You wrote in your article:
There are a couple of design choices
- An implementation that keeps all connections within the same managed connection pool
- An implementation that separates connections based on their credentials and does a reauthentication if needed
None of the options provide a solution for the issue described in the original post:
- the fact that a JCA resource adaptor may support multiple types of the underlying connections. That means - pooling by CRI at least.
- pooling by Subject (I pressume you mean it with credantials) may cause too many sub-pools in case of a big numgber of users. The consequence is that max pool size = max pool size x number of users.
In my opinion the pooling should depend on the re-authentication capability of adapter. If an adapter declares that it supports re-authentication - pool by CRI, if not - pool by Subject and CRI.