-
1. Re: Determining if its a local connection
I think your requirement seems wrong. Why would authentication depend upon how internals of a connection work?
-
2. Re: Determining if its a local connection
If its a local connection, we can assume the connection was setup with passthruauthentication. If its not a local connection, then the users credentials will need to be passed thru to Teiid somehow, so that his/her permissions are used.
-
3. Re: Determining if its a local connection
I guess I could call changeUser(..) regardless, but didn't want to override the benefits of passthruauthentication.
-
4. Re: Determining if its a local connection
There is no gurantee that a LocalConnection is always setup with the "PassthroughAuthentication". Other than using Kerberos there is no other way to pass a user credential through a remote JDBC connection. If you are using "changeUser" then it does not matter, you are reauthentiating the user to a different user, which you want to do always irrespective of the connection type.
-
5. Re: Determining if its a local connection
I thought that's what passthruauthentication did? It provided the users credentials so that the user didn't need to be reauthenticated, like when changeUser(..) is called. Which was the benefit for local connections. As for remote connections, which I can't tell what type of connection I have, which I know I need to call changeUser(..). But if if local connections will have passthruauthentication=true set, what will happen to a local connection if changeUser(..) is also called? The benefits of passthruauthentication are lost, right?
-
6. Re: Determining if its a local connection
Passthrough Authentication = The user is already authenticated against some security domain and the Subject is already available on the thread context, using this you can by pass the authentication at Teiid level and accept the current user on the thread as the Teiid user.
changeUser = Some user is authenticated currently with Teiid, with out closing the current physical connection, the connection's current user is switched out with a different user. This is useful when a pool of connections are being used by different users.
-
7. Re: Determining if its a local connection
Van,
At the very least you want to keep the application free from as much connection/authentication knowledge if possible. If for whatever reason you are making your application aware of reauthentication, then that should be built upon an assumption about how connections are made and retrieved.
Otherwise the more typical approach is to push as much of this behavior as possible into the pooling layer. So it's then a question of configuring the datasource. You can either set up a local connection with passthrough or set up a remote connection with some pooling hooks to perform reauthentication - that in AS 7 could done through https://source.jboss.org/browse/IronJacamar/trunk/adapters/src/main/java/org/jboss/jca/adapters/jdbc/spi/reauth/ReauthPlugin.java?hb=true which they have already provided for MySQL I believe.
Steve