Toplink and VPD

Hi,
In a three-tier architecture, has anyone successfully implemented VPD in combination with Toplink and a ConnectionPool?
When all my web-users are connecting to the database with the same (connection pool) credentials, how, when and where do I tell my database who is really logged in (web-user) and thus how to set the specific VPD for that web-user?
Thanks. I already read another post on this forum mentioning that VPD support would be included in an upcoming release of TopLink.
Re: toplink and Oracle VPD
I also heard of a patch to download. Can anyone verify this?

Just to add an extra question: Is it true that when one is using chained Toplink actions in a request-response cycle that each action will fetch its own connection from the pool and thus for each time a connection is fetched the VPD needs to be set again?
This in contrast with BC4J, where all actions in a request-response cycle will share the same application module and thus the same connection.
Bottom line: how to configure Toplink so that for each fetched connection it tells the database: "Hey, its me again, please set the application context (VPD) to my own personal values, so I will only see my own records"?
. And to clean it up nicely: just before the connection is released to the pool: "Ok, I'm done, please reset the application context, so other users will not be bothered by my context".
Hard to believe nobody has tried this before.

Similar Messages

  • JPA (Eclispelink/toplink) and VPD

    I have so far stumbled only on this link for implementing VPD in JPA :http://wiki.eclipse.org/EclipseLink/Examples/JPA/Auditing
    Is there any other link which explains how to achieve row level security(VPD) using JPA?

    user8093550 wrote:
    We are injecting this(EM) into our session bean, so, i guess we are not essentially using EntityManagerFactory - how can we achieve this without an EMF? Is it possible?
    If you are using JPA 2.0 you can inject the EM and set the properties using em.setProperty.
    If you are using EE5 you'd need to use EclipseLink specific APIs ((org.eclipse.persistence.internal.jpa.EntityManagerImpl)em.getDelegate()).setProperties( ....You'll need to test this out though because you may need to call em.clear to force a new EntityManager to be created if your setProperties was executed when the EM had already been created.
    Also, how does this work, i mean, if i set VPD once during user login, and then does the entitymanager keep this sanctity all throughout the user's session?Since the settings are tied to an EntityManager I would think that they are applied for all operations through an EntityManager.
    Be sure to read this carefully before you start though: http://wiki.eclipse.org/Introduction_to_EclipseLink_Sessions_%28ELUG%29#Isolated_Client_Sessions_and_Oracle_Virtual_Private_Database_.28VPD.29

  • JDeveloper, Toplink, and ADF advice.

    We have application that was completely developed JDeveloper 10.1.3/4 with Toplink, JSF, ADF, and Session Facade; extremely similar to the SRDemo.
    I am want to upgrade to JDeveloper 11g; however, the ADF Faces JSF will be migrated to Apache MyFaces Trinidad.
    1. Why would this be better than migrating to ADF Faces 11g? Pros and cons?
    2. Is Apache MyFaces Trinidad the future of Oracle's ADF?
    3. What would be the best approach for upgrade to Toplink and ADF 11g?
    Thank you.

    1. Why would this be better than migrating to ADF Faces 11g? Pros and cons?It won't be better than using ADF Faces 11g - it is just more feasible for automatic conversion - we can't do automatic conversion from ADF FAces 10.1.3 to ADF Faces 11g since the UI capabilities are so drastically different. We migrate to Trinidad to allow you to combine Trinidad and ADF Faces 11g in the same application. (You can't use ADF Faces 10.1.3 and 11g in the same application).
    2. Is Apache MyFaces Trinidad the future of Oracle's ADF?No. ADF Faces Rich Client is the present and future. Those are based on Trinidad.
    3. What would be the best approach for upgrade to Toplink and ADF 11g?The basic thing to do is open the application in JDeveloper 11g - things should work after the migration.
    Then you can start leveraging new capabilities such as the new ADF Faces 11g UI in new parts of the application.
    You might want to ask on the TopLink forum if they have any specific migration tips.

  • BUG!?! Toplink and XE in Jdev 10g Rel 3 SU4

    Good ... evening/morning ... everyone! :-)
    Trying to follow (teach using) the tutorial on creating an Web App using Toplink
    and ADF Faces. After creating the Map I am getting problems on the Java object
    generation. I get the exception:
    java.lang.NullPointerException
    at oracle.ideimpl.log.TabbedLogManager.getMsgPag (TabbedLogManager.java:101)
    at oracle.toplink.addin.log.POJOGenerationLoggingAdapter.updateTask(POJOGenerationLoggingAdapter.java:42)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.fireTaskUpdated(MappingCreatorImpl.java:1049)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.generateMappedDescriptorsForTables(MappingCreatorImpl.java:231)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.generateMappedDescriptorsForTables(MappingCreatorImpl.java:201)
    at oracle.toplink.addin.wizard.jobgeneration.JobWizard$1.construct(JobWizard.java:401)
    at oracle.ide.util.SwingWorker$1.run(SwingWorker.java:119)
    at java.lang.Thread.run(Thread.java:595)
    and JDev get in a endless loop in the generation progress dialog. The only
    difference from the tutorial setting is XE instead of a full server!
    Hope someone have some hints; just let me know if further details of the setting
    is needed!
    Dan.

