SAP HANA Database connector
Before you start
These connector instructions require a SAP HANA Database account with elevated privileges to add roles, system, and application privileges. The following information is required to configure the connector:
- Username
-
Your SAP HANA Database username.
- Password
-
Your SAP HANA Database password.
- JDBC Connection URL
-
The URL to establish the connection between the connector and the SAP HANA Database.
- Driver class name
-
The class name driver path.
For more information, refer to the Connect to SAP HANA via JDBC documentation.
Install the SAP HANA Database connector
To check for an Advanced Identity Cloud application for this connector, refer to: |
You can download any connector from Backstage, but some are included in the default deployment for Advanced Identity Cloud, IDM, or RCS. When using an included connector, you can skip installing it and move directly to configuration.
Connector | IDM | RCS |
---|---|---|
No |
Yes |
Download the connector .jar file from Backstage.
-
If you are running the connector locally, place it in the
/path/to/openidm/connectors
directory, for example:mv ~/Downloads/saphanadb-connector-1.5.20.31.jar /path/to/openidm/connectors/
-
If you are using a remote connector server (RCS), place it in the
/path/to/openicf/connectors
directory on the RCS.
Download the Sap Hana JDBC driver.
The minimum required JDBC version is 2.16.14. |
-
If you are running the connector locally, place the library in the
/path/to/openidm/lib/
directory:mv ~/Downloads/ngdbc-version.jar /path/to/openidm/lib/
-
If you are using a remote connector server (RCS), place it in the
/path/to/openicf/connectors
directory on the RCS.
Configure the SAP HANA Database connector
Create a connector configuration using the IDM admin UI:
-
From the navigation bar, click Configure > Connectors.
-
On the Connectors page, click New Connector.
-
On the New Connector page, type a Connector Name.
-
From the Connector Type drop-down list, select SAP HANA Database Connector - 1.5.20.31.
-
Complete the Base Connector Details.
For a list of all configuration properties, refer to SAP HANA Database Connector Configuration -
Click Save.
When your connector is configured correctly, the connector displays as Active in the admin UI.
Refer to this procedure to create a connector configuration over REST.
Base connector details
username
|
The username for logging in to the database. |
password
|
The user password for logging in to the database. |
url
|
The database connection string in the form of |
driverClassName
|
The file directory location of DBC driver files. |
pageSize
|
Defines the page size to be displayed to users. |
ignoreUsers
|
Database users to ignore. Typically, these are internal database users to avoid for security reasons. |
Object types
You can add or edit the object type to obtain any of the following objects and their properties:
__ACCOUNT__
PROPERTY NAME | TYPE | NATIVE TYPE | REQUIRED |
---|---|---|---|
|
String |
String |
NO |
|
String |
String |
NO |
|
GuardedString |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
|
Boolean |
Boolean |
NO |
|
Boolean |
Boolean |
NO |
|
Boolean |
Boolean |
NO |
|
Boolean |
Boolean |
NO |
|
Boolean |
Boolean |
NO |
|
Boolean |
Boolean |
NO |
|
Boolean |
Boolean |
NO |
|
Array |
Object |
NO |
|
Array |
String |
NO |
|
Array |
String |
NO |
|
Array |
String |
NO |
|
Array |
String |
NO |
ROLES
PROPERTY NAME | TYPE | NATIVE TYPE | REQUIRED |
---|---|---|---|
|
String |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
|
String |
String |
NO |
APPLICATION_PRIVILEGES
PROPERTY NAME |
TYPE |
NATIVE TYPE |
REQUIRED |
|
String |
String |
NO |
SYSTEM_PRIVILEGES
PROPERTY NAME |
TYPE |
NATIVE TYPE |
REQUIRED |
|
String |
String |
NO |
To configure the connector over REST or using the filesystem, specify the connection details to the SAP HANA Database resource provider in the configurationProperties
for the connector. The minimum required properties are username
, password
, url
and driverClassName
.
