4

I am trying to figure the best / "correct" place to put the following logic in my Delphi datasnap server.

A user connects to the server, and using the credentials provided I validate them using a centralized AuthorizationDatabase (Oracle database). If they are, in fact, a valid user, I want to then given them a connection to where their data actually resides based on what the authorization repository says (could be another host,database,username, password).

I have the AuthorizationDatabase in its own server class, which is server life cycle, since noone can get in without being validated there. Does this create a problem with concurrency? 10 users login to be validated at the same time, will this work ok?

I have a base server module, which all session level data modules derive from, which has the application connection. The application connection parameters can change based on the user logging in.

The problem I am having is where to put the authorization / validation / new DB parameter assignment process.

Where does this kind of two-step database approach best fit? This seems rather common, that a user is verified in one place, but the data they are ultimately going to be accessing is in another.

In reviewing the examples, I don't see an obvious place it would go.

Johan
  • 74,508
  • 24
  • 191
  • 319
Jim Eckels
  • 179
  • 1
  • 8

1 Answers1

2

It is not safe to share one connection across multiple sessions, you will get a "Read error" or some other error when 2 sessions try to read the database at same time.

But you can have a centralized place for login, just make it thread safe, this will do:

TMonitor.Enter(LoginDM);
Try
 valid := LoginDM.Login(username, password);
finally
  TMonitor.Exit(LoginDM);
end;

About the user acessing data, as each user will have his own session which runs on a thread, you can create one connection per ServerClass instance and define the lifecicle to "Session", so each new session will spawn a new ServerMethod's class instance and have its own connection, this way you do not need to worry about the way you write your server methods, as they will always have they own "exclusive" connection.

Fabio Gomes
  • 5,914
  • 11
  • 61
  • 77
  • 1
    It looks like this can lead to code duplication (and forgetting the Enter/Exit) - placing the TMonitor.Enter/TMonitor.Exit inside the LoginDM.Login method would reduce this – mjn May 23 '14 at 09:40
  • @mjn Yes, that would be better. – Fabio Gomes May 23 '14 at 12:45