[teiid-issues] [JBoss JIRA] Updated: (TEIID-1247) Passthrough Authentication on JDBC Connection not switching identities

Ramesh Reddy (JIRA) jira-events at lists.jboss.org
Sat Sep 4 11:39:52 EDT 2010 

     [ https://jira.jboss.org/browse/TEIID-1247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ramesh Reddy updated TEIID-1247:
--------------------------------

         Assignee: Ramesh Reddy  (was: Steven Hawkins)
    Fix Version/s: 7.1.1
                   7.2
      Component/s: Query Engine
                       (was: Embedded)


> Passthrough Authentication on JDBC Connection not switching identities
> ----------------------------------------------------------------------
>
>                 Key: TEIID-1247
>                 URL: https://jira.jboss.org/browse/TEIID-1247
>             Project: Teiid
>          Issue Type: Bug
>          Components: Query Engine
>    Affects Versions: 7.1
>         Environment: Teiid: 7.1
> JBoss: EAP 501
> Java: 1.6.0_20  HotSpot 64-Bit Server VM 16.3-b01-279  (Apple Inc).
> Teiid Datasources deployed as Embedded XA Datasource.
>            Reporter: Brenton Camac
>            Assignee: Ramesh Reddy
>             Fix For: 7.1.1, 7.2
>
>
> When the Teiid datasource property 'PassthroughAuthentication' is enabled Teiid does not switch the identity on that connection when the caller's identity is changed.  Such is typically the case when an existing connection is retrieved from the connection pool (datasource.getConnection() )  by a different caller identity.  Teiid should switch the identity on that connection to the new caller's identity.
> This is described in the Client Developer's Guide (http://docs.jboss.org/teiid/7.1.0.Final/client-developers-guide/en-US/html_single/) Section 1.2 - Datasource Connection in Table 1.2 / PassthroughAuthentication:
>  
> "...  Teiid also verifies that the same user is using this connection during the life of the connection. if it finds a different security context on the calling thread, it switches the identity on the connection, if the new user is also eligible to log in to Teiid otherwise connection fails to execute."
> When the identity isn't switched as it should be one caller can initiate a connection and another caller with a different identity will be presented to Teiid's authorization facility as the other caller, resulting in incorrect authorization decisions.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the teiid-issues mailing list