Toplink and Oracle VPD

Our dba's have VPD set up which limits data depending on who is logged in. Can this be supported with Toplink in 'Server' mode, using Session beans with POJO's?
thanks,
craig
ps. if this is not supported, any suggestions?

Craig,
This is not currently an out of the box capability, but through TopLink's public API it has been successfully implemented at a couple of customer sites. These extensions to the TopLink persistence architecture have been done through our technical services team. Drop me an e-mail ([email protected]) and I'll connect you with the team to discuss your specific requirements and solution options.
There are a number of ways Label Security (VPD) can be used from Java with TopLink. The solution used so far involves a custom OCI connection pool that TopLink can switch the user at runtime on. Then depending on the granularity of your user security requirements the TopLink sessions (shared or isolated) can be overlaid using these shared connections. Your application will need to provide user credentials to TopLink so the connection can be properly switched and TopLink's session cache will need to ensure the trusted application only sees cached objects valid for the provided user.
We are working on adding this support more seamlessly for an upcoming release.
Doug

Similar Messages

  • ODI and Oracle VPD

    Hi,
    In order to access the data in a Oracle VPD enabled database - user identity needs to be propagated (setting the client identifier or setting a oracle user defined context).
    In ODI the "On Connect/Disconnect" in the physical data server definition may be used to invoke a pl/sql procedure at the connect time to set the Oracle user defined context.
    Few questions:
    1. If the load plan has multiple scenarios they will be executed in different Oracle sessions(one scenario - one DB session) will this "On Connect/Disconnect" procedure fire every time a new Oracle session is created?
    Its executing just once so the context setting is not happening for all the scenarios.
    2. Is there a way to run multiple scenarios in a single oracle session?
    Thanks
    Amit

    Sounds like bug 14067871
    Cheers
    David

  • Sequence caching with toplink and oracle caching

    Hi,
    In my application, I use toplink as a JPA provider. For performance reasons, I defined an allocationSize on sequence generator for some persistence objects. I read some documentation to understand how it works, the result of my research is that the allocationSize of sequence generator must match with the increment value of the sequence in database.
    So if I want to cache 1000 of values, I must define on my sequence generator allocationSize of 1000 and create a sequence like this : create sequence myseq increment by 1000. Am I right ?
    Second question, what if my sequence define a cache in the database. For example, create sequence myseq increment by 1000 cache 20.
    Does it mean that 20 values will be cached or 1000*20 values will be cached ? Is the cache size defined per session or for all the sessions of the database ?
    Thanks.
    Will.

    Thank you for your response.
    I used the default parameter of toplink (increment by 50) and I left a cache size of 20 on database side.
    But I noticed that whenever the server restarts, I "lost" between 900 and 1000 ids (nearly 20*50). So even if sequence cache on oracle size is non transactional, I think there is a kind of prefetch somewhere on the server side. I must not lost more than 50 ids when a server restarts.
    If I remove the cache on database side, then the behavior is correct (the expected one to be more precise).
    Is there any kind of sequence caching in oracle jdbc drivers ?
    Thanks.
    Will.

  • Toplink and VPD

    Hi,
    In a three-tier architecture, has anyone successfully implemented VPD in combination with Toplink and a ConnectionPool?
    When all my web-users are connecting to the database with the same (connection pool) credentials, how, when and where do I tell my database who is really logged in (web-user) and thus how to set the specific VPD for that web-user?
    Thanks. I already read another post on this forum mentioning that VPD support would be included in an upcoming release of TopLink.
    Re: toplink and Oracle VPD
    I also heard of a patch to download. Can anyone verify this?

    Just to add an extra question: Is it true that when one is using chained Toplink actions in a request-response cycle that each action will fetch its own connection from the pool and thus for each time a connection is fetched the VPD needs to be set again?
    This in contrast with BC4J, where all actions in a request-response cycle will share the same application module and thus the same connection.
    Bottom line: how to configure Toplink so that for each fetched connection it tells the database: "Hey, its me again, please set the application context (VPD) to my own personal values, so I will only see my own records"?
    . And to clean it up nicely: just before the connection is released to the pool: "Ok, I'm done, please reset the application context, so other users will not be bothered by my context".
    Hard to believe nobody has tried this before.

