC in JSP/Servlet question
reading data from jsp page to another jsp page using request.getParameter