You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to HikariCP
Hi!
We are in the process of moving our app from our data center to AWS. The old connection pooling framework we are currently using won't work on AWS. After a little research I found HikariCP a good match for what we wanted. We are using role based authentication to RDS on AWS. This requires us to use a password that is generated by AWS which later expires. Using HikariCP works great until the password expires. Since Hikari seems to only support string based passwords I was forced to extend one of your classes to add this functionality. I first extended HikariConfig which I had setup to pass into HikariDataSource by overriding the get and set Password methods. I later found that HikariDataSource copies the config entries into it self since it extends HikariConfig and discards the HikariConfig that is passed in. This lead me to extend HikariDataSource doing the same as HikariConfig by overriding the get and set Password methods. I needed it to support both static and generated passwords that when they expire will generate a new one when a new connection is created. It is never ideal to extend a framework when you need it to do what you want it to do. I post this here for anyone that wants to use Hikari in the way I have and in the hopes that Hikari will support this functionality in an easier way than extending HikariDataSource. I do wonder the side effects of connections expiring and having to be recreated as a possible issue later.
Brett Wooldridge
unread,
Oct 20, 2017, 9:59:04 PM10/20/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to HikariCP
HikariCP copies the configuration at startup to prevent the user from modifying properties at runtime that could destabilize the pool.
After the pool is started, the properties that are permissible to change at runtime are modifiable through the HikariConfigMXBean. Username and password are among those properties.
-Brett
Brett Wooldridge
unread,
Oct 20, 2017, 10:13:04 PM10/20/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to hika...@googlegroups.com
Regarding string-based passwords, RDS with IAM supports it. See “Connecting to a DB Instance or DB Cluster Using IAM Database Authentication” here for how to generate an authentication token:
I recommend setting up a 14 minute timer that obtains a new token and modifies the HikariCP password through the MBean API. If you don’t want to run JMX, the bean is still available through the HikariDataSource.
Kennett....@sony.com
unread,
Oct 23, 2017, 2:43:32 PM10/23/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to HikariCP
Thanks Brett for the response. I will look into using the MBean API.