  • Using Clob with TopLink 9.0.4.5 and Oracle 10g RAC

    I am trying to store an XML file in a Clob type field of a DB table using TopLink 9.0.4.5 and Oracle 10g RAC and need some guidance about how to do it. I got some directions to start it with the Tip "How-To: Map Large Objects (LOBs) to Oracle Databases with OracleAS TopLink" but still need some more helps.
    When using the Oracle JDBC OCI driver, the tip gives the code block for a Clob field:
    DirectToField scriptMapping = new DirectToField();
    scriptMapping.setAttributeName("script");
    scriptMapping.setFieldName("IMAGE.SCRIPT");
    descriptor.addMapping(scriptMapping);
    As I understand, TopLink creates instances of the Descriptor class at run time for each of the descriptor files and stores them in a database session, where is the proper place (in SessionEvent of TopLinkSessionEventHandler?) for me to get a reference to such an instance of my Descriptor class in Java code so that I can add the above mentioned additional Mapping? Are the above String values of "script" and "IMAGE.SCRIPT" predefined in TopLink API? Can I accomplish the same thing just using the TopLink Workbench tool instead? If yes, please advise the detailed steps to do so.
    The tip also states to call the following code in case of using Clob:
    DatabaseLogin login = session.getLogin();
    login.useStringBinding();
    Should the above 2 lines of code be called after the following lines of code?
    SessionManager sessionManager = SessionManager.getManager();
    Server serverSession = (Server)sessionManager.getSession("MY_SESSION_NAME");
    Besides the above extra coding for the Session and Descriptor Mapping, is there any special handling in between Data model and DB table mapping? Can I map a Java String type to a DB Clob field using the Direct-to-field mapping?
    Appreciate any help.

    Never mind ....... I had already figured it out .....

  • Oracle VPD - RLS

    Dear Experts,
    We are implementing row level security at our organization to achieve Multi-Tenancy. Our DB Version is Oracle 11g release 2.
                                  At the application we have multiple skew id's, which exists in the master table at the database. Using Oracle VPD we want to implement row level security for different dependant tables which has skew id column. From the front end if application user select the specific skew id we want the end user to select or view particular rows pertaininig to the skew id. These skew id's are not constant they are added or modified on adhoc basis.
    We cannot create DB user's for mapping the VPD. I would appreciate, if you can give inputs with an example how to fulfill this requirement with an policy function , application context to understand what parameters need to be passed.
    Awaiting for your reply. Thanks

    Sorry - wrong forum. Although the forum title is multitenant this forum is for the 12c database version using the new multitenant architecture.
    Please mark the thread ANSWERED and repost it in the SQL and PL/SQL forum.
    PL/SQL
    When you repost you need to provide some sample data to show what you need to do.
    A standard parent/child table relationship would appear to do what  you want: when a parent SKEW_ID is used it will ONLY link to child rows with that same SKEW_ID.
    That is why you need to show an example of what you mean.

  • Exception [TOPLINK-46] (OracleAS TopLink - 10g (9.0.4) (Build 031126))

    Hi,
    I am using TopLink for simple Department-Employee relation, i have my project xml configured, But i am facing the problem with following exception
    Descriptor Exceptions:
    Exception [TOPLINK-46] (OracleAS TopLink - 10g (9.0.4) (Build 031126)): oracle.toplink.exceptions.DescriptorException
    Exception Description: There should be one non-read-only mapping defined for the primary key field [emp.empno].
    Descriptor: Descriptor(com.oracle.mssql.emp.toplink.EmpTopLinkBean --> [DatabaseTable(emp)])
    Runtime Exceptions:
    What could be the reason?
    Thanks
    Madhu

    My best guess would be that you have a 1:1 mapping from Employee to Department. This mapping represents part of the primary key.
    Make sure that your 1:1 mapping is not configured as read-only. Another issue is that you may have set the relationship as target foreign key. This has the same effect as read-only and is not applicable in the 1:1 returning from a 1:M.
    Doug

  • JDeveloper, Toplink, and ADF advice.