Sample configuration
{
"configurationProperties" : {
"connectionProperties" : null,
"propagateInterruptState" : false,
"useDisposableConnectionFacade" : true,
"defaultCatalog" : null,
"validationInterval" : 3000,
"ignoreExceptionOnPreLoad" : false,
"jmxEnabled" : true,
"commitOnReturn" : false,
"logAbandoned" : false,
"maxIdle" : 100,
"testWhileIdle" : false,
"removeAbandoned" : false,
"abandonWhenPercentageFull" : 0,
"minIdle" : 10,
"defaultReadOnly" : null,
"maxWait" : 30000,
"logValidationErrors" : false,
"name" : "Tomcat Connection Pool[1-20280544]",
"useStatementFacade" : true,
"initSQL" : null,
"validationQueryTimeout" : -1,
"validationQuery" : null,
"rollbackOnReturn" : false,
"alternateUsernameAllowed" : false,
"dataSourceJNDI" : null,
"validatorClassName" : null,
"suspectTimeout" : 0,
"useEquals" : true,
"removeAbandonedTimeout" : 60,
"defaultAutoCommit" : null,
"testOnConnect" : false,
"jdbcInterceptors" : null,
"initialSize" : 10,
"defaultTransactionIsolation" : -1,
"numTestsPerEvictionRun" : 0,
"url" : "jdbc:sap://HOST:PORT",
"testOnBorrow" : false,
"fairQueue" : true,
"accessToUnderlyingConnectionAllowed" : true,
"maxAge" : 0,
"minEvictableIdleTimeMillis" : 60000,
"timeBetweenEvictionRunsMillis" : 5000,
"testOnReturn" : false,
"useLock" : false,
"maxActive" : 100,
"username" : "USERNAME",
"password" : "PASSWORD",
"pageSize" : "50",
"driverClassName" : "com.sap.db.jdbc.Driver",
"ignoreUsers" : [
"SYS",
"SYSTEM"
]
}
}
Configure connection pooling
The SAP HANA Database connector embeds the Apache Tomcat 9 JDBC Connection Pool. Learn more about the different pooling mechanisms in Connectors by pooling mechanism.
Mapping
From SAP HANA Database users to IDM or Advanced Identity Cloud users
SOURCE | TARGET | TRANSFORMATION SCRIPT |
---|---|---|
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
Association>Association Rules>Correlation Queries
-
Link Qualifier: default
-
Any of the following fields:
USER_NAME
From IDM or Advanced Identity Cloud users to SAP HANA Database users
SOURCE | TARGET | TRANSFORMATION SCRIPT |
---|---|---|
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
N/A |
Association>Association Rules>Correlation Queries
-
Link Qualifier: default
-
Any of the following fields:
USER_NAME
Test the SAP HANA Database connector
Test the connector configuration:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Accept-API-Version: resource=1.0' \ --request POST \ 'http://localhost:8080/openidm/system/saphanadb?_action=test' { "name": "saphanadb", "enabled": true, "config": "config/provisioner.openicf/saphanadb", "connectorRef": { "bundleVersion": [1.5.0.0,1.6.0.0), "bundleName": "org.forgerock.openicf.connectors.saphanadb-connector", "connectorName": "org.forgerock.openicf.connectors.saphanadb.SapHanaDBConnector" }, "displayName": "SAP HANA Database Connector", "objectTypes": [ "APPLICATION_PRIVILEGES", "__ACCOUNT__", "SYSTEM_PRIVILEGES", "ROLES", "__ALL__" ], "ok": true }
Use the SAP HANA Database connector
Database user
Create a user
To create a new user, you must include at least the USER_NAME
and PASSWORD
fields.
The default configuration requires passwords to have:
-
a minimum of 8 characters.
-
at least one number.
-
at least one uppercase letter.
-
at least one lowercase letter.
Special characters are optional, but the default password setting (Aa1 ) only accepts underscores (_ ). For more information, refer to Password Policy Configuration Options.
|
If the IS_RESTRICTED
field is true, a restricted user is created. A restricted user has no default roles and an unrestricted user has the default PUBLIC role.
