Is it possible to use integrated login in web app deployed on GlassFish web container? Clients are Microsoft Domain users; SQL Anywhere database server and GlassFish server are working on the same computer. I can do it when I map 'SYSTEM' ID to 'DBA' for instance, but it doesn't make sense, because I would like to control which MS Domain user is operating on database. Thanks for your patience.

asked 29 Jun '13, 11:53

Serg's gravatar image

Serg
36347
accept rate: 0%

Just to ask: Have you tried to use the integrated login feature available in SQL Anywhere and are running into problems, or is this just a general question on the availibility of such a feature?

AFAIK, integrated login should work in your case if the web server does use the OS user credentials to establish the database connection (i.e. if the web server does not use a general/particular user for its db connections).

(01 Jul '13, 10:37) Volker Barth

Thanks for your reply. Yes, I have tried. In general it works. While developing my web app, I tested it on locally running web server (in the NetBeans IDE). It uses OS user credentials and integrated login works fine (assume example mapping: MSDomain_user1 -> SQLAnywhere_user1).

When I deployed my web app on the target web server, running on the other computer (with other MS Domain user creentials), I had to mapped, of course, the Windows user (MSDomain_user2 -> SQLAnywhere_user2) to establish database connection.

My problem is I would like to use integrated login feature and know that MSDomain_user1 does perform database request via web server (MSDomain_user2), not MSDomain_user2 mapped to SQLAnywhere_user2. I am not sure it is Glassfish configuration issue or SQLAnywhere one.

(01 Jul '13, 16:46) Serg
Replies hidden
1

Sorry, I can't tell for GlashFish - I have only used older J2EE web servers with Tomcat. However, the real question seems to be whether the web server will impersonate the domain user ("MSDomain_user1" in your case) or will use its own account ("MSDomain_user2") to establish the connection.

You can find out via sa_conn_info() and "select connection_property('OSUser')" what user does actually connect. If you do use integrated logins and the outcame is different from your requirements, I'd think it would need to be configured within GlassFish - if there's such an option.

(01 Jul '13, 17:23) Volker Barth

I assume Glassfish is connecting over JDBC to SQL Anywhere (either SAJDBC or jConnect?)

What is the login mechanism for users connecting to the Glassfish server? If users aren't even logging in over a domain login mecahnism (e.g. NTLM), there won't be any chance for Glassfish to pass them along to the JDBC information.


As far as I'm aware, the JDBC driver connection username/password information for the Glassfish server is hard-coded in the server configuration - this doesn't allow you to dynamically map usernames to JDBC connection information at runtime. It seems that you can dynamically reconfigure the JDBC pool information, but it looks like these types of operations will destroy the pool each time, which wouldn't be very effective for each user logging in...

This seems to be more of a Glassfish question as to how to pass NTLM information to the JDBC connection - perhaps you could try the Glassfish forums?

permanent link

answered 04 Jul '13, 10:40

Jeff%20Albion's gravatar image

Jeff Albion
10.7k171174
accept rate: 24%

Thanks for your reply.

Answering your questions: in the exact case I use SAJDBC driver. Using jConnect I wasn't able to get proper SQLWarnings/SQLException errorCode's description, when something went wrong with database connection (when I tested integrated login). Users are logging into the domain (MS Windows Domain) after that run browser and (that was my idea) logging into database via web app (on Glassfish).

I've got almost to the same conclusion. I have to search Glassfish forum but don't expect to much.

(04 Jul '13, 16:30) Serg
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×6

question asked: 29 Jun '13, 11:53

question was seen: 942 times

last updated: 04 Jul '13, 16:30