cancel
Showing results for 
Search instead for 
Did you mean: 

Integrated login from web app on GlassFish

Former Member
2,746

Is it possible to use integrated login in web app deployed on GlassFish web container? Clients are Microsoft Domain users; SQL Anywhere database server and GlassFish server are working on the same computer. I can do it when I map 'SYSTEM' ID to 'DBA' for instance, but it doesn't make sense, because I would like to control which MS Domain user is operating on database. Thanks for your patience.

VolkerBarth
Contributor
0 Kudos

Just to ask: Have you tried to use the integrated login feature available in SQL Anywhere and are running into problems, or is this just a general question on the availibility of such a feature?

AFAIK, integrated login should work in your case if the web server does use the OS user credentials to establish the database connection (i.e. if the web server does not use a general/particular user for its db connections).

Former Member
0 Kudos

Thanks for your reply. Yes, I have tried. In general it works. While developing my web app, I tested it on locally running web server (in the NetBeans IDE). It uses OS user credentials and integrated login works fine (assume example mapping: MSDomain_user1 -> SQLAnywhere_user1).

When I deployed my web app on the target web server, running on the other computer (with other MS Domain user creentials), I had to mapped, of course, the Windows user (MSDomain_user2 -> SQLAnywhere_user2) to establish database connection.

My problem is I would like to use integrated login feature and know that MSDomain_user1 does perform database request via web server (MSDomain_user2), not MSDomain_user2 mapped to SQLAnywhere_user2. I am not sure it is Glassfish configuration issue or SQLAnywhere one.

VolkerBarth
Contributor

Sorry, I can't tell for GlashFish - I have only used older J2EE web servers with Tomcat. However, the real question seems to be whether the web server will impersonate the domain user ("MSDomain_user1" in your case) or will use its own account ("MSDomain_user2") to establish the connection.

You can find out via sa_conn_info() and "select connection_property('OSUser')" what user does actually connect. If you do use integrated logins and the outcame is different from your requirements, I'd think it would need to be configured within GlassFish - if there's such an option.

Accepted Solutions (0)

Answers (1)

Answers (1)

jeff_albion
Advisor
Advisor

I assume Glassfish is connecting over JDBC to SQL Anywhere (either SAJDBC or jConnect?)

What is the login mechanism for users connecting to the Glassfish server? If users aren't even logging in over a domain login mecahnism (e.g. NTLM), there won't be any chance for Glassfish to pass them along to the JDBC information.


As far as I'm aware, the JDBC driver connection username/password information for the Glassfish server is hard-coded in the server configuration - this doesn't allow you to dynamically map usernames to JDBC connection information at runtime. It seems that you can dynamically reconfigure the JDBC pool information, but it looks like these types of operations will destroy the pool each time, which wouldn't be very effective for each user logging in...

This seems to be more of a Glassfish question as to how to pass NTLM information to the JDBC connection - perhaps you could try the Glassfish forums?

Former Member
0 Kudos

Thanks for your reply.

Answering your questions: in the exact case I use SAJDBC driver. Using jConnect I wasn't able to get proper SQLWarnings/SQLException errorCode's description, when something went wrong with database connection (when I tested integrated login). Users are logging into the domain (MS Windows Domain) after that run browser and (that was my idea) logging into database via web app (on Glassfish).

I've got almost to the same conclusion. I have to search Glassfish forum but don't expect to much.