Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "EclipseLink/Examples/JPA/Oracle/Proxy"
< EclipseLink | Examples | JPA | Oracle
m |
m |
||
| Line 17: | Line 17: | ||
* Access to OracleConnection (typically from OracleDataSource) using Oracle jdbc driver version 10.1.0.2 or later. | * Access to OracleConnection (typically from OracleDataSource) using Oracle jdbc driver version 10.1.0.2 or later. | ||
| − | === | + | === Write Access Control. Auditing === |
| + | Each change of the database could be attributed to the database user who did it (auditing). | ||
| + | Eclipselink application maintains the shared cache. | ||
* EntityManager uses proxy user "john" for writes and reads inside transaction. Note that reads performed outside of transaction are done through the main (non proxied) connection. | * EntityManager uses proxy user "john" for writes and reads inside transaction. Note that reads performed outside of transaction are done through the main (non proxied) connection. | ||
<source lang=java> | <source lang=java> | ||
| Line 27: | Line 29: | ||
((org.eclipse.persistence.internal.jpa.EntityManagerImpl)em.getDelegate()).setProperties(emProperties); | ((org.eclipse.persistence.internal.jpa.EntityManagerImpl)em.getDelegate()).setProperties(emProperties); | ||
</source> | </source> | ||
| − | + | ||
| + | === Full (Read and Write) Access Control. VPD. === | ||
| + | Some entities defined as using isolated (not shared) cache. They may be both read and written through the same "exclusive" connection. | ||
| + | * Specify in SessionCustomizer that exclusive connection should be used: | ||
<source lang=java> | <source lang=java> | ||
((ServerSession)session).getDefaultConnectionPolicy().setShouldUseExclusiveConnection(true); | ((ServerSession)session).getDefaultConnectionPolicy().setShouldUseExclusiveConnection(true); | ||
| Line 39: | Line 44: | ||
</source> | </source> | ||
| − | === | + | === Defining Proxy Properties on EntityManagerFactory. === |
Proxy properties may be also used by EntityManagerFactory. In that case all connections use them - unless overridden in EntityManager. | Proxy properties may be also used by EntityManagerFactory. In that case all connections use them - unless overridden in EntityManager. | ||
<source lang=java> | <source lang=java> | ||
Revision as of 15:57, 13 May 2008
 | This example is currently under development see Bug 224964 |
How to use EclipseLink JPA with Oracle Proxy Authentication
The Oracle database offers proxy authentication enabling the application to leverage a shared data source connected to the database by a single common/default user and then when used within the application the connection can be 'proxied' to be a different user. This offers the benefit of the database having knowledge of the specific user for the purposes of auditing or secure data access.
In this how-to the focus is on the usage of proxy authentication in conjunction with EclipseLink's JPA.
Contents
Overview
Requirements
- Access to OracleConnection (typically from OracleDataSource) using Oracle jdbc driver version 10.1.0.2 or later.
Write Access Control. Auditing
Each change of the database could be attributed to the database user who did it (auditing). Eclipselink application maintains the shared cache.
- EntityManager uses proxy user "john" for writes and reads inside transaction. Note that reads performed outside of transaction are done through the main (non proxied) connection.
Map emProperties = new HashMap(); emProperties.put("eclipselink.oracle.proxy-type", OracleConnection.PROXYTYPE_USER_NAME); emProperties.put(OracleConnection.PROXY_USER_NAME, "john"); EntityManager em = emf.createEntityManager(emProperties); // or in case of injected EntityManager ((org.eclipse.persistence.internal.jpa.EntityManagerImpl)em.getDelegate()).setProperties(emProperties);
Full (Read and Write) Access Control. VPD.
Some entities defined as using isolated (not shared) cache. They may be both read and written through the same "exclusive" connection.
- Specify in SessionCustomizer that exclusive connection should be used:
((ServerSession)session).getDefaultConnectionPolicy().setShouldUseExclusiveConnection(true);
- Note that exclusive connection requires at least one entity using isolated cache: at least one "eclipselink.cache.shared.*" property with "false" value should be passed to createEntityManagerFactory method:
// Entity named Employee uses isolated cache. "eclipselink.cache.shared.Employee" -> "false" // All entities use isolated cache. "eclipselink.cache.shared.default" -> "false"
Defining Proxy Properties on EntityManagerFactory.
Proxy properties may be also used by EntityManagerFactory. In that case all connections use them - unless overridden in EntityManager.
Map factoryProperties = new HashMap(); factoryProperties.put("eclipselink.oracle.proxy-type", OracleConnection.PROXYTYPE_USER_NAME); factoriesProperties.put(OracleConnection.PROXY_USER_NAME, "sarah"); EntityManagerFactory emf = Persistence.createEntityManagerFactory(factoryProperties); // em1 doesn't specify its own proxy properties - uses proxy user "sarah" specified by the factory. EntityManager em1 = emf.createEntityManager(); // em2 uses its own proxy properties - proxy user "john", doesn't matter whether factory has proxy properties or not. EntityManager em2 = emf.createEntityManager(emProperties); // em3 doesn't use any proxy connection - cancels proxy properties defined in the factory. Map cancelProperties = new HashMap(); cancelProperties.put("eclipselink.oracle.proxy-type", ""); EntityManager em3 = emf.createEntityManager(cancelProperties);