The possible date format for the fields VALID_FROM
and VALID_UNTIL
is: yyyy-MM-dd HH:mm AM/PM
.
When assigning SAML Providers to a User, only those providers that already exist within the database can be assigned during a create operation.
To grant and revoke roles, application or system privileges, some requirements are necessary, as detailed here.
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header 'Accept-API-Version: resource=1.0' \
--header 'Content-Type: application/json' \
--request POST \
--data '{
"USER_NAME" : "SAPHANADB_NEWUSER",
"PASSWORD" : "Password123",
"EMAIL_ADDRESS" : "SAPHANADB_NEWUSER@example.com",
"CLIENT" : "001",
"TIME_ZONE" : "GMT",
"VALID_FROM" : "2024-12-12 12:30",
"VALID_UNTIL" : "2025-12-12 15:00",
"IS_SAML_ENABLED" : true,
"IS_KERBEROS_ENABLED" : true,
"IS_PASSWORD_ENABLED" : true,
"IS_CLIENT_CONNECT_ENABLED": true,
"ROLES" : [
"MODELING"
],
"APPLICATION_PRIVILEGES" : [
"sap.hana.backup::Admin"
],
"SYSTEM_PRIVILEGES" : [
"REPO.EXPORT",
"REPO.IMPORT",
"REPO.MAINTAIN_DELIVERY_UNITS"
]
}' \
'http://localhost:8080/openidm/system/saphanadb/__ACCOUNT__'
{
"USER_NAME" : "SAPHANADB_NEWUSER",
"EMAIL_ADDRESS" : "SAPHANADB_NEWUSER@example.com",
"IS_RESTRICTED" : false,
"CLIENT" : "001",
"TIME_ZONE" : "GMT",
"USER_MODE" : "LOCAL"
"VALID_FROM": "2024-12-12 12:30",
"VALID_UNTIL": "2025-12-12 15:00",
"IS_SAML_ENABLED" : true,
"IS_KERBEROS_ENABLED" : true,
"IS_PASSWORD_ENABLED" : true,
"PASSWORD_CHANGE_NEEDED" : false,
"IS_CLIENT_CONNECT_ENABLED": true,
"HAS_REMOTE_USERS" : false,
"EXTERNAL_IDENTITY" : false,
"CREATOR" : "USER_CREATOR",
"ROLES" : [
"PUBLIC",
"MODELING"
],
"APPLICATION_PRIVILEGES" : [
"sap.hana.backup::Admin"
],
"SYSTEM_PRIVILEGES" : [
"REPO.EXPORT",
"REPO.IMPORT",
"REPO.MAINTAIN_DELIVERY_UNITS"
]
}
Get users
Retrieve a list of database user ids from SAP HANA Database:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request GET \ 'http://localhost:8080/openidm/system/saphanadb/__ACCOUNT__?_queryId=query-all-ids' { "result": [ { "_id" : "001" }, { "_id" : "002" }, { "_id" : "003" }, ... ] }
Get a user
Retrieve a user from SAP HANA Database. You must specify the id in the URI path:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
'http://localhost:8080/openidm/system/saphanadb/__ACCOUNT__/USER_ID'
{
"USER_NAME" : "NEW_USER",
"EMAIL_ADDRESS" : "NEW_USER@example.com",
"IS_RESTRICTED" : false,
"CLIENT" : "000",
"TIME_ZONE" : "GMT",
"USER_MODE" : "LOCAL",
"VALID_FROM": "2023-09-06",
"VALID_UNTIL": "2023-12-31",
"IS_SAML_ENABLED" : fale,
"IS_KERBEROS_ENABLED" : false,
"IS_PASSWORD_ENABLED" : true,
"PASSWORD_CHANGE_NEEDED" : false,
"HAS_REMOTE_USERS" : false,
"IS_CLIENT_CONNECT_ENABLED": true,
"EXTERNAL_IDENTITY" : "999",
"CREATOR" : "USER_CREATOR",
"ROLES": [
"PUBLIC",
"MODELING"
],
"APPLICATION_PRIVILEGES" : [
"sap.hana.backup::Admin"
],
"SYSTEM_PRIVILEGES" : [
"REPO.EXPORT",
],
"SAML_PROVIDERS" : [
{
"SAML_PROVIDER_NAME" : "PROVIDER_NAME",
"EXTERNAL_IDENTITY" : null
}
]
}
Update a user
Update a user from the database. You must specify the id in the URI path.
