9:50 p.m.
Yaguo Zhou [https://community.jboss.org/people/zhouyaguo] created the discussion
"Re: Feature request:Add an interface to allow end-user to have a second chance to
create a normal database connection after failling to get connection because of database
password error"
To view the discussion, visit: https://community.jboss.org/message/789554#789554
--------------------------------------------------------------
Appreciate for your reply and sorry for my late response because of my busy work.
Let me describe my new feature's scenario more clearly:
For financial security reason, DBA in our company must change our database's password
every 2 or 3 months, but unfortunately, every time after passwods are changed, we have to
modify datasource password in java application server(we are using JBoss 5.1) and restart
it, meanwhile, we sometimes forgot to change and restart one of our jboss instances,
because we have dozens of web application located on many jboss instance.so what we want
is that after DBA changed passwords, jboss can get the new password when receive a new
http request and store the password in memory(in mbean or one property of class).
so we think about a solution and have finished it already:
step1. we developed a socket server program which is used to receive command message to
save password and query password of databases(socket message format is design by our own
and we call the socket server as DBPM server)
step2. DBA change the password through IBM Tivoli that is extended by our programmer to
send password to DBPM server meanwhile, and DBPM server will store it centrally.
step3. I hack the code
org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.java as follows:
private LocalManagedConnection getLocalManagedConnection(Properties
props,Properties copy)
throws JBossResourceException
{
boolean debug = log.isDebugEnabled();
Connection con = null;
try
{
String url = getConnectionURL();
Driver d = getDriver(url);
// alreay got the new password
if(this.newPasswordFromDbpm != null){
copy.setProperty("password",
newPasswordFromDbpm);
}
try{
con = d.connect(url, copy);
}catch(SQLException e){
if(debug){
log.debug("ErrorCode:"+e.getErrorCode() + " " +
"SQLState:"+e.getSQLState());
}
// for mysql and db2
if("28000".equals(e.getSQLState())){
if(debug){
log.debug("we catch a
SQLException(SQLState=28000), so try to get new password from DBPM server, and then
reconnect the database");
}
String dbName =
url.split(":")[3].split("/")[1]; // get database name from url
String dbUserNm =
copy.getProperty("user");
//try to get password!
String dbpmPassword =
DsPasswdGetter.doGetPasswd(dbName, dbUserNm, false);
if(dbpmPassword != null){
if(debug){
log.debug("get
dbpmPassword ok.. begin to reconnect the database");
}
copy.setProperty("password", dbpmPassword);
this.newPasswordFromDbpm =
dbpmPassword;
//write it to xml configuration file
if(securityDomain != null){
Properties prop = new
Properties();
prop.setProperty(securityDomain, dbpmPassword);
if(debug){
log.debug("begin to write dbpmPassword to login-config.xml");
}
UpdateJdbcPassword.doModifyPasswd(prop);
}else{
throw new
JBossResourceException("securityDomain is null");
}
//begin to reconnect
con = d.connect(url, copy);
}else{
//error to get password from DBPM
server
throw new
JBossResourceException("Can not get password from dbmp server for
[dbName:"+dbName+", dbUserNm:"+dbUserNm+"]");
}
}
if(con==null)
throw new JBossResourceException("Wrong driver
class for this connection URL");
}
return new LocalManagedConnection(this, con, props,
transactionIsolation, preparedStatementCacheSize);
}
catch (Throwable e)
{
if (con != null)
{
try
{
con.close();
}
catch (Throwable ignored)
{
}
}
throw new JBossResourceException("Could not create
connection", e);
}
}
step4. now suppose a http request arrived and all existing connected
connections in pool are busy, so jca try to establish a new connection , and then flow
into my code above.
step5. my code above will fetch the correct password back and reconnect successfully.
step6. jca return a correct connection to web application. i am happy to see that web
application don't even know jca has helped him to get the correct password.
step7. so now we don't need to modify and restart jboss instance any more.
The problem is that my hacked code doesn't merge into upstream trunk , and now
it's in my own branch. so i will very happy to *implements* a interface to do things
above to avoid hacking the jca source code. many thanks!
Best Regards,
Yaguo
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/789554#789554]
Start a new discussion in IronJacamar at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]