Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "EclipseLink/Examples/MySports/VPD"
(New page: <div style="float:right;width:300px"> <div style="background:#ffffff;width:275px" align="center"> Image:EclipseLink_Mysports.png __TOC__ </div> </div> = MySports using Oracle VPD = T...) |
|||
| Line 8: | Line 8: | ||
= MySports using Oracle VPD = | = MySports using Oracle VPD = | ||
| − | This page describes how the MySports demo can be configured to work with Oracle VPD to perform the SQL modifications necessary to limit what each tenant can see of the shared tables. | + | This page describes how the MySports demo can be configured to work with Oracle VPD to perform the SQL modifications necessary to limit what each tenant can see of the shared tables. The MySports example by default makes use of EclipseLink's @Multitenant support that will add in the necessary SQL predecates to all SELECT, UPDATE, & DELETE statements as well as adding the necessary tenant discriminator value to the INSERT statements. When using Oracle VPD to limit tenant access on shared tables EclipseLink must still INSERT the tenant discriminator values but instead of augmenting the queries it will set the tenant identifier with the JDBC connection's session and rely on the VPD configuration to perform and necessary augmentation. |
| + | |||
| + | == Configuration == | ||
| + | |||
| + | The demo has simplified the use of Oracle VPD to only require a simple configuration | ||
| + | |||
| + | === MySports Configuration === | ||
| + | |||
| + | === Database Configuration === | ||
| + | |||
| + | The database must be configured to support VPD. The MySports test cases will do the configuration setting up a stored procedure to generate the SQL predicates as well as enabling the access policy on the multi-tenant tables (MYS_PLAYER, MYS_TEAM, & MYS_DIV) | ||
| + | |||
| + | == How It Works == | ||
| + | |||
| + | Within the MySports application there are some EclipseLink features leveraged to make this all work: | ||
| + | |||
| + | # SessionEventListener used to set and unset tenant (client) identifier on database connections | ||
| + | # Disable @Multitenant's additional criteria | ||
Revision as of 11:33, 23 August 2011
MySports using Oracle VPD
This page describes how the MySports demo can be configured to work with Oracle VPD to perform the SQL modifications necessary to limit what each tenant can see of the shared tables. The MySports example by default makes use of EclipseLink's @Multitenant support that will add in the necessary SQL predecates to all SELECT, UPDATE, & DELETE statements as well as adding the necessary tenant discriminator value to the INSERT statements. When using Oracle VPD to limit tenant access on shared tables EclipseLink must still INSERT the tenant discriminator values but instead of augmenting the queries it will set the tenant identifier with the JDBC connection's session and rely on the VPD configuration to perform and necessary augmentation.
Configuration
The demo has simplified the use of Oracle VPD to only require a simple configuration
MySports Configuration
Database Configuration
The database must be configured to support VPD. The MySports test cases will do the configuration setting up a stored procedure to generate the SQL predicates as well as enabling the access policy on the multi-tenant tables (MYS_PLAYER, MYS_TEAM, & MYS_DIV)
How It Works
Within the MySports application there are some EclipseLink features leveraged to make this all work:
- SessionEventListener used to set and unset tenant (client) identifier on database connections
- Disable @Multitenant's additional criteria