The roles field combines the catalog and repository roles. To grant and revoke roles, application or system privileges, some requirements are necessary, as detailed here.
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header 'Accept-API-Version: resource=1.0' \
--request PUT \
--data '{
"EMAIL_ADDRESS": "NEW_MAIL@EMAIL.COM",
"CLIENT" : "002",
"TIME_ZONE" : "PST",
"VALID_FROM" : "2023-09-06",
"VALID_UNTIL" : "2023-12-31",
"IS_KERBEROS_ENABLED" : true,
"IS_SAML_ENABLED" : true,
"IS_PASSWORD_ENABLED" : true,
"PASSWORD_CHANGE_NEEDED": true,
"IS_CLIENT_CONNECT_ENABLED": true,
"EXTERNAL_IDENTITY": "999",
"ROLES": [
"PUBLIC",
"RESTRICTED_USER_JDBC_ACCESS"
]
}' \
'http://localhost:8080/openidm/system/saphanadb/__ACCOUNT__/USER_ID'
{
"USER_NAME": "USERNAME",
"EMAIL_ADDRESS": "NEW_MAIL@EMAIL.COM",
"IS_RESTRICTED": false,
"CLIENT": "002",
"TIME_ZONE": "PST",
"USER_MODE": "LOCAL",
"VALID_FROM": "2023-09-06",
"VALID_UNTIL": "2023-12-31",
"IS_KERBEROS_ENABLED": true,
"IS_SAML_ENABLED": true,
"IS_PASSWORD_ENABLED": true,
"PASSWORD_CHANGE_NEEDED": true,
"IS_CLIENT_CONNECT_ENABLED": true,
"EXTERNAL_IDENTITY": "999",
"HAS_REMOTE_USERS": false,
"CREATOR": "USER_CREATOR",
"ROLES": [
"PUBLIC",
"RESTRICTED_USER_JDBC_ACCESS",
],
"APPLICATION_PRIVILEGES": [],
"SYSTEM_PRIVILEGES": [],
"SAML_PROVIDERS" : []
}
Delete a user
Delete a user from a database. You must specify the id in the URI path:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header 'Accept-API-Version: resource=1.0' \
--request DELETE \
'http://localhost:8080/openidm/system/saphanadb/__ACCOUNT__/USER_ID'
{
"USER_NAME" : "NEW_USER",
"EMAIL_ADDRESS" : "NEW_USER@EMAIL.COM",
"IS_RESTRICTED" : false,
"CLIENT" : "001",
"TIME_ZONE" : "GMT",
"USER_MODE" : "LOCAL"
"VALID_FROM": "2024-12-12",
"VALID_UNTIL": "2025-12-12",
"IS_SAML_ENABLED" : false,
"IS_KERBEROS_ENABLED" : false,
"IS_PASSWORD_ENABLED" : true,
"PASSWORD_CHANGE_NEEDED" : false,
"IS_CLIENT_CONNECT_ENABLED": true,
"HAS_REMOTE_USERS" : false,
"EXTERNAL_IDENTITY" : "999",
"CREATOR" : "USER_CREATOR",
"ROLES": [
"PUBLIC"
],
"APPLICATION_PRIVILEGES" : [],
"SYSTEM_PRIVILEGES" : [],
"SAML_PROVIDERS" : []
}
Get roles
Retrieve roles from a SAP HANA Database:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Accept-API-Version: resource=1.0' \ --request GET \ 'http://localhost:8080/openidm/system/saphanadb/ROLES?_queryFilter=true' { "result": [ { "_id": "2361418", "ROLE_NAME": "ABAP_READ", "ROLE_ID": "2361418", "ROLE_MODE": "LOCAL", "__NAME__": "ABAP_READ", "ROLE_SCHEMA_NAME": null, "GLOBAL_IDENTITY": null }, ... }
Get system privileges
Retrieve system privileges from a SAP HANA Database:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Accept-API-Version: resource=1.0' \ --request GET \ 'http://localhost:8080/openidm/system/saphanadb/SYSTEM_PRIVILEGES?_queryFilter=true' { "result": [ { "_id": "ADAPTER ADMIN", "__NAME__": "ADAPTER ADMIN", }, ... }
Get application privileges
Retrieve application privileges from a SAP HANA Database:
curl --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Accept-API-Version: resource=1.0' \ --request GET 'http://localhost:8080/openidm/system/saphanadb/APPLICATION_PRIVILEGES/_queryFilter=true' { "result": [ { "_id": "sap.hana.ide::Catalog", "__NAME__": "sap.hana.ide::Catalog" }, ... }
OpenICF Interfaces Implemented by the SAP HANA Database Connector
The SAP HANA Database Connector implements the following OpenICF interfaces. For additional details, see ICF interfaces:
- Create
-
Creates an object and its
uid
. - Delete
-
Deletes an object, referenced by its
uid
. - Schema
-
Describes the object types, operations, and options that the connector supports.
- Script on Connector
-
Enables an application to run a script in the context of the connector.
Any script that runs on the connector has the following characteristics:
-
The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access.
-
The script has access to a
connector
variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration. -
The script has access to any script arguments passed in by the application.
-
- Search
-
Searches the target resource for all objects that match the specified object class and filter.
