1

I've got Java web application running on Tomcat with SSO via SPNEGO/Kerberos and I want to pass kerberos ticket to database, Oracle DB in my case (like impersonation in MS products). I've found an example of implementation (http://docs.oracle.com/cd/B28359_01/java.111/b31224/clntsec.htm):

Connection conn = (Connection)Subject.doAs(specificSubject, new PrivilegedExceptionAction({
   public Object run() {
   Connection con = null;
   Properties prop = new Properties();
   prop.setProperty(AnoServices.AUTHENTICATION_PROPERTY_SERVICES,"("+AnoServices.AUTHENTICATION_KERBEROS5 + ")");
   try {
    OracleDriver driver = new OracleDriver();
    con = driver.connect(url, prop);
    }catch (Exception except){
    except.printStackTrace();
    }
    return con;
    }
    }); 
    String auth = ((OracleConnection)conn).getAuthenticationAdaptorName();
    System.out.println("Authentication adaptor="+auth);
    printUserName(conn);
    conn.close();

But as it is known to create a new connection is an expensive operation. To solve this problem commonly used connection pooling (like c3p0), but I cant find example, how to combine code above and connection pool. Is there any example?

Vladimir Kravets
  • 330
  • 6
  • 21
  • Hi. Sorry for the very delayed response, but to solve your problem acquire a Connection from a Connection pool like c3p0, and then use the unwrap(...) method in JDBC 4 to get at the underlying OracleConnection. ( If you are using an older version of c3p0 than c3p0-0.9.5-preX, you'd need to use c3p0's raw Connection operations, http://www.mchange.com/projects/c3p0/#raw_connection_ops ) – Steve Waldman Oct 05 '14 at 09:12
  • Hi. I cant fully understand proposed solution. Lets say I've got some connections in pool, which established under some technological user.So I acqure one of them, unwrap to underlying OracleConnection and what should I do then? How to pass ticket to this connection? – Vladimir Kravets Oct 06 '14 at 10:19
  • I can't really help you with the Kerberos stuff; I just don't know it well. But everything you so in the code snippet above you could easily do with a c3p0 DataSource, unwrapping where necessary to the underlying Oracle Connection. Instead of using OracleDriver directly, you'd use a JDBC url that resolves to that driver. To connect with `props`, you'd set the same values in the Properties object associated with c3p0 DataSources. – Steve Waldman Oct 06 '14 at 10:31

0 Answers0