tags:

views:

70

answers:

3
+2  Q: 

servlet connection to DB

Initially, after reading books on the subject, I firmly believed that the algorithm for working with a database from a servlet is as follows: create a connection -> connect to the database -> form a request -> send the request to the database -> get the query results -> process them -> close connection -> OK.

Now, with a better understanding of the practical side, I realized that nobody does it that way, and everything happens through a connection pool according to the following algorithm:

initialize the servlet -> create a connection pool -> a request comes from a user -> take a free connection from the pool -> form a request -> send the request to the database -> get the query results -> process them -> return the connection back to the pool -> ok.

Now I have this problem: We have 100 users, they are divided into 10 groups, each group has it's own username and password to connect to the database. Moreover, each group may have different rights to the database. How am I supposed to use a connection pool in this situation? If I understand correctly, a pool is nothing more than just a group of similar connections with a single login and password. And here I have 10 pairs of username / password. It looks like I cannot use the pool in this situation. What should I do?

+2  A: 

Use 10 connection pools, one per group.

Brian  2010-03-15 10:14:22
+1, even though this works only if the number of groups is limited and known at server deploy time (when you configure the pools). If that is not the case, you'd probably need a "pool of pools"...
Thilo  2010-03-15 10:26:06
Indeed - this is inherently not particularly scalable (200 groups? yuck), and I'd certainly urge the OP to consider whether it's 10 distinct DB connection pools necessary, or whether there are in fact 10 sets of application authorisation privileges which could be managed by 1 connection pool with the user privileges stored in tables.
Brian  2010-03-15 10:51:03
+1  A: 

If you are using a servlet, I assume some front end screens will be what the 10 end user groups will see? Wont there be varying functionality for each user group with the Authorization rights being controlled by the servlet?

In that case, the DB connection would be the same for all. Why is the code actually needing separate database connection rights? Are they using separate schemas altogether in which case you would need separate connections?

JoseK  2010-03-15 10:15:00
+1  A: 

The usual way is the three-tier scenario, where the servlet connects to the DB using a dedicated DB user account for itself, and does all the work on behalf of the users. Access control is in this case left to the servlet, the DB will just do anything the servlet asks it to. This dedicated account will need to have access to all of the users' data.

This approach does have drawbacks, especially if you already have a culture/infrastructure of managing user permissions in the database. If you want to preserve this, you'd have to configure separate pools for each user group, which unless the number of groups is fixed and known in advance cannot be done with simple (file-based) configuration, or forgo pooling and hope that the DB is fast enough with the fresh connections.

Thilo  2010-03-15 10:32:51

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java