Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Configuring Exclusive Isolated Client Sessions for Virtual Private Database (ELUG)"
m (New page: <div style="float:right;border:1px solid #000000;padding:5px">__TOC__ [[Special:Whatlinkshere/Configuring Exclusive Isolated Client Sessions for Virtual Private Database (ELUG)|Related Top...) |
m |
||
| (6 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | [[Image:Elug draft icon.png]] '''For the latest EclipseLink documentation, please see http://www.eclipse.org/eclipselink/documentation/ ''' | |
| − | [[ | + | |
| − | + | ||
| − | + | ---- | |
| − | + | <div style="float:right;border:1px solid #000000;padding:5px">__TOC__ | |
| − | + | [[Special:Whatlinkshere/Configuring Exclusive Isolated Client Sessions for Virtual Private Database (ELUG)|Related Topics]]</div> | |
This table lists the configurable options for isolated sessions. | This table lists the configurable options for isolated sessions. | ||
| − | |||
<span id="Table 88-1"></span> | <span id="Table 88-1"></span> | ||
| − | |||
| − | |||
{| class="RuleFormalMax" dir="ltr" title="Configurable Options for Isolated Client Sessions" summary="This table lists the configurable options common to Isolated Client Sessionsand categorizes them as Basic and Advanced and indicates if the option can be configured with the Workbench, Java, or both." width="100%" border="1" frame="border" rules="all" cellpadding="3" frame="border" rules="all" | {| class="RuleFormalMax" dir="ltr" title="Configurable Options for Isolated Client Sessions" summary="This table lists the configurable options common to Isolated Client Sessionsand categorizes them as Basic and Advanced and indicates if the option can be configured with the Workbench, Java, or both." width="100%" border="1" frame="border" rules="all" cellpadding="3" frame="border" rules="all" | ||
|- align="left" valign="top" | |- align="left" valign="top" | ||
| Line 22: | Line 17: | ||
|- align="left" valign="top" | |- align="left" valign="top" | ||
| id="r2c1-t2" headers="r1c1-t2" align="left" | | | id="r2c1-t2" headers="r1c1-t2" align="left" | | ||
| − | + | [[Configuring%20a%20Descriptor%20(ELUG)#Configuring Cache Isolation at the Descriptor Level|Configuring Cache Isolation at the Descriptor Level]] | |
| headers="r2c1-t2 r1c2-t2" align="left" | | | headers="r2c1-t2 r1c2-t2" align="left" | | ||
[[Image:unsupport.gif|Unsupported]]<br> | [[Image:unsupport.gif|Unsupported]]<br> | ||
| Line 29: | Line 24: | ||
|- align="left" valign="top" | |- align="left" valign="top" | ||
| id="r3c1-t2" headers="r1c1-t2" align="left" | | | id="r3c1-t2" headers="r1c1-t2" align="left" | | ||
| − | + | [[Configuring%20a%20Session%20(ELUG)#Configuring Connection Policy|Configuring Connection Policy]] | |
| headers="r3c1-t2 r1c2-t2" align="left" | | | headers="r3c1-t2 r1c2-t2" align="left" | | ||
[[Image:unsupport.gif|Unsupported]]<br> | [[Image:unsupport.gif|Unsupported]]<br> | ||
| Line 36: | Line 31: | ||
|- align="left" valign="top" | |- align="left" valign="top" | ||
| id="r4c1-t2" headers="r1c1-t2" align="left" | | | id="r4c1-t2" headers="r1c1-t2" align="left" | | ||
| − | + | [[Configuring%20a%20Database%20Login%20(ELUG)#How to Configure Oracle Database Proxy Authentication Using Java|How to Configure Oracle Database Proxy Authentication Using Java]] | |
| headers="r4c1-t2 r1c2-t2" align="left" | | | headers="r4c1-t2 r1c2-t2" align="left" | | ||
[[Image:unsupport.gif|Unsupported]]<br> | [[Image:unsupport.gif|Unsupported]]<br> | ||
| Line 43: | Line 38: | ||
|- align="left" valign="top" | |- align="left" valign="top" | ||
| id="r5c1-t2" headers="r1c1-t2" align="left" | | | id="r5c1-t2" headers="r1c1-t2" align="left" | | ||
| − | + | [[#Using PostAcquireExclusiveConnection Event Handler|Using PostAcquireExclusiveConnection Event Handler]] | |
| headers="r5c1-t2 r1c2-t2" align="left" | | | headers="r5c1-t2 r1c2-t2" align="left" | | ||
[[Image:unsupport.gif|Unsupported]]<br> | [[Image:unsupport.gif|Unsupported]]<br> | ||
| Line 50: | Line 45: | ||
|- align="left" valign="top" | |- align="left" valign="top" | ||
| id="r6c1-t2" headers="r1c1-t2" align="left" | | | id="r6c1-t2" headers="r1c1-t2" align="left" | | ||
| − | + | [[#Using PreReleaseExclusiveConnection Event Handler|Using PreReleaseExclusiveConnection Event Handler]] | |
