[
https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560042#action_12560042
]
dagw edited comment on DERBY-3327 at 1/17/08 11:23 AM:
----------------------------------------------------------------
This patch implements an authorization stack for roles. The basic idea
is as follows: For the top level, the current role is kept in the
lcc. For dynamic call contexts (while in nested connections opened
from a stored procedure/function), the current role is kept in the
activation of the calling statement. The lcc keeps a stack of call
activations to help initialize the activations so they know their
calling activation.
If several nested connections are opened inside a stored procedure
they share the authorization context.
If a dynamic result set is passed out referring to the current role
inside a stored procedure, the correct (nested) value will result,
since the activation of the call is still live.
RolesTest has also been extended to test these semantics.
The patch also fixes a bug in SetRoleConstantAction.
For review only at this point. I have run regression tests without any
errors. Any feedback is welcome!
was (Author: dagw):
This patch implements an authorization stack for roles. The basic idea
is as follows: For the top level, the current role is kept in the
lcc. For dynamic call contexts (while in nested connections opened
from a stored procedure/function), the current role is kept in the
activation of the calling statement. The lcc keeps a stack of call
activations to help initialize the activations so they know their
calling activation.
If several nested connections are opened inside a stored procedure
they share the authorization context.
If a dynamic result set is passed out referring to the current role
inside a stored procedure, the correct (nested) value will result,
since the activation of the call is still live.
RolesTest has also been extended to test these semantics.
For review only at this point. I have run regression tests without any
errors. Any feedback is welcome!
> SQL roles: Implement authorization stack
> ----------------------------------------
>
> Key: DERBY-3327
> URL: https://issues.apache.org/jira/browse/DERBY-3327
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.4.0.0
>
> Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat
>
>
> The current LanguageConnectionContext keeps the user authorization identifier
> for an SQL session.
> The lcc is shared context also for nested connections (opened from stored
> procedures).
> So far, for roles, the current role has been stored in the lcc also. However,
> SQL requires that
> authorization identifers be pushed on a "authorization stack" when calling a
> stored procedure, cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3.
> This allows a caller to keep its current role after a call even if changed by
> the stored procedure.
> This issue will implement the current role name part ("cell") of the
> authorization stack.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
