PingAuthorize

Configuring database service connections

You can configure the pooling mechanism and add allowed drivers for database service connections.

A database pool is a cache of database connections that PingAuthorize uses to manage system performance. Instead of establishing a new connection each time the server needs to retrieve policy information from the database, PingAuthorize leverages an existing connection from the database pool. PingAuthorize creates a database pool for each database service that you define. The pool configuration specified in the PingAuthorize Server will apply to each pool.

  • Admin console

  • dsconfig

Steps

  1. In the PingAuthorize admin console, go to Configuration > Authorization and Policies > Policy Decision Service.

  2. In the Policy Information Provider: Database Pools Configuration section, configure the following database pool properties:

    Property Description

    Database Pools Read Only

    Specifies whether the database pools are read-only. Some database types do not support the read-only mode. If the database type doesn’t support the read-only mode, the database pools will be read-write regardless of the value of this property.

    Database Pools Max Pool Size

    Specifies the maximum number of connections in a database pool.

    Database Pools Connection Timeout Seconds

    Specifies the maximum number of seconds that a connection request waits for an available connection in the database pool.

    Database Pool Validation Timeout Seconds

    Specifies the maximum number of seconds that a database pool tests a connection for aliveness.

    Database Pool Max Lifetime Seconds

    Specifies the maximum number of seconds that a connection stays in the database pool. The database pool will only remove a connection if the maximum lifetime elapses and the connection is no longer active.

    Setting this property to any value between 0 and 30 will have no effect.

    Setting this property to 0 makes the maximum lifetime indefinite.

  3. To add a database driver other than PostgreSQL or Oracle, go to the Policy Information Provider allowed Database Drivers section and click New Policy Information Provider Allowed Database Driver.

  4. In the Name field, enter the name of the database driver in the format .driver.

  5. In the Driver Class Name field, enter the fully qualified Java class name of the database driver.

    Screen capture of the New Policy Information Provider Allowed Database Driver wizard with sample values in the Name and Driver Class Name fields

  6. Click Save.

Configuring database services using dsconfig

Steps

  • To create or delete allowed database drivers in the PingAuthorize server, use the dsconfig create-policy-information-provider-allowed-database-driver or the dsconfig delete-policy-information-provider-allowed-database-driver command.

    With the --drivername argument, specify the name of the database driver in the format .driver.

    With the --set driver-class-name argument, specify the fully qualified Java class name of the database driver.

    Example:

    dsconfig create-policy-information-provider-allowed-database-driver --drivername example.driver --set driver-class-name:org.example.driver

  • To configure the database pool properties, use the dsconfig set-policy-decision-service-prop command and include the following arguments:

    Argument Description

    --set database-pools-read-only

    Specifies whether the database pools are read-only. Some database types do not support the read-only mode. If the database type does not support the read-only mode, the database pools will be read-write regardless of the value of this property.

    --set database-pools-max-pool-size

    Specifies the maximum number of connections in a database pool.

    --set database-pools-connection-timeout-seconds

    Specifies the maximum number of seconds that a connection request waits for an available connection in the database pool.

    --set database-pools-validation-timeout-seconds

    Specifies the maximum number of seconds that a database pool tests a connection for aliveness.

    --set database-pools-max-lifetime-seconds

    Specifies the maximum number of seconds that a connection stays in the database pool. The database pool will only remove a connection if the maximum lifetime elapses and the connection is no longer active.

    Setting this property to any value between 0 and 30 will have no effect.

    Setting this property to 0 makes the maximum lifetime indefinite.