Trusted connections with DB2
Trusted connections allow for the application server to use DB2® Trusted Context objects to establish connections with a user whose credentials are trusted by the DB2 server to open the connection. By establishing a Trusted Context, this user is then trusted to assert other user identities on the DB2 server without the expense of reauthentication. This also enhances the security of your DB2 database by eliminating the need to assign all privileges to a single user. Implementing trusted connections results in client identity propagation while leveraging connection pooling to eliminate the performance penalty of closing and reopening connections with a different identity.
To reduce the significant expense of establishing new connections, the connection manager maintains a connection pool in which each connection is tracked by the credential originally used to open the connection. When an application needs a connection, the connection manager uses the credential object to match a free connection from the connection pool. If no free connection is available and the maximum number of connections has not been reached, the connection pool manager opens a new connection using that credential object. This connection mapping is the default connection mapping used by the application server and is known as a many-to-one credential mapping because the connection is opened using the credential object in the subject, which is usually not the same as the RunAs identity. This simple mapping supports easy connection pooling, but the caller identity is never propagated to database server.
To propagate the caller identify to the database server, you can plug in a Java™ Authentication and Authorization Service (JAAS) login module. Using this method, you would map the application server user credential to the user credential suitable for the database server security realm. This approach maintains the caller identity, but does not use connection pooling.
Trusted connections are used instead of the default mapping or a JAAS mapping to connect to the data source. Trusted connections support client identity propagation and can also use connection pooling to reduce the performance penalty of closing and reopening connections with a different identity. Trusted connections use the DB2 trusted context object.
Using the trusted connection provides the needed plug-in points to support adding your own secure implementation of the DB2 trusted context. Trusted connections separate the identity used to establish the connection from the identity that accesses the back-end server services. The connection is established by a user whose credentials are trusted by the DB2 server to open the connection. The same user is also then trusted to assert the identity of the other users. This assertion also helps strengthen database security by eliminating the need to grant all privileges to a single user.
When the application requests a connection to the database, the connection manager can find any idle trusted connection and assert the user identity to the backend server. All the operations performed on the backend server are from the asserted user identity. The use of an identity mapping may still be needed if the back-end server uses a different user repository than that of the application server.
- A resource principal object that this resource subject represents
- A PasswordCredential object in the private credential set
- An IdentityPrincipal object in the principal set