- Test
-
Tests the connector configuration.
Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid.
This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out).
You can invoke the test operation before a connector configuration has been validated.
- Update
-
Updates (modifies or replaces) objects on a target resource.
SAP HANA Database Connector Configuration
The SAP HANA Database Connector has the following configurable properties:
Configuration properties
Property | Type | Default | Encrypted(1) | Required(2) |
---|---|---|---|---|
|
|
|
|
No |
The connection properties that will be sent to our JDBC driver when establishing new connections. Format of the string must be [propertyName=property;]* NOTE - The "user" and "password" properties will be passed explicitly, so they do not need to be included here. |
||||
|
|
|
|
No |
Set this to true to propagate the interrupt state for a thread that has been interrupted (not clearing the interrupt state). Set the value as false for backwards compatibility. |
||||
|
|
|
|
No |
Set this to true if you wish to put a facade on your connection so that it cannot be reused after it has been closed. This prevents a thread holding on to a reference of a connection it has already called closed on, to execute queries on it. |
||||
|
|
|
|
No |
The default catalog of connections created by this pool. |
||||
|
|
|
|
No |
avoid excess validation, only run validation at most at this frequency - time in milliseconds. If a connection is due for validation, but has been validated previously within this interval, it will not be validated again. |
||||
|
|
|
|
No |
Flag whether ignore error of connection creation while initializing the pool. Set to true if you want to ignore error of connection creation while initializing the pool. Set to false if you want to fail the initialization of the pool by throwing exception. |
||||
|
|
|
|
No |
Register the pool with JMX or not. |
||||
|
|
|
|
No |
If autoCommit==false then the pool can complete the transaction by calling commit on the connection as it is returned to the pool If rollbackOnReturn==true then this attribute is ignored. |
||||
|
|
|
|
No |
Flag to log stack traces for application code which abandoned a Connection. Logging of abandoned Connections adds overhead for every Connection borrow because a stack trace has to be generated. |
||||
|
|
|
|
No |
The maximum number of connections that should be kept in the pool at all times. Idle connections are checked periodically (if enabled) and connections that been idle for longer than minEvictableIdleTimeMillis will be released. (also see testWhileIdle). |
||||
|
|
|
|
No |
The indication of whether objects will be validated by the idle object evictor (if any). If an object fails to validate, it will be dropped from the pool. NOTE - for a true value to have any effect, the validationQuery parameter must be set to a non-null string. This property has to be set in order for the pool cleaner/test thread is to run (also see timeBetweenEvictionRunsMillis). |
||||
|
|
|
|
No |
Flag to remove abandoned connections if they exceed the removeAbandonedTimeout. If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a connection. See also logAbandoned. |
||||
|
|
|
|
No |
Connections that have been abandoned (timed out) wont get closed and reported up unless the number of connections in use are above the percentage defined by abandonWhenPercentageFull. The value should be between 0-100. The value 0 implies that connections are eligible for closure as soon as removeAbandonedTimeout has been reached. |
||||
|
|
|
|
No |
The minimum number of established connections that should be kept in the pool at all times. The connection pool can shrink below this number if validation queries fail (also see testWhileIdle). |
||||
|
|
|
|
No |
The default read-only state of connections created by this pool. If not set then the setReadOnly method will not be called (Some drivers dont support read only mode, ex: Informix). |
||||
|
|
|
|
No |
The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception. |
||||
|
|
|
|
No |
