Hi all,
in this mail I'm following up a discussion that was started on the
GeoTools list,
here discussing the GeoServer bits:
http://osgeo-org.1803224.n2.nabble.com/JDBC-store-allowing-a-customizable-sql-commands-before-and-after-jdbc-connection-use-td7039138.html#a7043676
Executive summary:
- some users with a strong db centric approach to application and
security management
want that all the database access runs with the credentials of the
current GeoServer
user instead of the the generic connection pool user
- databases often offer this functionality in different ways, but
almost always this is available
as some sql command to run that switches the current user, and
another to run to get
the connection back to the standard pool user
- sometimes more sophisticated functionality is built on top of that,
which allows for
accounting and resource usage control, which requires to run custom
sql scripts instead
of the normal database commands
The GeoTools patch at
http://jira.codehaus.org/browse/GEOT-3994
adds the support for the above by introducing two new params, "sql on
borrow" and "sql on release".
The sql commands are parametric, an enviroment variable from EnvFunction can be
expanded when running the sql commands (along with a default value).
The GeoServer side of the patch is at
http://jira.codehaus.org/browse/GEOS-4918
it does two things:
- adds some GUI support for these longer than usual parameters (using text areas
instead of normal text fields. This is actually affects the largest
number of files
only because I noticed most param panels had a getFormComponent() method,
which I uniformed into a interface so that I could treat text field
and text area
param panels the same way
- adds a dispatcher callback that automatically injects the GSUSER
parameter into
the enviroment map, and while I was at it, also centralizes the management of
the env map into a single place (before it was sprinkled in
GetMap/GetLegendGraphics/GetFeatureInfo runtime code and a dispatcher
callback for the sole cleanup, so this change is also a nice cleanup)
Of course while the patch is built to support calling impersonation
commands, any
parametric sql can be run, which I believe can have the same kind of usefulness
as parametri sql views, e.g., allows more flexibility and native
database enviroment
usage for those that have such needs.
Opinions?
Cheers
Andrea
--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
Please take note that GeoSolutions will be closed for Christmas
holidays from 27/12 to 30/12
-------------------------------------------------------