I am working on an application that uses Oracle’s built in authentication mechanisms to manage user accounts and passwords. The application also uses row level security. Basically every user that registers through the application gets an Oracle username and password instead of the typical entry in a “USERS” table. The users also receive labels on certain tables. This type of functionality requires that the execution of DML and DDL statements be combined in many instances, but this poses a problem because the DDL statements perform implicit commits. If an error occurs after a DDL statement has executed, the transaction management will not roll everything back. For example, when a new user registers with the system the following might take place:
- Start transaction
- Insert person details into a table. (i.e. first name, last name, etc.) -DML
- Create an oracle account (create user testuser identified by password;) -DDL implicit commit. Transaction ends.
- New transaction begins.
- Perform more DML statments (inserts,updates,etc).
- Error occurs, transaction only rolls back to step 4.
I understand that the above logic is working as designed, but I’m finding it difficult to unit test this type of functionality and manage it in data access layer. I have had the database go down or errors occur during the unit tests that caused the test schema to be contaminated with test data that should have been rolled back. It’s easy enough to wipe the test schema when this happens, but I’m worried about database failures in a production environment. I’m looking for strategies to manage this.
This is a Java/Spring application. Spring is providing the transaction management.
You should use Oracle proxy authentication in combination with row level security.
Read this: http://www.oracle.com/technology/pub/articles/dikmans-toplink-security.html