db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3327) SQL roles: Implement authorization stack
Date Thu, 17 Jan 2008 19:21:34 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dag H. Wanvik updated DERBY-3327:
---------------------------------

    Attachment: DERBY-3327-1.stat
                DERBY-3327-1.diff

This patch implements an authorization stack for roles. The basic idea
is as follows: For the top level, the current role is kept in the
lcc. For dynamic call contexts (while in nested connections opened
from a stored procedure/function), the current role is kept in the
activation of the calling statement. The lcc keeps a stack of call
activations to help initialize the activations so they know their
calling activation.

If several nested connections are opened inside a stored procedure
they share the authorization context.

If a dynamic result set is passed out referring to the current role
inside a stored procedure, the correct (nested) value will result,
since the activation of the call is still live.

RolesTest has also been extended to test these semantics.

For review only at this point. I have run regression tests without any
errors. Any feedback is welcome!


> SQL roles: Implement authorization stack
> ----------------------------------------
>
>                 Key: DERBY-3327
>                 URL: https://issues.apache.org/jira/browse/DERBY-3327
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.4.0.0
>
>         Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat
>
>
> The current LanguageConnectionContext keeps the user authorization identifier for an
SQL session.
> The lcc is shared context also for nested connections (opened from stored procedures).
> So far, for roles, the current role has been stored in the lcc also. However, SQL requires
that
> authorization identifers be pushed on a "authorization stack" when calling a stored procedure,
cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3.
> This allows a caller to keep its current role after a call even if changed by the stored
procedure.
> This issue will implement the current role name part ("cell") of the authorization stack.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message