What is idiomatic way to store DB connection data in an EJB?

Question

For some reasons I must use application managed security in my data-sources. So whenever I have to do something in the database I need to provide username and password (I am basically calling getConnection(usr, pwd) in order to get (if usr/pwd are correct) a valid Connection). At the moment my beans are stateless so I made all my methods have username and password parameters.

Is there a good way to store these needed information somehow, instead of passing them around as parameters? I was thinking about using a stateful, local EJB just for this purpose, but I am not sure it is a good idea either.

Here is an example of an interface from my project:

@Remote
public interface ExampleBeanRemote {
    Emp getEmpData(String usr, String pwd, int empId);
    Dep getDepInfo(String usr, String pwd, String dep);

    // ...
    // etc

} // ExampleBeanRemote interface

What I am wondering about is - is there a way to avoid passing usr/pwd (and possible few other session and/or context-related information) to every stateless bean method?

EDIT 1: In the case people did not understand the first part - I do not know username and password that is going to be used in database connections! Every user of the system has his/her own database username and password.

Answer 1

I can think of two ways (orthodox ways) to do that:

1. Configure credentials as ejb environment properties and then you can inject them or get them through the ejbContext in every ejb where you need them, check this

2. You could at some point register your credentials in JNDI and then look them up or inject them from every ejb where you need them, check this

EDIT

Ok, if you only know the credentials at runtime then none of above applies and the problem gets a little more interesting. Here is what I would do,

I would definitely use a session scoped context, not only to avoid the annoying user/pass parameter passing, but specially to cache the db connection (pooled datasource?) and avoid the overhead of connecting to the db every time the user needs to do something there.

One approach I can think of, if you're in a web environment and your ejbs run in the same jvm as your web app, is creating a proxy object of your own that keeps the reference to the current user pooled datasource in a static ThreadLocal variable, and register that object in JNDI so that every ejb can look it up or get it injected and get the reference to the current user datasource (stored in the current thread context), of course you'd have to do all the gluecode:

1. at application start: create the proxy object and register it in the JNDI context
2. at session start: create the datasource with the current user credentials and associate it with the session context (HTTPSession or session scoped bean)
3. at request start: get the datasource created in 2 from the session context and set in your JNDI proxy
4. at request end: remove the datasource from the JNDI proxy
5. at session end: release the datasource

On the other hand, if you're NOT in a web environment it gets trickier, you'd have to pass the credentials at some point through some business method and 'emulate' a session context keeping track of it using some kind of session id, that you'd have to pass to the business methods anyway, or you could use only stateful ejbs, which i do not recommend.

Answer 2

I am using same thing in my project, so we are using common java connection class where we have login detail and for each database connection we call that same java connection.