使用Java EE中的Enduser证书通过JPA访问数据库 [英] Accessing the Database via JPA with the Enduser's Credentials in Java EE
问题描述
我正在开发一个JavaEE项目,其中 WildFly , Hibernate ( JPA ), C3P0 和 MS SQL Server 数据库。
I am working on a JavaEE project with WildFly, Hibernate (JPA), C3P0 and a MS SQL Server database.
数据库是一个遗留数据库,有超过一千个数据库对象,如存储过程,函数,视图,触发器等等。所有这些数据库对象都在用户角色级别上设置了细粒度的权限。
The database is a legacy database with more than a thousand Database Objects like Stored Procedures, Functions, Views, Triggers and so on. All these database Objects have fine grained Permissions set on User Role level.
现在我需要访问此数据库JavaEE Web应用程序。我的问题是,通常的JPA配置让我在配置文件中只为数据库设置一个用户名/密码。我找不到任何方法来配置JPA层,以便使用Enduser的Login访问数据库。
Now I need to access this database with a JavaEE Web Application. My Problem is, that the usual JPA configuration let me set only one Username/Password for the Database in the configuration file. I can not find any way to configure the JPA layer so that will access the DB with the Enduser's Login.
我最终通过调用
EntityManagerFactory entityManagerFactory =
Persistence.createEntityManagerFactory(properties_with_credentials_here)
每个用户一次。
这种方法的问题在于,这将基本上实例化每个用户的整个JPA层并消耗太多内存。当然,我没有使用任何类型的缓存层。内存仅用于实体元信息(很多)。
The problem with this approach is, that this will basically instantiate the whole JPA layer per User and eat up way too much memory. I am not using any sort of Cache layer, of course. The memory is used just for the Entities meta information (which is a lot).
现在我的原始问题:JavaEE(JPA)中是否有任何标准方式使用Enduser的登录名和密码访问数据库层?
Now my original question: Is there any 'standard' way in JavaEE (JPA) to access the database layer with the Enduser's Login and Password?
我无法相信我是第一个遇到这种情况的人。在我看来,模拟在 .net Web应用程序中非常正常。所以必须有这样的方法在Java中这样做,我想。
I can not believe that I am the first person to encounter this situation. It seems to me, that 'impersonation' is quite normal in .net Web Applications. So there must be way to do this in Java, i guess.
任何评论或提示或新方法都非常受欢迎。
Any comments or hints or new approaches are highly welcome.
推荐答案
JavaEE中的标准方式是让应用程序用户访问数据库并实现基于用户的访问权限通过应用程序中的角色。
The 'standard' way in JavaEE is to have an application user for accessing the database and achieve user-based access-rights through roles in your application.
如果您需要依赖现有的数据库用户,您唯一的机会是为每个用户或每个请求建立连接。然后,实体管理器会消耗一些内存,因为它被设计为应用程序的持久化上下文(因此也就是某种缓存)。
If you need to rely on existing database user, your only chance is to establish a connection per user or per request. The entity manager would then indeed consume some memory as it's designed to be your application's persistence context (and thus some sort of cache).
也许你可以做一些权衡这里通过普通JDBC访问那些真正必须基于用户的部分,以及具有扩展权限的某些应用程序用户可能执行的数据库程序和其他部分,以确保以编程方式进行必要的用户限制。
Maybe you can have some trade-off here by accessing those parts which really have to be user-based by plain JDBC and potential execution of database procedures and others by some application user with extended rights which ensures the necessary user restrictions programmatically.
这篇关于使用Java EE中的Enduser证书通过JPA访问数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
