Search code examples
javahibernatespring-bootstatelessstateful

Is stateless authentication adapted to a per-user database connection?


The issue

I'm working on an application, which, as many applications, starts with a login page before showing any kind of data.

The problem is that my client specifically requested that the credentials entered should be used to access the database.

This means that, instead of running the username / password against a "user" table, they will be used to acquire the user's database personal access.

It was decided by my superiors that this application would be build on top of a SpringBoot skeleton, which happens to be using a Stateless JWT Authentication mechanism.

I'm no expert when it comes to comparing the benefits of Stateless vs Stateful, but if I understood the concept correctly, this means that my application will need to re-establish the database connection with every single request, right?

I'm asking this because we are experiencing very slow response times. The code seems to hang a little while on database setup related code, such as

dataSrc.getConnection();

or

entityManagerFactoryBean.afterPropertiesSet();

A possible solution?

I've heard of Hibernate's StatelessSession, but I was unsuccessful in setting it up.

I'm not even sure it would help at all, but from what I read, it uses a lower level Hibernate API, which might help mitigate the problem, without much of an impact on the way things are already coded since the SQL operations are exclusively stored procedure calls, which are manually mapped to Java objects.

What I need help with

Basically, I just want answers to 3 questions :

Question 1 : Should I simply revert to Stateful authentication, because Stateless models are unadapted to my use case scenario?

Question 2 & 3 : Can StatelessSession system even be implemented in my scenario, and would it make a significant difference on the database connection time?

But, of course, if you know of any other lead that my help me solve my problem without having to revert the whole thing to Stateful, I'm taking it!


Solution

  • Finally got time to answer this (in case someone passes by in the future).

    Basically, I had two choices : remove Hibernate altogether or "go back" to Stateful sessions.

    I went with the first option, wich I could do only because we had no annotation based mapping between our java objects and our database. Going Stateful might have been a better approach, but i didn't really know how to do that. I found an impressive amount of articles underlining how to go Stateless, but not how to go back Stateful and... Well... Doing it backward wouldn't be enough, since I would be missing a lot of configuration, so I'd have to research it, and it was a hassle I had no time to deal with.

    Using a custom implementation of org.springframework.web.filter.GenericFilterBean, I wrap every incoming request in a custom requestWrapper containing the database connection. I open / create said connection using the java (low) API : java.sql.DriverManager.getConnection

    I can then retreive this connection from my wrapper, wich is vehiculated through the application by Spring by using this code :

    ServletRequestAttributes att = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()); ContentCachingRequestWrapper springWrapper = (ContentCachingRequestWrapper) att.getRequest(); CustomWrapper myWrapper = (CustomWrapper) springWrapper.getRequest(); myWrapper.getConnection();

    Just don't forget to properly close everything to avoid memory leak and you're set. One would also need to register the driver properly, just by calling the constructor of said Driver in the application main class.