Current versions of Adaptive Server Enterprise and Adaptive Server Anywhere allow a user to assume the identity and privileges of another user. You can use this feature with any database that recognizes this command:
set session authorization “login-name”
When proxy support is enabled, connections retrieved from the cache are set to act as a proxy for the user name associated with the EAServer client. The user name specified in the cache properties must have set-proxy privileges in the database and server used by the cache.
DataSource contains:
A new Boolean property: setSessionAuth, with the default set to false.
A new string property: setSessionAuthSystemID, default is “ ” (an empty string). If this property is not specified, Datasource defaults to the user name property for the DataSource when the user is the system user.
DatabaseType contains a new Boolean property: supportsSetSessionAuth, with the default set to false. For Adaptive Sever Anywhere and Adaptive Server Enterprise, the default configuration script value is set to true.
If setSessionAuth is enabled for a DataSource and the DatabaseType supports this feature, when a connection is retrieved from the ConnectionPool set session authorization “login-name” on the connection is called, where login-name is the client identity.
If the current client identity is the system user, the setSessionAuthSystemID is used.
To support this feature, these com.sybase.djc.sql.ConnectionPool methods are changed to call set session authorization:
public Object getConnection(ConnectionWrapper wrapper)
public Object getConnection()
Adaptive Server Enterprise users may also have to set
the database option ddl in tran.