Set this to true to log errors during the validation phase to the log file. If set to true, errors will be logged as SEVERE. Set the value as false for backwards compatibility. |
||||
|
|
|
|
No |
The fully qualified Java class name of the JDBC driver to be used. The driver has to be accessible from the same classloader as tomcat-jdbc.jar. |
||||
|
|
|
|
No |
Returns the name of the connection pool. By default a JVM unique random name is assigned. |
||||
|
|
|
|
No |
If a statement proxy is set, wrap statements so that equals() and hashCode() methods can be called on closed statements. |
||||
|
|
|
|
No |
A custom query to be run when a connection is first created. |
||||
|
|
|
|
No |
The timeout in seconds before a connection validation queries fail. This works by calling java.test_sample.Statement.setQueryTimeout(seconds) on the statement that executes the validationQuery. The pool itself doesnt timeout the query, it is still up to the JDBC driver to enforce query timeouts. A value less than or equal to zero will disable this feature. |
||||
|
|
|
|
No |
The SQL query that will be used to validate connections from this pool before returning them to the caller. If specified, this query does not have to return any data, it just cant throw a SQLException. Example values are SELECT 1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server). |
||||
|
|
|
|
No |
If autoCommit==false then the pool can terminate the transaction by calling rollback on the connection as it is returned to the pool. |
||||
|
|
|
|
No |
By default, the jdbc-pool will ignore the DataSource.getConnection(username,password) call, and simply return a previously pooled connection under the globally configured properties username and password, for performance reasons. The pool can however be configured to allow use of different credentials each time a connection is requested. To enable the functionality described in the DataSource.getConnection(username,password) call, simply set the property alternateUsernameAllowed to true. Should you request a connection with the credentials user1/password1 and the connection was previously connected using different user2/password2, the connection will be closed, and reopened with the requested credentials. This way, the pool size is still managed on a global level, and not on a per schema level. |
||||
|
|
|
|
No |
The JNDI name for a data source to be looked up in JNDI and then used to establish connections to the database. See the dataSource attribute. |
||||
|
|
|
|
No |
The name of a class which implements the org.apache.tomcat.jdbc.pool.Validator interface and provides a no-arg constructor (may be implicit). If specified, the class will be used to create a Validator instance which is then used instead of any validation query to validate connections. An example value is com.mycompany.project.SimpleValidator. |
||||
|
|
|
|
No |
Timeout value in seconds. Similar to to the removeAbandonedTimeout value but instead of treating the connection as abandoned, and potentially closing the connection, this simply logs the warning if logAbandoned is set to true. If this value is equal or less than 0, no suspect checking will be performed. Suspect checking only takes place if the timeout value is larger than 0 and the connection was not abandoned or if abandon check is disabled. If a connection is suspect a WARN message gets logged and a JMX notification gets sent once. |
||||
|
|
|
|
No |
Set to true if you wish the ProxyConnection class to use String.equals and set to false when you wish to use == when comparing method names. This property does not apply to added interceptors as those are configured individually. |
||||
|
|
|
|
No |
Timeout in seconds before an abandoned(in use) connection can be removed. The value should be set to the longest running query your applications might have. |
||||
|
|
|
|
No |
The default auto-commit state of connections created by this pool. If not set, default is JDBC driver default (If not set then the setAutoCommit method will not be called). |
||||
|
|
|
|
No |
Validate the connection when connecting to the database for the first time. Set to true if you want to use the validationQuery as an init query. |
||||
|
|
|
|
