I'm working on a spring(IoC/ MVC/ Security)/ JTOpen project backed up by DB2 over IBM System i (AS/400). For reasons I won't be able to discuss here, every user of the application was given an account on the IBM i (i5/OS) operating system so that his transactions get logged against his identity in the Journal (DB2 log files). In order to achieve that we have been establishing a connection once someone logs into the system using his credentials and accordingly getting his transactions against his name in the Journal.
Problem: Recently, we have been investigating on getting a connection pool in place instead of the status quo of connection per session. If the pool establishes these connections once the application starts using a generic i5/OS account, say: SystemAccount, then a user logs in a requests one of these connections, is there any way to execute transactions under the identity of the user although it was established using the generic system account?
The com.ibm.as400.security.auth package provides classes that allow user profile swapping using IBM i profile token and credential classes when using the AS400 connection class.
If you are using JDBC you can call the Security-related APIs to adopt profiles on the connection.