Should JDBC queries keep a user account from expiring?
Hello all,
On one of my team's systems, we utilize a business operation with the EnsLib.SQL.OutboundAdapter to make SQL queries to another IRIS system using JDBC. To authenticate the connection, we utilize a user account on the target system.
We recently had a failure where this user account expired due to inactivity, causing all queries to error until the account was reactivated on the target system. The root cause of this was that the adapter only authenticates when the initial connection is established, and running the queries over JDBC does not reauthenticate/extend the account inactivity timeout.
Is this the intended behavior? It feels like running queries over an active connection should prevent the account from timing out. Has anyone else run into this/implemented workarounds?
Thanks,
Nick P.
Comments
I want to highlight the fact that the account expiration was several months long (so the connection being up for many months with no reconnecting) resulted in the account expiring.
The other question (besides workarounds) is whether this is expected / desired behavior at the product level, or perhaps the account inactivity logic should take into account ongoing activity?
You can tune the reconnection behaviour using SQL outbound adapter settings as documented here.
This is intended behaviour we're not planning to change, though interested if other DC members have run into this and want to share their experiences. Also curious to hear if someone tried to keep a shell / telnet connection open for 4 months :-)
Awesome - thank you @Benjamin De Boe! Just what we needed to know :)
Thanks @Benjamin De Boe! Is there a particular value you'd recommend setting StayConnected to to minimize query latency while still refreshing the connection within the user expiry window? This is a high usage application so we are pretty concerned about query and connection performance.
If you don't like the default behavior, change it. 😊
You can change it system wide from Management Portal, System Administration -> Security -> System Security -> System-wide Security Parameters
There you can change "Inactive limit" to 0 (zero), this way accounts never expire.
You can also change it for any individual user accounts in Management Portal, System Administration -> Security -> Users -> (select the user)
There you can enable the checkbox "Account Never Expires".
Thank you, we did change it as a stopgap, but we're more wondering about a more secure way to handle this situation. Benjamin's answer above is exactly what we needed, and he confirmed it was intended behavior which is very helpful