Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 50777 invoked from network); 28 May 2008 22:01:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 May 2008 22:01:13 -0000 Received: (qmail 22509 invoked by uid 500); 28 May 2008 22:01:15 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 22287 invoked by uid 500); 28 May 2008 22:01:14 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 22276 invoked by uid 99); 28 May 2008 22:01:14 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 May 2008 15:01:14 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 May 2008 22:00:27 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 8FDFE234C132 for ; Wed, 28 May 2008 15:00:48 -0700 (PDT) Message-ID: <1308116782.1212012048588.JavaMail.jira@brutus> Date: Wed, 28 May 2008 15:00:48 -0700 (PDT) From: "Dag H. Wanvik (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-3327) SQL roles: Implement authorization stack (and SQL session context to hold it) In-Reply-To: <8585052.1200590134098.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dag H. Wanvik updated DERBY-3327: --------------------------------- Description: The current LanguageConnectionContext keeps the user authorization identifier for an SQL session. The lcc is shared context also for nested connections (opened from stored procedures). So far, for roles, the current role has been stored in the lcc also. However, SQL requires that authorization identifers be pushed on a "authorization stack" when calling a stored procedure, cf. SQL 2003, vol 2, section 4.34.1.1 and 4.27.3 and 10.4 GR 5h and i. This allows a caller to keep its current role after a call even if changed by the stored procedure. This issue will implement the current role name part ("cell") of the authorization stack. The authorization stack will be implemented as part of the SQL session context. The patch will also implement the pushing of the current unqualified schema name part of the SQL session context, cf. 10.4 GR 5a (DERBY-1331). was: The current LanguageConnectionContext keeps the user authorization identifier for an SQL session. The lcc is shared context also for nested connections (opened from stored procedures). So far, for roles, the current role has been stored in the lcc also. However, SQL requires that authorization identifers be pushed on a "authorization stack" when calling a stored procedure, cf. SQL 2003, vol 2, section 4.34.1.1 and 4.27.3 and 10.4 GR 5h and i. This allows a caller to keep its current role after a call even if changed by the stored procedure. This issue will implement the current role name part ("cell") of the authorization stack. The authorization stack will be implemented as of the SQL session context. The patch will also implement the pushing of the current unqualified schema name part of the SQL session context, cf. 10.4 GR 5a (DERBY-1331). Derby Info: [Patch Available, Existing Application Impact, Release Note Needed] (was: [Release Note Needed, Existing Application Impact]) > SQL roles: Implement authorization stack (and SQL session context to hold it) > ----------------------------------------------------------------------------- > > Key: DERBY-3327 > URL: https://issues.apache.org/jira/browse/DERBY-3327 > Project: Derby > Issue Type: New Feature > Components: Security, SQL > Reporter: Dag H. Wanvik > Assignee: Dag H. Wanvik > Fix For: 10.5.0.0 > > Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff, DERBY-3327-2.stat, DERBY-3327-3.diff, DERBY-3327-3.stat, DERBY-3327-4-full-b.diff, DERBY-3327-4-full-b.stat, DERBY-3327-4-full-c.diff, DERBY-3327-4-full-c.stat, DERBY-3327-4-full-d.diff, DERBY-3327-4-full-d.stat, DERBY-3327-4-full-e-10_4.diff, DERBY-3327-4-full-e-10_4.stat, DERBY-3327-4-full-e.diff, DERBY-3327-4-full-e.stat, DERBY-3327-4-full.diff, DERBY-3327-4-full.stat, releaseNote.html > > > The current LanguageConnectionContext keeps the user authorization identifier for an SQL session. > The lcc is shared context also for nested connections (opened from stored procedures). > So far, for roles, the current role has been stored in the lcc also. However, SQL requires that > authorization identifers be pushed on a "authorization stack" when calling a stored procedure, cf. > SQL 2003, vol 2, section 4.34.1.1 and 4.27.3 and 10.4 GR 5h and i. > This allows a caller to keep its current role after a call even if changed by the stored procedure. > This issue will implement the current role name part ("cell") of the authorization stack. > The authorization stack will be implemented as part of the SQL session context. > The patch will also implement the pushing of the current unqualified schema name part of > the SQL session context, cf. 10.4 GR 5a (DERBY-1331). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.