    We have application that was completely developed JDeveloper 10.1.3/4 with Toplink, JSF, ADF, and Session Facade; extremely similar to the SRDemo.
    I am want to upgrade to JDeveloper 11g; however, the ADF Faces JSF will be migrated to Apache MyFaces Trinidad.
    1. Why would this be better than migrating to ADF Faces 11g? Pros and cons?
    2. Is Apache MyFaces Trinidad the future of Oracle's ADF?
    3. What would be the best approach for upgrade to Toplink and ADF 11g?
    Thank you.

    1. Why would this be better than migrating to ADF Faces 11g? Pros and cons?It won't be better than using ADF Faces 11g - it is just more feasible for automatic conversion - we can't do automatic conversion from ADF FAces 10.1.3 to ADF Faces 11g since the UI capabilities are so drastically different. We migrate to Trinidad to allow you to combine Trinidad and ADF Faces 11g in the same application. (You can't use ADF Faces 10.1.3 and 11g in the same application).
    2. Is Apache MyFaces Trinidad the future of Oracle's ADF?No. ADF Faces Rich Client is the present and future. Those are based on Trinidad.
    3. What would be the best approach for upgrade to Toplink and ADF 11g?The basic thing to do is open the application in JDeveloper 11g - things should work after the migration.
    Then you can start leveraging new capabilities such as the new ADF Faces 11g UI in new parts of the application.
    You might want to ask on the TopLink forum if they have any specific migration tips.

  • BUG!?! Toplink and XE in Jdev 10g Rel 3 SU4

    Good ... evening/morning ... everyone! :-)
    Trying to follow (teach using) the tutorial on creating an Web App using Toplink
    and ADF Faces. After creating the Map I am getting problems on the Java object
    generation. I get the exception:
    java.lang.NullPointerException
    at oracle.ideimpl.log.TabbedLogManager.getMsgPag (TabbedLogManager.java:101)
    at oracle.toplink.addin.log.POJOGenerationLoggingAdapter.updateTask(POJOGenerationLoggingAdapter.java:42)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.fireTaskUpdated(MappingCreatorImpl.java:1049)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.generateMappedDescriptorsForTables(MappingCreatorImpl.java:231)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.generateMappedDescriptorsForTables(MappingCreatorImpl.java:201)
    at oracle.toplink.addin.wizard.jobgeneration.JobWizard$1.construct(JobWizard.java:401)
    at oracle.ide.util.SwingWorker$1.run(SwingWorker.java:119)
    at java.lang.Thread.run(Thread.java:595)
    and JDev get in a endless loop in the generation progress dialog. The only
    difference from the tutorial setting is XE instead of a full server!
    Hope someone have some hints; just let me know if further details of the setting
    is needed!
    Dan.

    Good ... evening/morning ... everyone! :-)
    Trying to follow (teach using) the tutorial on creating an Web App using Toplink
    and ADF Faces. After creating the Map I am getting problems on the Java object
    generation. I get the exception:
    java.lang.NullPointerException
    at oracle.ideimpl.log.TabbedLogManager.getMsgPag (TabbedLogManager.java:101)
    at oracle.toplink.addin.log.POJOGenerationLoggingAdapter.updateTask(POJOGenerationLoggingAdapter.java:42)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.fireTaskUpdated(MappingCreatorImpl.java:1049)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.generateMappedDescriptorsForTables(MappingCreatorImpl.java:231)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.generateMappedDescriptorsForTables(MappingCreatorImpl.java:201)
    at oracle.toplink.addin.wizard.jobgeneration.JobWizard$1.construct(JobWizard.java:401)
    at oracle.ide.util.SwingWorker$1.run(SwingWorker.java:119)
    at java.lang.Thread.run(Thread.java:595)
    and JDev get in a endless loop in the generation progress dialog. The only
    difference from the tutorial setting is XE instead of a full server!
    Hope someone have some hints; just let me know if further details of the setting
    is needed!
    Dan.