| headers="r6c1-t2 r1c2-t2" align="left" | | | headers="r6c1-t2 r1c2-t2" align="left" | | ||
[[Image:unsupport.gif|Unsupported]]<br> | [[Image:unsupport.gif|Unsupported]]<br> | ||
| Line 57: | Line 52: | ||
|- align="left" valign="top" | |- align="left" valign="top" | ||
| id="r7c1-t2" headers="r1c1-t2" align="left" | | | id="r7c1-t2" headers="r1c1-t2" align="left" | | ||
| − | + | [[#Using NoRowsModifiedSessionEvent Event Handler|Using NoRowsModifiedSessionEvent Event Handler]] | |
| headers="r7c1-t2 r1c2-t2" align="left" | | | headers="r7c1-t2 r1c2-t2" align="left" | | ||
[[Image:unsupport.gif|Unsupported]]<br> | [[Image:unsupport.gif|Unsupported]]<br> | ||
| Line 64: | Line 59: | ||
|- align="left" valign="top" | |- align="left" valign="top" | ||
| id="r8c1-t2" headers="r1c1-t2" align="left" | | | id="r8c1-t2" headers="r1c1-t2" align="left" | | ||
| − | + | [[#Accessing Indirection|Accessing Indirection]] | |
| headers="r8c1-t2 r1c2-t2" align="left" | | | headers="r8c1-t2 r1c2-t2" align="left" | | ||
[[Image:unsupport.gif|Unsupported]]<br> | [[Image:unsupport.gif|Unsupported]]<br> | ||
| Line 71: | Line 66: | ||
|} | |} | ||
| − | |||
These options are used throughout the isolated session life cycle (see [[Introduction%20to%20EclipseLink%20Sessions%20(ELUG)#Isolated Client Session Life Cycle|Isolated Client Session Life Cycle]]). | These options are used throughout the isolated session life cycle (see [[Introduction%20to%20EclipseLink%20Sessions%20(ELUG)#Isolated Client Session Life Cycle|Isolated Client Session Life Cycle]]). | ||
| + | |||
| + | |||
==Using PostAcquireExclusiveConnection Event Handler== | ==Using PostAcquireExclusiveConnection Event Handler== | ||
| Line 83: | Line 79: | ||
If you are not using Oracle Database proxy authentication, then, as part of the isolated session life cycle, you must implement a <tt>SessionEventListener</tt> for <tt>SessionEvent.PostAcquireExclusiveConnection</tt>. | If you are not using Oracle Database proxy authentication, then, as part of the isolated session life cycle, you must implement a <tt>SessionEventListener</tt> for <tt>SessionEvent.PostAcquireExclusiveConnection</tt>. | ||
| − | |||
{| class="Note oac_no_warn" width="80%" border="1" frame="hsides" rules="groups" cellpadding="3" frame="hsides" rules="groups" | {| class="Note oac_no_warn" width="80%" border="1" frame="hsides" rules="groups" cellpadding="3" frame="hsides" rules="groups" | ||
| Line 90: | Line 85: | ||
|} | |} | ||
| − | |||
===How to Use Java=== | ===How to Use Java=== | ||
| Line 97: | Line 91: | ||
This example illustrates a typical session event listener used to handle <tt>postAcquireExclusiveConnection</tt> events for an isolated session. | This example illustrates a typical session event listener used to handle <tt>postAcquireExclusiveConnection</tt> events for an isolated session. | ||
| − | |||
<span id="Example 88-1"></span> | <span id="Example 88-1"></span> | ||
| Line 113: | Line 106: | ||
| − | + | To get the required user credentials, use <tt>ClientSession</tt> method <tt>getConnectionPolicy</tt> to get the associated <tt>ConnectionPolicy</tt>, and then use <tt>ConnectionPolicy</tt> method <tt>getProperty</tt>. The <tt>ConnectionPolicy</tt> associated with the <tt>ClientSession</tt> should contain all required user credentials (see [[Configuring%20a%20Session%20(ELUG)#Configuring Connection Policy|Configuring Connection Policy]]). | |
| − | To get the required user credentials, use <tt>ClientSession</tt> method <tt>getConnectionPolicy</tt> to get the associated <tt>ConnectionPolicy</tt>, and then use <tt>ConnectionPolicy</tt> method <tt>getProperty</tt>. The <tt>ConnectionPolicy</tt> associated with the <tt>ClientSession</tt> should contain all required user credentials (see [[Configuring%20a%20Session%20(ELUG)|Configuring Connection Policy]]). | + | |
After you implement the required <tt>SessionEventListener</tt>, add it to the parent server session from which you acquire your isolated client session. For more information, see [[Configuring%20a%20Session%20(ELUG)#Configuring Session Event Listeners|Configuring Session Event Listeners]]. | After you implement the required <tt>SessionEventListener</tt>, add it to the parent server session from which you acquire your isolated client session. For more information, see [[Configuring%20a%20Session%20(ELUG)#Configuring Session Event Listeners|Configuring Session Event Listeners]]. | ||
| + | |||
| + | |||
==Using PreReleaseExclusiveConnection Event Handler== | ==Using PreReleaseExclusiveConnection Event Handler== | ||
| Line 126: | Line 120: | ||
If you are not using Oracle Database proxy authentication, then as part of the isolated session life cycle, you must implement a <tt>SessionEventListener</tt> for <tt>SessionEvent.PreReleaseExclusiveConnection</tt>. | If you are not using Oracle Database proxy authentication, then as part of the isolated session life cycle, you must implement a <tt>SessionEventListener</tt> for <tt>SessionEvent.PreReleaseExclusiveConnection</tt>. | ||
| − | |||
{| class="Note oac_no_warn" width="80%" border="1" frame="hsides" rules="groups" cellpadding="3" frame="hsides" rules="groups" | {| class="Note oac_no_warn" width="80%" border="1" frame="hsides" rules="groups" cellpadding="3" frame="hsides" rules="groups" | ||
| Line 133: | Line 126: | ||
|} | |} | ||
| − | |||
===How to Use Java=== | ===How to Use Java=== | ||
| Line 151: | Line 143: | ||
} | } | ||
} | } | ||
| − | |||
| − | |||
To get the required user credentials, use <tt>ClientSession</tt> method <tt>getConnectionPolicy</tt> to get the associated <tt>ConnectionPolicy</tt>, and then use <tt>ConnectionPolicy</tt> method <tt>getProperty</tt>. The <tt>ConnectionPolicy</tt> associated with the <tt>ClientSession</tt> should contain all required user credentials (see [[Configuring%20a%20Session%20(ELUG)#Configuring Connection Policy|Configuring Connection Policy]]). | To get the required user credentials, use <tt>ClientSession</tt> method <tt>getConnectionPolicy</tt> to get the associated <tt>ConnectionPolicy</tt>, and then use <tt>ConnectionPolicy</tt> method <tt>getProperty</tt>. The <tt>ConnectionPolicy</tt> associated with the <tt>ClientSession</tt> should contain all required user credentials (see [[Configuring%20a%20Session%20(ELUG)#Configuring Connection Policy|Configuring Connection Policy]]). | ||
After you implement the required <tt>SessionEventListener</tt>, add it to the parent server session, from which you acquire your isolated client session. For more information, see [[Configuring%20a%20Session%20(ELUG)#Configuring Session Event Listeners|Configuring Session Event Listeners]]. | After you implement the required <tt>SessionEventListener</tt>, add it to the parent server session, from which you acquire your isolated client session. For more information, see [[Configuring%20a%20Session%20(ELUG)#Configuring Session Event Listeners|Configuring Session Event Listeners]]. | ||
| + | |||
| + | |||
==Using NoRowsModifiedSessionEvent Event Handler== | ==Using NoRowsModifiedSessionEvent Event Handler== | ||
| Line 168: | Line 160: | ||
If optimistic locking is enabled and you query the database and violate your VPD security configuration, an <tt>OptimisticLockException</tt> is thrown even though the root cause of the failure was a security violation, not an optimistic locking issue. | If optimistic locking is enabled and you query the database and violate your VPD security configuration, an <tt>OptimisticLockException</tt> is thrown even though the root cause of the failure was a security violation, not an optimistic locking issue. | ||
| − | |||
{| class="Note oac_no_warn" width="80%" border="1" frame="hsides" rules="groups" cellpadding="3" frame="hsides" rules="groups" | {| class="Note oac_no_warn" width="80%" border="1" frame="hsides" rules="groups" cellpadding="3" frame="hsides" rules="groups" | ||
| align="left" | | | align="left" | | ||
| − | '''Note:''' You must add this session event listener to the server session from which you acquire your isolated client session. You cannot add them to the isolated client session itself. For more information, see [[Configuring%20a%20Session%20(ELUG)|Configuring Session Event Listeners]] | + | '''Note:''' You must add this session event listener to the server session from which you acquire your isolated client session. You cannot add them to the isolated client session itself. For more information, see [[Configuring%20a%20Session%20(ELUG)#Configuring Session Event Listeners|Configuring Session Event Listeners]] |
|} | |} | ||
| − | |||
===How to Use Java=== | ===How to Use Java=== | ||
| Line 183: | Line 173: | ||
