In short, how can I restrict access to connection pool X based on application name or JAR name? A simple use case might help...
A business web-app (call it WEB_APP_A) uses pool Y to do basic look-up SQL. Some users of this web-app have access to also update some sensitive data in the database. This code is provided by a JAR file (call it HR_JAR) that can be dropped in where needed. This JAR uses pool X for all of it's connections.
We don't want developers of WEB_APP_A using pool X. We only want HR_JAR using pool X. This is to keep devs of WEB_APP_A from accidentally or intentionally abusing the access pool X provides.
Some considerations:
- This is legacy code so HR_JAR is here to stay
- We are running on Weblogic 9.2
- We can not keep passwords in any from in the source code
- We have researched weblogic user level authn/authz for JDBC resources but then this begs the question; how do we secure the user creds we use to become a user per app/jar?
Ideas? Thoughts? I can elaborate more on what I have tried, but I wanted fresh ideas.