|
|
|
|
|
|
by MattPalmer1086
297 days ago
|
|
|
I did something similar about 20 years ago, although not using JWT. The application supplied a session token when first querying the database. The database would make a call to the authentication server to verify it and obtain the roles associated with that session. If it had not seen that combination of roles before, it would build and cache access tables for them (needed for performance when using views for row level security). Then any further queries using that token were fast. This also worked with connection pooling. It had some rough edges; we had to run periodic cleanup jobs to remove stale cached access tables and tokens. And even with them, enforcing row level security consumed about 30% of the database server performance! But, it did work and remained in service for about 7 years. Eventually, they replaced it with something much simpler. I had left and nobody understood it anymore. Which I guess is a separate issue about doing unusual things with tech... |
|
|