问题描述

是否可以在运行时更改 Hibernate Session 的数据库身份验证（或创建一个新的身份验证），并将其链接到当前登录的Web用户？

例如当一个特定的 Spring Security -managed用户登录时，用一个不同的数据库角色重新连接它，并在该用户的http会话的整个生命周期内使用该连接？

我不确定每个用户都有专门的数据库会话是否可行。即使在技术上可行的情况下，拥有庞大用户群的应用程序也不会很好地扩展。另一种方法是配置标准连接池，并在每次从池中签出时将该连接与特定的Web应用程序用户关联。

有一些关于（从Oracle的角度来看，不管RDBMS如何都适用）：

您可能会如何达到这个目标将在第8.2节讨论下面的Spring文档。请注意，虽然这被隐藏在特定于Spring的Oracle扩展的部分中，但在8.2节（不同于8.1）中没有任何东西是Oracle特定的（执行Statement之外），并且任何数据库的一般方法都应该可行，只需指定相关过程调用或SQL：

我对Postgres不太熟悉，但是我想你想在每个Connection checkout上打的电话就像这样：

Spring文档中给出的示例使用XML配置。如果您使用的是Java配置，那么它看起来像：

  @Component 
 @Aspect 
 public class ClientIdentifierConnectionPreparer实现ConnectionPreparer 
 {
 @AfterReturning（pointcut =execution（* * .getConnection（..）），returns =connection）
 public Connection prepare（Connection connection）throws SQLException 
 {
 SecurityContextHolder.getContext（）。getAuthentication（）。getPrincipal（）; 
 String webAppUser = //; 
 
 CallableStatement cs = connection.prepareCall（my postgres statement）; 
 cs.setString（1，webAppUser）; 
 cs.execute（）; 
 cs.close（）; 
 
返回连接; 
 
 
 
 @Configuration 
 @EnableAspectJAutoProxy 
公共类SomeConfigurationClass 
 {
 
} 
  

Is it possible to change the database authentication of a Hibernate Session (or create a new one) at runtime, and link it to the current logged-in web-user?

E.g. when a specific Spring Security-managed user logs in, reconnect it with a different database role, and use that connection throughout the lifetime of the http session for that user?

I'm not sure it is feasible to have a dedicated DB session per user. Even if technically possible an application with a large user base is not going to scale very well. An alternative approach is to configure a standard connection pool and associate the connection with a specific web application user each time it is checked out from the pool.

There is some discussion on this here (from an Oracle perspective but same principles apply regardless of RDBMS):

https://docs.oracle.com/cd/B19306_01/network.102/b14266/apdvprxy.htm#i1010372

How you might acheive this is discussed in section 8.2 of the Spring documentation at the below. Note that while this is hidden away in a section specific to Spring's Oracle extensions there is nothing in section 8.2 (unlike 8.1) that is Oracle specific (other than the Statement executed) and the general approach should be feasible with any Database simply by specifying the relevant procedure call or SQL:

http://docs.spring.io/spring-data/jdbc/docs/current/reference/html/orcl.connection.html

I am not too familiar with Postgres but I guess the call you would want to make on each Connection checkout would be something like:

https://www.postgresql.org/docs/8.4/static/sql-set-role.html

The example given in the Spring docs uses XML config. If you are using Java config then it looks like:

@Component
@Aspect
public class ClientIdentifierConnectionPreparer implements ConnectionPreparer
{
  @AfterReturning(pointcut = "execution(* *.getConnection(..))", returning = "connection")
  public Connection prepare(Connection connection) throws SQLException
  {
    SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    String webAppUser = //;

    CallableStatement cs = connection.prepareCall("my postgres statement");
    cs.setString(1, webAppUser);
    cs.execute();
    cs.close();

    return connection;
  }
}

@Configuration
@EnableAspectJAutoProxy
public class SomeConfigurationClass
{

}

这篇关于按照Spring Security会话使用专用数据源连接的Hibernate会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！