You can use the existing session event API, such as <tt>getQuery().getResult()</tt>, to get the affected object, if any. | You can use the existing session event API, such as <tt>getQuery().getResult()</tt>, to get the affected object, if any. | ||
| − | After you implement the required <tt>SessionEventListener</tt>, add it to the parent server session, from which you acquire your isolated client session. For more information, see [[Configuring%20a%20Session%20(ELUG)|Configuring Session Event Listeners]]. | + | After you implement the required <tt>SessionEventListener</tt>, add it to the parent server session, from which you acquire your isolated client session. For more information, see [[Configuring%20a%20Session%20(ELUG)#Configuring Session Event Listeners|Configuring Session Event Listeners]]. |
| − | == | + | ==Accessing Indirection== |
As part of your general error handling strategy, your application should be prepared to handle a <tt>ValidationException</tt> of type <tt>ISOLATED_SESSION_IS_NO_LONGER_AVAILABLE</tt>. | As part of your general error handling strategy, your application should be prepared to handle a <tt>ValidationException</tt> of type <tt>ISOLATED_SESSION_IS_NO_LONGER_AVAILABLE</tt>. | ||
EclipseLink throws an <tt>ISOLATED_SESSION_IS_NO_LONGER_AVAILABLE</tt> when a client triggers the indirection (lazy loading) on an isolated object when the isolated session used to load that object is no longer available, that is, after you call the isolated session method <tt>release</tt>. | EclipseLink throws an <tt>ISOLATED_SESSION_IS_NO_LONGER_AVAILABLE</tt> when a client triggers the indirection (lazy loading) on an isolated object when the isolated session used to load that object is no longer available, that is, after you call the isolated session method <tt>release</tt>. | ||
| + | |||
| + | Ensure that you have instantiated every relationship that you need prior to calling the <tt>release</tt> method: to instantiate a one-to-one relationship, call the <tt>get</tt> method; to instantiate a one-to-many relationship, call the <tt>size</tt> method on the collection. | ||
Fore more information, see the following: | Fore more information, see the following: | ||
| − | * [[Introduction%20to%20EclipseLink%20Sessions%20(ELUG)|Exception Handlers]] | + | * [[Introduction%20to%20EclipseLink%20Sessions%20(ELUG)#Exception Handlers|Exception Handlers]] |
| − | * [[Configuring%20a%20Session%20(ELUG)|Configuring an Exception Handler]] | + | * [[Configuring%20a%20Session%20(ELUG)#Configuring an Exception Handler|Configuring an Exception Handler]] |
| Line 205: | Line 197: | ||
[[Category: EclipseLink User's Guide]] | [[Category: EclipseLink User's Guide]] | ||
| − | [[Category: | + | [[Category: Release 1]] |
[[Category: Task]] | [[Category: Task]] | ||
Latest revision as of 15:10, 16 July 2012
For the latest EclipseLink documentation, please see http://www.eclipse.org/eclipselink/documentation/
Contents
This table lists the configurable options for isolated sessions.
| Option to Configure | Workbench |
Java |
|---|---|---|
|
|
| |
|
|
| |
|
How to Configure Oracle Database Proxy Authentication Using Java |
|
|
|
|
| |
|
|
| |
|
|
| |
|
|
|
These options are used throughout the isolated session life cycle (see Isolated Client Session Life Cycle).
Using PostAcquireExclusiveConnection Event Handler
EclipseLink raises this event after an exclusive connection is allocated to an isolated session after the user has logged in to the database with it.
If you are using Oracle Database proxy authentication (see Oracle Database Proxy Authentication), then you do not need to implement this session event handler.
If you are not using Oracle Database proxy authentication, then, as part of the isolated session life cycle, you must implement a SessionEventListener for SessionEvent.PostAcquireExclusiveConnection.
|
Note: You must add this session event listener to the server session from which you acquire your isolated client session. You cannot add them to the isolated client session itself. For more information, see Configuring Session Event Listeners |
How to Use Java
The SessionEvent.PostAcquireExclusiveConnection event listener is your opportunity to authenticate your user and interact with the underlying database platform: for example, to execute PL/SQL to create VPD packages and set VPD context information.
