I should clarify that I'm really only interested in mapping identities between the USER_DOMAIN and each data source domain. The translator will still be responsible for obtaining proper credentials to the data source but it must receive the proper identity as part of its getConnection() method.
In JBoss EAP, data source configuration, you can also specify "security-domain" instead of static user id and password. Now if this security-domain is custom it have access to your USER_DOMAIN's subject so that you can derive the user for the source. Translator is typically not involved in this situation, only resource-adapter or data source.
Thanks Ramesh - I should explain something about our requirements that, I think, is different than a normal J2EE setup. Right now, Teiid and our sources are all in the same domain. When Teiid connects to a data source in order to satisfy a user query, the translator's getConnection() method uses the subject within the execution context to log into the data source as the user. In effect, Teiid is impersonating the user to each of our data sources.
In the world of multiple domains, I can see how putting the security domain in the data source configuration is helpful but how will the translator receive the proper subject for its data source?
Ramesh - I'm a little slow this morning. I just realized the importance of the idea that the data source's domain has knowledge of USER_DOMAIN. Thanks, I think this makes sense.