  • BPEL and Oracle 8

    Are other people out there using BPEL with Oracle 8?
    BPEL seems to only barely support Oracle 8 (Oracle8i Enterprise Edition Release 8.1.7.2.0) e.g.
    with oracle 8, BPEL requires a database procedure to be owned by schema owner before it can be used in BPEL ... I don't think this is the case with BPEL and oracle 9
    with orace 8, the retry ability as per bpel.xml can have some retry schedule extra retry due to socket read error .. (works eventually)
    with oracle 8, you have to manually alter toplink setting to pick up date and time rather than just date ... this is not the case with BPEL and oracle 9
    i.e. you can make BPEL work with Oracle 8 but it takes some doing!!

    Can you use WebLogic 8.1 SP4 ? BPEL has been certified with that version. We have been able to reproduce the issue and currently investigating the cause of it.

  • What are the difference between TopLink and TopLink Essentials...?

    What are the difference between TopLink, TopLink Essentials, EclipseLink and TopLink Essentials-GlassFish?
    What is the difference of their functions?
    Edited by: qkc on Nov 21, 2009 10:52 AM

    Difference between TopLink and ToPLink Essentials:
    TopLink Essentials are the reference implementation (RI) of JPA, is an open source effort that is licensed under the Common Development and Distribution License (CDDL) v1.0. It can be freely downloaded and used under the terms of this license agreement. This means, you can only use it for the management of persistence and orm with Java EE and Java SE. The binary distribution of TopLink consist of 2 jars:
    * toplink-essentials-agent.jar: contains Java Persistence API; XML Schemas and TopLink essentials implementation
    * toplink-essentials.jar: contains java agent class requires in a standolane Java SE application
    In addition to TopLink Essentials that makes the JPA implementation alive, Oracle offers its Oracle TopLink product (10.1.3) that contains an earlier preview binary of JPA and also offers developers additional object-relational capabilities, object-XML mapping (JAXB), non-relational mapping using Java 2.0 Connector Architecture (JCA).
    Let's wait other person to answer these questions.

  • TopLink and JBoss

    Hi everybody,
    I have a weird problem.
    I had recently completed SRDemo ADF tutorial, everything run fined, no problem.
    Out of curiosity to see how the things are running JBoss, I try to deploy JBoss.
    After long series of problem, I come this final one and I am hoping that somebody can give me a clue to which direction to proceed.
    I am receving this exception from the Jboss,
    JBO-29000: Exception [TOPLINK-6008] (Oracle TopLink - 10g Release 3 (10.1.3.1.0) (Build 061004)): oracle.toplink.exceptions.QueryException Exception-Beschreibung: Deskriptor für [oracle.srdemo.datamodel.Users] bei Abfrage namens [findUserByEMail] fehlt. (which basicly say it is not able to find the descriptor for the named query)
    I have a feeling session is not able to locate SRMap.xml file as TopLink mapping file, otherwise why it should log such a message, when everything is running without problem in OC4J.
    Any ideas?
    Thx in advance.
    Here is my sessions.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <toplink-sessions version="10g Release 3 (10.1.3.1.0)" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <session xsi:type="server-session">
    <name>SRDemoSession</name>
    <server-platform xsi:type="jboss-platform"/>
    <event-listener-classes/>
    <logging xsi:type="toplink-log">
    <log-level>all</log-level>
    <logging-options>
    <log-exception-stacktrace>true</log-exception-stacktrace>
    <print-thread>false</print-thread>
    <print-session>true</print-session>
    <print-connection>true</print-connection>
    <print-date>true</print-date>
    </logging-options>
    </logging>
    <primary-project xsi:type="xml">META-INF/SRMap.xml</primary-project>
    <login xsi:type="database-login">
    <platform-class>oracle.toplink.platform.database.SQLServerPlatform</platform-class>
    <password>5C4C6924B1B14E16</password>
    <external-connection-pooling>true</external-connection-pooling>
    <external-transaction-controller>true</external-transaction-controller>
    <sequencing>
    <default-sequence xsi:type="native-sequence">
    <name>Native</name>
    </default-sequence>
    </sequencing>
    <datasource lookup="string">java:jdbc/SRDemoDS</datasource>
    </login>
    <connection-pools>
    <read-connection-pool>
    <name>ReadConnectionPool</name>
    <exclusive>false</exclusive>
    </read-connection-pool>
    <write-connection-pool>
    <name>default</name>
    </write-connection-pool>
    </connection-pools>
    </session>
    </toplink-sessions>

