[jira] Commented: (DERBY-3327) SQL roles: Implement authorization stack

Tue, 22 Jan 2008 13:30:55 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12561476#action_12561476
 ] 

Daniel John Debrunner commented on DERBY-3327:
----------------------------------------------

Thanks for the detailed reply

StatementContexts are not for the JDBC layer, they are really for the SQL 
layer. The current statement context can be obtained using 
lcc.getStatementContext(). If an activation (or its result set) is being 
executed in any way  then it is the current statement context. Derby is only 
actively executing a single statement at any time for a connection.

Another thought is that the context manager exists to handle pushing and 
popping of contexts, so should this existing paradigm be used to manage new 
contexts such as a SQLSessionContext or authentication stack. Then error 
cleanup would be handled consistently, rather than introducing a new mechanism 
with a different paradigm.

The statement context may not match the SQLSessionContext in all cases (e.g. it 
maybe does for a procedure call but not for a function call).



> SQL roles: Implement authorization stack
> ----------------------------------------
>
>                 Key: DERBY-3327
>                 URL: https://issues.apache.org/jira/browse/DERBY-3327
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.4.0.0
>
>         Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff, 
> DERBY-3327-2.stat, DERBY-3327-3.diff, DERBY-3327-3.stat
>
>
> The current LanguageConnectionContext keeps the user authorization identifier 
> for an SQL session.
> The lcc is shared context also for nested connections (opened from stored 
> procedures).
> So far, for roles, the current role has been stored in the lcc also. However, 
> SQL requires that
> authorization identifers be pushed on a "authorization stack" when calling a 
> stored procedure, cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3.
> This allows a caller to keep its current role after a call even if changed by 
> the stored procedure.
> This issue will implement the current role name part ("cell") of the 
> authorization stack. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to