BoneCP

[michael123]

Hi

we're using Oracle Proxy authentication inside our current middle tier (C++).
As we develop in parallel our Java software, we started to implement same technique in Java.

1) When using connection pool, before returning the connection to the application, we need to 'impersonate' it with the real user.

the code snippet goes like this:


....
connection pool is initialized with PROXY_MASTER user and PROXY_MASTER password

...

(a) // cast into an OracleConnection
OracleConnection oraConnection = (OracleConnection) connection;

// close any proxy sessions that would still exist on the connection
if (oraConnection.isProxySession ())
oraConnection.close (OracleConnection.PROXY_SESSION);

// create a property map with the end user credentials
Properties proxyProps = new Properties ();
proxyProps.put (OracleConnection.PROXY_USER_NAME, <put user-id here>);

// open the proxy session
oraConnection.openProxySession (OracleConnection.PROXYTYPE_USER_NAME, proxyProps);
....

(b) Once we impersonated the session, we initialize the session on the application level (e.g. set database sorting, language settings, etc.)

2) impersonation is not a very fast thing.. Hence, in our C++ code, we have our own pool mechanism, which first looks for the connection impersonated for the same user. And by this, we save (a) and (b) steps. How can I add hooks to the connection pool so I can filter out connections? If none connection from the requested user exists, the default behavior would be used

thanks,
Michael

[wwadge]

I'm not 100% I understood what you need but if you need to tag along extra data with each connection you could use:

Code: Select all

/** Returns a debug handle as previously set by an application
    * @return DebugHandle
    */
   public Object getDebugHandle() {
      return this.debugHandle;
   }

   /** Sets a debugHandle, an object that is not used by the connection pool at all but may be set by an application to track
    * this particular connection handle for any purpose it deems fit.
    * @param debugHandle any object.
    */
   public void setDebugHandle(Object debugHandle) {
      this.debugHandle = debugHandle;
   }


and then use the connection hooks to look into those on checkout/checkin.

Wallace

[michael123]

Hi Wallace

yes, indeed, tagging would be necessary.
What we need to do is to modify a bit the lookup logic:

- we want that the session fetched from the pool will fit certain criteria
- if no such session exists, bonecp will create a new one .. and afterwards our proxy-auth hook will be called

What we want to achieve is that when user XYZ requests a session, he will find only session that was previously impersonated for XYZ or an empty one (which we will impersonate)

[wwadge]

That is not possible in version 0.7.1.RELEASE

In 0.8.0-SNAPSHOT there is very preliminary support to add your own custom fetch logic but this is still in flux and I wouldn't recommend you trying out much before the code stabilizes a bit.

If you'd like to have something workable today, I suggest you have a look at Google Guava's mapMaker; that will allow you to supply a computing map to do what you need.

[michael123]

I am not looking for production quality now, we're building a demo..

[wwadge]

Thinking a bit more, I think mapMaker is really the way to go, it should be perfect for your needs. With the computing map feature you can place it in front of your pool which will lazily bring in a new connection on demand but will cache it for future requests.

One other thing I'd add: a timeout to expire entries after a long while with the eviction function simply set to return the connection to the pool.

[michael123]

so, you're suggesting me to write a pool of my own..

We have one already - in C++..

[wwadge]

No, not at all!

It's:

Your App --> MapMaker --> fetches lazily from connection pool based on your function to determine whatever you want.

If you wish to go the source code route, you're going to need to hack away at the code at this point for it's 0.8.0-SNAPSHOT, a snapshot development branch not a release.

[michael123]

Ahh

thanks, I also started thinking in this direction..

Could you please tell more about this new functionality in SNAPSHOT?

[wwadge]

In the snapshot code, I'm separating the logic of where to obtain/release a connection; that way you could have multiple implementations including custom ones. At the moment, not enough is exposed to be able to allow you to easily add your own code however