No |
A semicolon separated list of classnames extending org.apache.tomcat.jdbc.pool.JdbcInterceptor class. See Configuring JDBC interceptors below for more detailed description of syntax and examples. These interceptors will be inserted as an interceptor into the chain of operations on a java.sql.Connection object. |
||||
|
|
|
|
No |
The initial number of connections that are created when the pool is started. |
||||
|
|
|
|
No |
The default TransactionIsolation state of connections created by this pool. One of the following: NONE, READ_COMMITTED, READ_UNCOMMITTED, REPEATABLE_READ, SERIALIZABLE If not set, the method will not be called and it defaults to the JDBC driver. |
||||
|
|
|
|
No |
Property not used in tomcat-jdbc-pool. |
||||
|
|
|
|
No |
The URL used to connect to the database. |
||||
|
|
|
|
No |
The indication of whether objects will be validated before being borrowed from the pool. If the object fails to validate, it will be dropped from the pool, and we will attempt to borrow another. NOTE - for a true value to have any effect, the validationQuery parameter must be set to a non-null string. In order to have a more efficient validation, see validationInterval. |
||||
|
|
|
|
No |
Set to true if you wish that calls to getConnection should be treated fairly in a true FIFO fashion. This uses the org.apache.tomcat.jdbc.pool.FairBlockingQueue implementation for the list of the idle connections. This flag is required when you want to use asynchronous connection retrieval. Setting this flag ensures that threads receive connections in the order they arrive. During performance tests, there is a very large difference in how locks and lock waiting is implemented. When fairQueue=true there is a decision making process based on what operating system the system is running. If the system is running on Linux (property os.name=Linux. To disable this Linux specific behavior and still use the fair queue, simply add the property org.apache.tomcat.jdbc.pool.FairBlockingQueue.ignoreOS=true to your system properties before the connection pool classes are loaded. |
||||
|
|
|
|
No |
Property not used. Access can be achieved by calling unwrap on the pooled connection. See javax.sql.DataSource interface, or call getConnection through reflection or cast the object as javax.sql.PooledConnection. |
||||
|
|
|
|
No |
Time in milliseconds to keep this connection. When a connection is returned to the pool, the pool will check to see if the now - time-when-connected > maxAge has been reached, and if so, it closes the connection rather than returning it to the pool. The value 0 implies that connections will be left open and no age check will be done upon returning the connection to the pool. |
||||
|
|
|
|
No |
The minimum amount of time an object may sit idle in the pool before it is eligible for eviction. |
||||
|
|
|
|
No |
The number of milliseconds to sleep between runs of the idle connection validation/cleaner thread. This value should not be set under 1 second. It dictates how often we check for idle, abandoned connections, and how often we validate idle connections. |
||||
|
|
|
|
No |
The indication of whether objects will be validated before being returned to the pool. NOTE - for a true value to have any effect, the validationQuery parameter must be set to a non-null string. |
||||
|
|
|
|
No |
Use a lock when performing operations on the connection object. Set to true if you will use a separate background thread for idle and abandon checking (e.g. JMX clients). If the pool sweeper is enabled, a lock is used, regardless of this setting. |
||||
|
|
|
|
No |
The maximum number of active connections that can be allocated from this pool at the same time. |
||||
|
|
|
|
No |
The connection username to be passed to our JDBC driver to establish a connection |
||||
|
|
|
Yes |
Yes |
SAP HANA Database login password to authenticate the user |
||||
|
|
|
|
No |
Page size of search |
||||
|
|
|
|
No |
List of database users to be ignored by the connector |
(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.
(2) A list of operations in this column indicates that the property is required for those operations.