[teiid-issues] [JBoss JIRA] Updated: (TEIID-1247) Passthrough Authentication on JDBC Connection not switching identities

Passthrough Authentication on JDBC Connection not switching identities ---------------------------------------------------------------------- Key: TEIID-1247 URL: https://jira.jboss.org/browse/TEIID-1247 Project: Teiid Issue Type: Bug Components: Query Engine Affects Versions: 7.1 Environment: Teiid: 7.1 JBoss: EAP 501 Java: 1.6.0_20 HotSpot 64-Bit Server VM 16.3-b01-279 (Apple Inc). Teiid Datasources deployed as Embedded XA Datasource. Reporter: Brenton Camac Assignee: Ramesh Reddy Fix For: 7.1.1, 7.2 When the Teiid datasource property 'PassthroughAuthentication' is enabled Teiid does not switch the identity on that connection when the caller's identity is changed. Such is typically the case when an existing connection is retrieved from the connection pool (datasource.getConnection() ) by a different caller identity. Teiid should switch the identity on that connection to the new caller's identity. This is described in the Client Developer's Guide (http://docs.jboss.org/teiid/7.1.0.Final/client-developers-guide/en-US/htm...) Section 1.2 - Datasource Connection in Table 1.2 / PassthroughAuthentication: "... Teiid also verifies that the same user is using this connection during the life of the connection. if it finds a different security context on the calling thread, it switches the identity on the connection, if the new user is also eligible to log in to Teiid otherwise connection fails to execute." When the identity isn't switched as it should be one caller can initiate a connection and another caller with a different identity will be presented to Teiid's authorization facility as the other caller, resulting in incorrect authorization decisions.