    Good ... evening/morning ... everyone! :-)
    Trying to follow (teach using) the tutorial on creating an Web App using Toplink
    and ADF Faces. After creating the Map I am getting problems on the Java object
    generation. I get the exception:
    java.lang.NullPointerException
    at oracle.ideimpl.log.TabbedLogManager.getMsgPag (TabbedLogManager.java:101)
    at oracle.toplink.addin.log.POJOGenerationLoggingAdapter.updateTask(POJOGenerationLoggingAdapter.java:42)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.fireTaskUpdated(MappingCreatorImpl.java:1049)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.generateMappedDescriptorsForTables(MappingCreatorImpl.java:231)
    at oracle.toplink.addin.mappingcreation.MappingCreatorImpl.generateMappedDescriptorsForTables(MappingCreatorImpl.java:201)
    at oracle.toplink.addin.wizard.jobgeneration.JobWizard$1.construct(JobWizard.java:401)
    at oracle.ide.util.SwingWorker$1.run(SwingWorker.java:119)
    at java.lang.Thread.run(Thread.java:595)
    and JDev get in a endless loop in the generation progress dialog. The only
    difference from the tutorial setting is XE instead of a full server!
    Hope someone have some hints; just let me know if further details of the setting
    is needed!
    Dan.

  • Portal 902 and VPD

    Hi,
    Portal 902 is supposed to be integrated with VPD. Is there any documentation on this integration? I have looked all over Technet and also the Portal online documentation, and cannot find anything, except for some stuff in Metalink on VPD in 309. Any clues anyone?
    Regards,
    Steve West

    The integration refers to the ability to DB users to Portal users. See the following note for implementation details for Portal and VPD. R2 should be no different.
    Note:177471.1

  • OLS    AND    VPD Column Masking.

    I have gone over a couple of sources on OLS and VPD.
    BTW I am working with Oracle 11g R1.
    What I am trying to accomplish is cell level protection. Where cell is defined as the intersection between a row and a column.
    OLS will get me the proper row restrictions.
    VPD has the ability to do Column Masking.
    Has anyone mix the two to accomplish cell level protection?
    Basic examples would be GREATLY appreciated.

    Hi again. Thank you for your reply, but I wanted to achieve cell-level security as I'm trying to create conception of fine-grained processing data with different levels of confidentiality. Here is what I have:
    - I created 3 levels of confidentiality: J < P < T (Unclassified < Confidential < Secret)
    - I created a table and here is how it looks for different users:
    User with T-level authorization:
    !http://img709.imageshack.us/img709/1847/screentj.png!
    User with P-level authorization (can't see T-level data):
    !http://img704.imageshack.us/img704/4002/screenp.png!
    I did that by creating two policies on two columns with data:
    CREATE OR REPLACE FUNCTION f_data01 (schema in varchar2, tab in varchar2) -- or "CREATE OR REPLACE FUNCTION f_data02" for second column
      RETURN varchar2 AS
        predicate         varchar2(2000);        -- the VPD 'where' clause
        session_lab        varchar2(4000);        -- the current user's session label
        session_tag        number;            -- numerical expression of session label
        t_sa_user_name    varchar2(2000);        -- only users with Labels are examined, others don't get access.
    BEGIN
      session_lab := sa_session.label('cells');        -- the current user's session label for that policy
      session_tag := char_to_label('cells',session_lab);    -- numerical expression of session label
      predicate := 'dominates(' || session_tag || ',CDATA01)=1'; -- or "predicate := 'dominates(' || session_tag || ',CDATA02)=1';" for second column
      return predicate;
    END;I asked if it is possible to create one policy with variable instead of column name (ex. CDATA01) or if there is another way to get that effect.
    And is it good practice to put column with labels in one table with data?
    Thank you in advance.
    Edited by: arc.undcvr on 2010-01-23 22:50

  • What are the difference between TopLink and TopLink Essentials...?

    What are the difference between TopLink, TopLink Essentials, EclipseLink and TopLink Essentials-GlassFish?
    What is the difference of their functions?
    Edited by: qkc on Nov 21, 2009 10:52 AM

    Difference between TopLink and ToPLink Essentials:
    TopLink Essentials are the reference implementation (RI) of JPA, is an open source effort that is licensed under the Common Development and Distribution License (CDDL) v1.0. It can be freely downloaded and used under the terms of this license agreement. This means, you can only use it for the management of persistence and orm with Java EE and Java SE. The binary distribution of TopLink consist of 2 jars:
    * toplink-essentials-agent.jar: contains Java Persistence API; XML Schemas and TopLink essentials implementation
    * toplink-essentials.jar: contains java agent class requires in a standolane Java SE application
    In addition to TopLink Essentials that makes the JPA implementation alive, Oracle offers its Oracle TopLink product (10.1.3) that contains an earlier preview binary of JPA and also offers developers additional object-relational capabilities, object-XML mapping (JAXB), non-relational mapping using Java 2.0 Connector Architecture (JCA).
    Let's wait other person to answer these questions.

  • Can I implement the ORM task without TopLink and Hibernate?

    Can I implement the ORM (Objest/Relational Mapping) task without TopLink and Hibernate tools?

    Any opinions are welcome.

  • Behaviour of updateObject and writeObject in toplink and eclipse link

    Hi all ,
    Please let us know if there is any difference between updateobject and writeobject being used in toplink and eclipselink.jar ?
    It would be greatly helpful if someone can say the scenarios to use both the objects in eclipselink.jar .
    Thanks in advance.
    Regards
    Mythili

    In general you should not use either of these, but either use JPA, or use the UnitOfWork.
    updateObject and writeObject are only defined in a single user DatabaseSession.
    updateObject will just update the object, it assumes the object exists
    writeObject can either insert or update an object, it first performs a doesExist check to see if an insert or an update should be done.
    James : http://www.eclipselink.org

  • Desktop Conference 2005 includes Java, TopLink and more

    Checkout Desktop Conference 2005 (www.desktopconference2005.org or www.odtug.com) for information on Desktop Conference 2005, the virtual conference webcast sponsored by Oracle, ODTUG, and BIDW SIG of OAUG. It's powered by Oracle's Collaboration Suite Web Conferencing and features all-star presenters and exceptional technical content February 15-17. Since it's virtual, there's no need to travel. All you need is a PC and internet connection.
    Java/J2EE topics include J2EE, Web Services, JSF, Struts, ADF, BPEL, Frameworks, TopLink and more. Java/J2EE experts include Rod Johnson, Bruce Tate, Richard Monson-Haefel, Paul Dorsey, Toon Koppelaars, and Sri Rajan.
    Oracle Java/J2EE experts include Dai Clegg, Duncan Mills, Avrom Faderman, Steven Davelaar, Frank Nimphius, Tugdual Grall, Sue Harper, Jonas Jacobi, Anuj Jain, Stacen Anderson, Katarina Obradovic-Sarkic, and David Shaffer.
    Great keynotes addresses include Oracle's Thomas Kurian, Senior VP, Development OAS. The conference has a lot to offer so I hope you can check it out. Thanks. Maggie Tompkins

    There are several sessions done by the JDeveloper Product Management as well as several sessions done by othre users of JDeveloper. Check out both the Java track and the Oracle track.
    See the detailed agenda here:
    http://www.desktopconference2005.org/03-agenda/index.html
    Can be a nice opportunity to "go" to a conference if your company is on a tight travel budget.

  • TopLink and Stored Procedures

    Hi all
    We are migrating an application made with MS ASP's to a full blown J2EE application using ADF, JSF and toplink, atm we've used the mapping abilities from toplink and have saved lots of work, however i'd like to know if there's aw ay to map the Stored procedures the same way you map the tables. This would be a great time saving routine, if not available we might have to write it but I thought we would ask here first. Any pointers?
    greetings!

    TopLink does fully support invoking stored procedures for any query. It is not available in the graphical mapping editors but is available through the API. Look in the documentation for StoredProcedureCall.
    Doug

  • EJB3 and/or Toplink and setting context for VPD

    We are looking at moving to the latest version of jdeveloper and taking advantage of the ejb3 and/or toplink features for the model part of applications. I have a question on how to set the vpd context using this new model. Currently we use:
    Jdeveloper 10.1.2.1
    Oracle application server 10g R2 Enterprise Edition ver 10.1.2.0.2
    OracleOCI driver
    Oracle 9i database
    Our database access is in regular java beans where we get a connection from the pool , set the context for the current user (by running a stored procedure on the connection) perform the required data access and then release the connection. It looks like when you use Toplink or EJBs with CMP the database access is out of the developer's control. How will I be able to set the context for each connection ( it's different for each user) once I move to the new model?

    Thank you. That looks like exactly what I need, at least for toplink. I have been told though, that since we are deploying to the OC4J container and it will manage persistence and since EJB 3 simplifies the creation of entity beans that we should use EJB 3 entity beans and a session facade for the model and not add toplink as it would be an extra layer we don't really need , would you agree?

  • Toplink and Oracle VPD

    Our dba's have VPD set up which limits data depending on who is logged in. Can this be supported with Toplink in 'Server' mode, using Session beans with POJO's?
    thanks,
    craig
    ps. if this is not supported, any suggestions?

    Craig,
    This is not currently an out of the box capability, but through TopLink's public API it has been successfully implemented at a couple of customer sites. These extensions to the TopLink persistence architecture have been done through our technical services team. Drop me an e-mail ([email protected]) and I'll connect you with the team to discuss your specific requirements and solution options.
    There are a number of ways Label Security (VPD) can be used from Java with TopLink. The solution used so far involves a custom OCI connection pool that TopLink can switch the user at runtime on. Then depending on the granularity of your user security requirements the TopLink sessions (shared or isolated) can be overlaid using these shared connections. Your application will need to provide user credentials to TopLink so the connection can be properly switched and TopLink's session cache will need to ensure the trusted application only sees cached objects valid for the provided user.
    We are working on adding this support more seamlessly for an upcoming release.
    Doug

  • Toplink 10.1.3DP3 and VPD

    I have a simple example using Toplink 10.1.3 in combination with VPD. If I execute the following piece of simple code, I can see that the events are never thrown...
    ToplinkProject project = new ToplinkProject();
    Server server = project.createServerSession();
    server.logMessages();
    server.login();
    ConnectionPolicy connPolicy = new ConnectionPolicy();
    connPolicy.setShouldUseExclusiveConnection(true);
    connPolicy.setProperty("dep_id", new Integer(5));
    Session session = server.acquireClientSession(connPolicy);
    session.getEventManager().addListener(new VPDEventListener());
    Vector persons = session.readAllObjects(Person.class);
    System.out.println("Amount: " + persons.size());
    session.release();
    server.logout();
    server.release();
    There are no errors; my project is working fine, the descriptors have the descriptor.setIsIsolated(true).. Why are the postAcquireExclusiveConnection and preReleaseExclusiveConnection in my VPDEventListener never called? I need these (ofcourse) to set my VPD context...

    The event listener VPDEventListener needs to be added to the EventManager of the server session. This way you will only need to add a single VPDEventListener.
    --Gordon                                                                                                                                                                                                                                                                                                                                                   

  • Toplink 2.5.1 and VPD

    Hi All
    Just a quick question : Anybody knows whether Toplink 2.5.1 supports Virtual Private Database ? I know Toplink 2.5.1 is a long time history already. However, I am stuck with it for the moment :-(
    Regards
    Ian Lim

    That's correct. VPD support was introduced in 10.1.3.1. It required the introduction of an "isolated" cache to ensure that objects read by one user would never be seen by those of another.
    FYI, even when not using VPD you can set a class' cache to be isolated[1] to prevent caching across transactions. Isolated classes are never read through or put in the shared cache. Very useful for highly volatile data you want to reread from the database in each transaction.
    --Shaun
    [1] http://www.oracle.com/technology/products/ias/toplink/doc/10131/main/_html/cachun002.htm#CHEFJBII

Maybe you are looking for

  • Cannot view PDF in Acrobat due to IE  EPM.Acrobat 11.0.9. EPM is disabled in IE 9. Anyone know why?

    Cannot view PDF in Acrobat due to IE  EPM.Acrobat 11.0.9. EPM is disabled in IE 9. Anyone know why?

  • How to get SEO url in java

    Hi My requirement is to generate a product feed which has its product url as one of the fields. Now does anybody know how to get the SEO url of a product in a java file. I know form front end we generate it via ItemLinkDroplet. But is there a way i c

  • Tree control and XML dataprovider

    Hi, I am trying to get this xml ( http://mitjafelicijan.net/test.xml ) working with my tree control in my Flex app and cannot figure it out how exactly to do this. my Flex code is this <mx:Tree left="0" top="0" bottom="0" showRoot="true" id="trvTreev

  • Searching .php files - previous suggestions not working

    I'm having a problem getting previous suggestions to work in indexing my php files. I do development in and out of my sites folder, but I can't get any of my php files' content to index. I've added this line to the source code importer: <string>publi

  • [X-FI extreme Music] XP 64 bits drivers

    Hi all, I am very sad because my new X-FI extreme ?dition card doen't work . I have Windows XP pro 64bit edition and it seem there isn't any drivers for this card for the moment! Have you the same problem? have you find Xp 64 bits drivers? thank you