WSO2 DSS: How can I set database user and password dynamically in the request without mappings

StackOverflow https://stackoverflow.com/questions/17404663

  •  02-06-2022
  •  | 
  •  

Question

I need to create a Data Service for an Oracle database. I've tried to create it setting the DB user and password in the definition of the service, and it works great, but I need to make the connections to the DB with different users, according to the user who is logged in the final application.

I need to pass the DB user and password in the request to the Service, and I need WSO2 to use these credentials to establish the connection to Oracle.

I can't do a mapping for each user, as there are a lot of different users, and it would be impossible to manage.

Is this possible? How can I do it?

Was it helpful?

Solution

So WSO2 DSS have the ability to provide dynamic user authentication, which is documented here [1]. You can either give a static mapping configuration, or else provide a Java class implementation to give the mapping dynamically at runtime. So how this works is, it maps the service authenticated Carbon user with the database user. So you will have to use like UsernameToken to be used with the data service, and you will have to provide a user/password when calling the service, which will in-turn be mapped to a database user.

So if this approach is not feasible, and if you really need to provide the user/password in the message payload, then a possibility would be to write an Axis2 handler and inject the current messages's username+password as the "username" MessageContext property, so internally when we read the username we would be getting the "username+password" we set earlier in the handler. (I can't really remember if the MessageContext property is "username" or not, better check it out). So anyways, as I've mentioned, this information will be later available at "DynamicUserAuthenticator#lookupCredentials(String user)" method's "user" parameter. So from there, we can just decode the username/password from that and return it from that method, which will be used when creating the database connections.

[1] http://docs.wso2.org/wiki/display/DSS301/Dynamic+User+Authentication

Cheers, Anjana.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top