-
1. Re: Impersonate Oracle in the VDB
Are you saying that you need to switch the Teiid connection to oracle to a different user? There are a couple of options supported by Teiid/WildFly - there is end-to-end delegation if you can use Kerberos: Kerberos Authentication to Oracle from Teiid or you can use the oracle reauthentication plugin and an identity mapping security domain to switch the connection to another user.
-
2. Re: Impersonate Oracle in the VDB
Yeah, I need switch the connection. The oracle impersonate enable switch the connection with second user without the password of the second user. Obviusly I need configurate in the data base some roles.
Impersonate option in the oracle: "alter user user1 grant connect through someuser" ;
For example, I need some as the following in the virtual procedure.
connect user1[someuser]/pass@oracle; // Use the impersonate
execute some inserts/update; // Execute somes statements
connect user1/pass@oracle; // Exit the impersonate
-
3. Re: Impersonate Oracle in the VDB
You can use the Oracle reauth plugin and a security domain that associates the desired username/password with subject. On your datasource:
<security>
<reauth-plugin class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleReauthPlugin"/>
<security-domain>someDomain</security-domain>
</security>
The security domain is up to your needs and can associate the caller credentials, map to specific credentials, etc. It seems like you may want the switch to be contextual (only for some updates, but not other operations) however which will be difficult to control with built in mechanisms.