Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Auditing original user in an n-tier environment

RE: Auditing original user in an n-tier environment

From: Davey, Alan <ddavey_at_harris.com>
Date: Mon, 23 May 2005 09:35:31 -0400
Message-ID: <A223847B255BF54FBE6AFEEF58F0C16F874372@mlbe2k6.cs.myharris.net> 





I've been trying to do implement something similar as well.=20



There is also the option of proxy authentication.  In a nutshell, proxy
authentication allows you to connect as a regular database user over the
deployed username/password deployed on the application server.  In this
manner, all database operations (roles, auditing, etc.) are applied as
if the user had logged in directly. =20


Take a look at:


http://download-west.oracle.com/docs/cd/B14117_01/java.101/b10979/proxya
.htm#sthref2137



http://asktom.oracle.com/pls/ask/f?p=3D4950:8:18420196747264677761::NO::F=
4


950_P8_DISPLAYID,F4950_P8_CRITERIA:21575905259251


http://www.oracle.com/technology/sample_code/tech/java/sqlj_jdbc/files/9
i_jdbc/OCIMidAuthSample/Readme.html



One thing I haven't been able to figure out is how to implement this as
a managed connection pool within OC4J.  It seems that I need to manage
the connection pool within my java application itself.  But as I'm
pretty new to web applications, I'm probably missing something basic.



HTH,


Alan Davey




> -----Original Message-----

> We are fighting the exact same fight.  Oracle provides a mechanism

> with DBMS_SESSION.set_context and sys_context.  However, this is not a

> magic bullet.  We have a web-based application with pooled

> connections.



>=20


> ...


--
http://www.freelists.org/webpage/oracle-l


Received on Mon May 23 2005 - 09:40:15 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US