RE: Auditing original user in an n-tier environment
- From: "Davey, Alan" <ddavey@xxxxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Mon, 23 May 2005 09:35:31 -0400
I've been trying to do implement something similar as well.=20
There is also the option of proxy authentication. In a nutshell, proxy
authentication allows you to connect as a regular database user over the
deployed username/password deployed on the application server. In this
manner, all database operations (roles, auditing, etc.) are applied as
if the user had logged in directly. =20
Take a look at:
http://download-west.oracle.com/docs/cd/B14117_01/java.101/b10979/proxya
.htm#sthref2137
http://asktom.oracle.com/pls/ask/f?p=3D4950:8:18420196747264677761::NO::F=
4
950_P8_DISPLAYID,F4950_P8_CRITERIA:21575905259251
http://www.oracle.com/technology/sample_code/tech/java/sqlj_jdbc/files/9
i_jdbc/OCIMidAuthSample/Readme.html
One thing I haven't been able to figure out is how to implement this as
a managed connection pool within OC4J. It seems that I need to manage
the connection pool within my java application itself. But as I'm
pretty new to web applications, I'm probably missing something basic.
HTH,
Alan Davey
> -----Original Message-----
> We are fighting the exact same fight. Oracle provides a mechanism
> with DBMS_SESSION.set_context and sys_context. However, this is not a
> magic bullet. We have a web-based application with pooled
> connections.
>=20
> ...
--
//www.freelists.org/webpage/oracle-l
Other related posts:
