Hi, I have an Rich Client Applictation (RCP) which uses Hibernate.

I want individual users to access the underlying DB with their corresponding accounts.
I create a new Hibernate Configuration, letting it populate all properties from the standard hibernate conf xml file, but before creating the SessionFactory, i set the username/password properties programmatically, and then create the Factory.

This works well if username and password are correct.

However, if they are not, I have no way to catch Exceptions while Hibernate or the connection pooling I'm using (c3po) throws Exceptions, since they seem to be catched by Hibernate, and it seems that my app runs into timeouts before any stacktraces are written to err.out. I have no chance to provide feedback to the user.

What I want is this: just after my application launches, ask the user for his DB username and password (a classic login screen), and then configure Hibernate to use those credentials. If they are ok, run the application. If they are not, prompt the ueser with info that his credentials are wrong.

How should I do this ? Obviously, the way I'm doing it now is the wrong approach.

Thanks for any suggestions.

This link might be handy

http://forum.hibernate.org/viewtopic.php?t=961283&highlight=auditing

However if what you want to do is perform auditing, it would be better to define audit fields for your entities (createdBy, createdDate, lastModifiedBy, lastModifiedDate). I typically include these in a root class that all persistable objects extend.

When you perform auditing by the domain objects, your audit records reflect your business/domain objects more closely. You can make sense of what domain object is being changed instead of tracking this at the table level. For example you can find things like "Address was changed by usera at timea, the property field changed along with old and new values". Columns in my audit table can be

audit_id, entityChanged_id, entity_name, property_changed, old_value, new_value.

Contrast the above to having to look at a database audit trail as the one generated by Oracle, you have to mentally map what combination of tables make up your domain entities before you can know who changed what.

There are a few examples in the forum. Search for "Audit Interceptor". However, I have used interceptors but since the Event mechanism was introduced, I think they (events) would produce a cleaner solution.

The Hibernate In Action book has a section on auditing. BTW buy the book, I think the Hibernate authors deserve it :)[/quote]

Cyranus,

Ideally you would authenticate against an authentication server... read up on LDAP, it's really pretty easy... or (the ugly sister) you could try getting a jdbc connection manually using the supplied user credentials and trap the exceptions.