Skip to Main Content

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to correctly implement Oracle VPD Without Oracle Database Proxy Authentication

Scott GeranenAug 4 2017 — edited Aug 18 2017

We are implementing a Virtual Private Database and using EclipseLink in our application.  We are using WebLogic 12.1.3 with the built-in version of EclipseLink (2.5.2) and Oracle Database 12.1.0.2.0.  Our application requires JTA as we receive JMS messages, read/update the database, and send JMS messages within distributed transactions.

http://www.eclipse.org/eclipselink/documentation/2.5/concepts/data_access004.htm clearly states that "EclipseLink does not support Oracle Database proxy authentication with JTA."  Therefore, we attempted to implement session event handlers per "Oracle VPD Without Oracle Database Proxy Authentication" in http://docs.oracle.com/middleware/1213/toplink/solutions/oracledb.htm#TLADG1060.  In our postAcquireExclusiveConnection event listener, we set the CLIENT_IDENTIFIER using:

                new SQLCall("CALL DBMS_SESSION.SET_IDENTIFIER('" + callerPrincipal + "')");

And we cleared the client CLIENT_IDENTIFIER in the preReleaseExclusiveConnection event listener using

                new SQLCall("CALL DBMS_SESSION.CLEAR_IDENTIFIER()");

However, transactions in this configuration would not have the CLIENT_IDENTIFIER principal assigned.  When we disabled the clear of the client CLIENT_IDENTIFIER in the preReleaseExclusiveConnection, but continued to assign the CLIENT_IDENTIFIER in the postAcquireExclusiveConnection event listener, transactions would then have a CLIENT_IDENTIFIER principal, but the value appears to be from the previous transaction.  Instead, we have it working (as far as we can tell so far) by setting it in the postBeginTransaction event and resetting it in the postCommitTransaction and postRollbackTransaction events.

In case it is relevant, we have the following properties set in persistence.xml:

           <property name="eclipselink.cache.shared.default" value="false"/>
           <property name="eclipselink.jdbc.exclusive-connection.mode" value="Always" />
           <property name="eclipselink.query-results-cache" value="false" />
           <property name="eclipselink.target-server" value="WebLogic_10" />
                               

Questions:
1. Could the problem we see with postAcquireExclusiveConnection be a bug in EclipseLink 2.5.2?
2. Could we be missing a property to make postAcquireExclusiveConnection behave properly?
3. Is it OK to use postBeginTransaction or are we going to run into other problems?
4. Should we be using some other event such as postAcquireUnitOfWork?

Comments

Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Sep 15 2017
Added on Aug 4 2017
1 comment
768 views