ASSERTING IDENTITIES OF APPLICATION USERS IN A DATABASE SYSTEM BASED ON DELEGATED TRUST

摘要

Techniques are provided for integrating application-level user security context with a database. A session manager, in a middle tier that includes an application, obtains the security context of a user and establishes, in the database, a light-weight session (LWS) that reflects the security context. The security context is synchronized between the middle tier and database before application code execution. The database maintains an isolated copy of the LWS for the unit of application code executed as the security context. The database sends to the session manager the identifier of the copy of LWS. Before allowing a request from an application to be sent to the database, the session manager, transparent to the application, inserts an identifier that identifies the LWS. In this way, the database processes an application request in the context of the corresponding user's security context that is the same as the security context in the middle tier.

主权项

1. A method comprising:
initiating, at a middle tier that includes one or more applications, a session manager that is associated with credential data; sending the credential data from the middle tier to a database system; after sending the credential data to the database system, inserting, by the session manager, into a session management request that is related to a database session, trust data that is based on the credential data and that authenticates the session manager to the database system; after inserting the trust data into the session management request, sending the session management request from the middle tier to the database system; wherein the method is performed by one or more computing devices.