    Hello,
    How are you getting/creating your session, and what is the code you use to execute the query? The problem is that it can't find a descriptor for the class passed in, which sometimes can be caused by classloader issues - if the class object passed in was loaded with a different classloader than TopLink used to load them in during startup, the descriptor wont be found. If you are using the SessionManager and this is the problem, you will need to use the getSession api that allows you to specify a specific classloader, such as
    getSession(sessionName, yourclass.class.getClassLoader())
    Best Regards,
    Chris

  • Desktop Conference 2005 includes Java, TopLink and more

    Checkout Desktop Conference 2005 (www.desktopconference2005.org or www.odtug.com) for information on Desktop Conference 2005, the virtual conference webcast sponsored by Oracle, ODTUG, and BIDW SIG of OAUG. It's powered by Oracle's Collaboration Suite Web Conferencing and features all-star presenters and exceptional technical content February 15-17. Since it's virtual, there's no need to travel. All you need is a PC and internet connection.
    Java/J2EE topics include J2EE, Web Services, JSF, Struts, ADF, BPEL, Frameworks, TopLink and more. Java/J2EE experts include Rod Johnson, Bruce Tate, Richard Monson-Haefel, Paul Dorsey, Toon Koppelaars, and Sri Rajan.
    Oracle Java/J2EE experts include Dai Clegg, Duncan Mills, Avrom Faderman, Steven Davelaar, Frank Nimphius, Tugdual Grall, Sue Harper, Jonas Jacobi, Anuj Jain, Stacen Anderson, Katarina Obradovic-Sarkic, and David Shaffer.
    Great keynotes addresses include Oracle's Thomas Kurian, Senior VP, Development OAS. The conference has a lot to offer so I hope you can check it out. Thanks. Maggie Tompkins

    There are several sessions done by the JDeveloper Product Management as well as several sessions done by othre users of JDeveloper. Check out both the Java track and the Oracle track.
    See the detailed agenda here:
    http://www.desktopconference2005.org/03-agenda/index.html
    Can be a nice opportunity to "go" to a conference if your company is on a tight travel budget.

  • Select query differences between oracle 9 and oracle 8.

    Hi,
    I have a problem using the select query between oracle 7 and oracle 9i I don't have the same result :
    ex:
    With oracle7
    SQL> select 'champ1','champ2' from DUAL;
    'CHAMP 'CHAMP
    champ1 champ2
    With Oracle 9
    SQL> select 'champ1','champ2' from DUAL;
    'CHAMP1' 'CHAMP2'
    champ1 champ2
    So Can someone tell me how to solve this problem ? Is there a parameter in oracle 9 to set?
    Thanx.

    Whenever you are posting anything over internet forums like this - you should be very careful about not just posting the details which requires to solve the problem - also should be sensible about your question.
    This is not at all desired when you are posting such question. It may be because - you may not well aware of the fact.
    My suggestion is -> First Go through the basics Of SQL in general.
    Then go for any specific product like Oracle/ SQL Server/ Sybase etc.
    And, finally learn the advanced commands of that DB.
    You asked it - may be you thought the difference in output in terms of lines. But, that is not your actual output. That is the graphical display part only.
    Anyway,
    You can get the quite familier output by first type the following command ->
    set lin 310Regards.
    Satyaki De.

  • Oracle Single Sign on and Oracle Internet Directory

    Hello Gurus,
    What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
    To my understanding, OID is required to install SSO.
    If OID already exist, can we just install SSO and go on integrating it to existing OID.
    Great Thanks,
    vimal jain.
    [email protected]

    Hi Tim,
    I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
    So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
    Regards,
    Christian

Maybe you are looking for