This example illustrates a typical session event listener used to handle postAcquireExclusiveConnection events for an isolated session.
Session Event Listener for an Isolated Session
class VPDEventListener extends SessionEventAdaptor{
public void postAcquireExclusiveConnection(SessionEvent event){
ClientSession session = (ClientSession)event.getSession();
// Get property set on the ConnectionPolicy prior to acquiring the connection
String userLevel = session.getConnectionPolicy().getProperty("userLevel");
// Make the Stored Procedure call for VPD to set up the Context Information
session.executeNonSelectingSQL("StoreProcSetContextUser("+ userLevel + ")");
}
}
To get the required user credentials, use ClientSession method getConnectionPolicy to get the associated ConnectionPolicy, and then use ConnectionPolicy method getProperty. The ConnectionPolicy associated with the ClientSession should contain all required user credentials (see Configuring Connection Policy).
After you implement the required SessionEventListener, add it to the parent server session from which you acquire your isolated client session. For more information, see Configuring Session Event Listeners.
Using PreReleaseExclusiveConnection Event Handler
EclipseLink raises a SessionEvent.PreReleaseExclusiveConnection event after you call the isolated session method release.
If you are using Oracle Database proxy authentication (see Oracle Database Proxy Authentication), then you do not need to implement this session event handler.
If you are not using Oracle Database proxy authentication, then as part of the isolated session life cycle, you must implement a SessionEventListener for SessionEvent.PreReleaseExclusiveConnection.
|
Note: You must add this session event listener to the server session from which you acquire your isolated client session. You cannot add them to the isolated client session itself. For more information, see Configuring Session Event Listeners |
How to Use Java
The SessionEvent.PreReleaseExclusiveConnection event listener gives you an opportunity to interact with the underlying database platform: for example, to perform any VPD-specific cleanup such as executing PL/SQL to delete VPD packages or context information.
This example illustrates a typical session event listener used to handle preReleaseExclusiveConnection events for an isolated session.
Session Event Listener for an Isolated Session
class VPDEventListener extends SessionEventAdaptor{
public void preReleaseExclusiveConnection(SessionEvent event){
Session session event.getSession();
// Make the Stored Procedure call for VPD to reset the Context Information
session.executeNonSelectingSQL("StoreProcResetContext()");
}
}
To get the required user credentials, use ClientSession method getConnectionPolicy to get the associated ConnectionPolicy, and then use ConnectionPolicy method getProperty. The ConnectionPolicy associated with the ClientSession should contain all required user credentials (see Configuring Connection Policy).
After you implement the required SessionEventListener, add it to the parent server session, from which you acquire your isolated client session. For more information, see Configuring Session Event Listeners.
Using NoRowsModifiedSessionEvent Event Handler
As part of your general error handling strategy, you should implement a SessionEventListener for SessionEvent.NoRowsModifiedSessionEvent.
EclipseLink raises this event when an update or delete query is executed against the database, but no rows are updated, that is, a zero row count is returned.
If optimistic locking is not enabled and you query the database and violate your VPD security configuration, no exception is thrown: the query simply returns zero rows updated.
If optimistic locking is enabled and you query the database and violate your VPD security configuration, an OptimisticLockException is thrown even though the root cause of the failure was a security violation, not an optimistic locking issue.
|
Note: You must add this session event listener to the server session from which you acquire your isolated client session. You cannot add them to the isolated client session itself. For more information, see Configuring Session Event Listeners |
How to Use Java
This event listener gives you an opportunity to determine whether the update failure was due to a security violation (in which case you should not retry the operation), or due to an optimistic lock issue (in which case a retry may be appropriate).
You can use the existing session event API, such as getQuery().getResult(), to get the affected object, if any.
After you implement the required SessionEventListener, add it to the parent server session, from which you acquire your isolated client session. For more information, see Configuring Session Event Listeners.
Accessing Indirection
As part of your general error handling strategy, your application should be prepared to handle a ValidationException of type ISOLATED_SESSION_IS_NO_LONGER_AVAILABLE.
EclipseLink throws an ISOLATED_SESSION_IS_NO_LONGER_AVAILABLE when a client triggers the indirection (lazy loading) on an isolated object when the isolated session used to load that object is no longer available, that is, after you call the isolated session method release.
Ensure that you have instantiated every relationship that you need prior to calling the release method: to instantiate a one-to-one relationship, call the get method; to instantiate a one-to-many relationship, call the size method on the collection.
Fore more information, see the following: