• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

What is the best method for JDBC connection in servlet without using a connection pool?

 
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a JDBC connection that needs to be made from my web application (servlet/bean) that won't have the login credentials until runtime. What's the best method for creating this connection at runtime?
 
Ranch Hand
Posts: 45
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can probably keep the credentials configurable in a properties file, read this and use it for your JDBC connections.
 
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Though I would never create a connection in the controller layer. Make the credentials available as properties, and read/use them in the model layer. The controller layer should not be aware of DB stuff.

Of course, I'd never not use a connection pool either.
 
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Of course, I'd never not use a connection pool either.


why?
Doesn't seem to be an "of course" decision at all to me.
 
Bear Bibeault
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Because container-managed connection pools have been extensively debugged and are really good at managing the connections. Why reinvent the wheel, especially when it's virtually impossible to create a better wheel?

 
Pat Farrell
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@bear, I'm still confused. You seem to be saying you would never write a connection pool. But that is not what you posted. You posted that you would never use a well documented, well debugged connection pool.

Confused.....
 
Bear Bibeault
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Pat Farrell wrote:You posted that you would never use a well documented, well debugged connection pool.


Nope. Read it again. I'd said I'd never not use a connection pool.
 
Pat Farrell
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Nope. Read it again. I'd said I'd never not use a connection pool.



Didn't your 6th grade English teacher explain that double negatives cause confusion?
 
Bear Bibeault
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Done purposefully for emphasis.
 
Pat Farrell
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Done purposefully for emphasis.



Fail!
 
Bear Bibeault
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh well. I don't have a copy editor for my forum posts.
 
Rob Micah
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Though I would never create a connection in the controller layer. Make the credentials available as properties, and read/use them in the model layer. The controller layer should not be aware of DB stuff.

Of course, I'd never not use a connection pool either.


If you would be so kind please spell out specifically what you mean by controller and model layer. I have to switch between different technologies a lot and I'm rusty on this topic.

Also the reason I can't use a connection pool is that the pool attempts to log in every so often with the last provided credentials. But once a user changes their password this causes repeated failed logins.
 
Bear Bibeault
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rob Micah wrote:
If you would be so kind please spell out specifically what you mean by controller and model layer. I have to switch between different technologies a lot and I'm rusty on this topic.


Look up "MVC" and also read this article.

Also the reason I can't use a connection pool is that the pool attempts to log in every so often with the last provided credentials. But once a user changes their password this causes repeated failed logins.


You let end users change database passwords?
 
Harsha Ka
Ranch Hand
Posts: 45
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rob Micah wrote:
Also the reason I can't use a connection pool is that the pool attempts to log in every so often with the last provided credentials. But once a user changes their password this causes repeated failed logins.


Which credentials are you talking about?
 
Rob Micah
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:You let end users change database passwords?


I don't let them do anything. I'm not the boss of this ass backwards system. I'm just trying to work with it. Thanks for the link.
 
Rob Micah
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Harsha Ka wrote:

Rob Micah wrote:
Also the reason I can't use a connection pool is that the pool attempts to log in every so often with the last provided credentials. But once a user changes their password this causes repeated failed logins.


Which credentials are you talking about?

Database credentials.
 
Saloon Keeper
Posts: 24809
172
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It sounds like you're expecting the webapp to use end user database rights and credentials.

That doesn't work very well in a multi-user shared resource environment such as a webapp. Common practice - and this dates all the way back to the days when I rode herd on mainframe apps - is that the resource subsystems need to have security rights that are the greatest common denominator of all the rights needed for all the users. You then limit the in-app rights on a per-user basis using a secondary security subsystem, either pre-supplied or coded as part of the app (or occasionally, both).

In the specific case of database resources, normally this is more than adequate, since unless you're building SQL on the fly in a public space (in other words, set yourself up for SQL Injection attacks ), you can simply limit access to the business functions that invoke the SQL and thereby control not only database malfeasance, but also possible internal corruption of the shared online environment.

There are some issues in this approach, though. Since we're talking the Greatest Common Denominator of rights, apps which have management functions built into them might need very broad rights indeed. Much broader than you'd like floating around playing target for bad code. Or, for that matter, unscrupulous coders slipping back-door "features" into the app. If it's a major concern, it's worth making the management functions into a separate app (web or offline) and using a different security account.

Java is an expensive and complex framework to develop for and with. As long as you have to do all the other things that Java demands, you might as well toss in the connection pools, since they don't require much work and return a lot of performance. If it isn't worth that much effort, it probably wasn't worth the effort of doing it in Java anyway.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic