[teiid-commits] teiid SVN: r2366 - in trunk: jboss-integration/src/main/java/org/teiid/jboss and 2 other directories.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Wed Jul 21 18:27:12 EDT 2010
Author: rareddy
Date: 2010-07-21 18:27:10 -0400 (Wed, 21 Jul 2010)
New Revision: 2366
Modified:
trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
trunk/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java
trunk/runtime/src/test/java/org/teiid/services/TestMembershipServiceImpl.java
trunk/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java
Log:
TEIID-1048: check for the security context in the current thread context with the same security domain name, if match use that as the login credentials instead of authenticating again.
Modified: trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java 2010-07-21 19:15:52 UTC (rev 2365)
+++ trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java 2010-07-21 22:27:10 UTC (rev 2366)
@@ -36,4 +36,5 @@
Object createSecurityContext(String securityDomain, Principal p, Object credentials, Subject subject);
+ Subject getSubjectInContext(String securityDomain);
}
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2010-07-21 19:15:52 UTC (rev 2365)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2010-07-21 22:27:10 UTC (rev 2366)
@@ -28,6 +28,7 @@
import javax.security.auth.Subject;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SubjectInfo;
import org.teiid.security.SecurityHelper;
public class JBossSecurityHelper implements SecurityHelper, Serializable {
@@ -65,5 +66,16 @@
SecurityActions.pushSecurityContext(p, credentials, subject, securityDomain);
return getSecurityContext(securityDomain);
}
+
+ @Override
+ public Subject getSubjectInContext(String securityDomain) {
+ SecurityContext sc = SecurityActions.getSecurityContext();
+ if (sc != null && sc.getSecurityDomain().equals(securityDomain)) {
+ SubjectInfo si = sc.getSubjectInfo();
+ Subject subject = si.getAuthenticatedSubject();
+ return subject;
+ }
+ return null;
+ }
}
Modified: trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2010-07-21 19:15:52 UTC (rev 2365)
+++ trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2010-07-21 22:27:10 UTC (rev 2366)
@@ -150,11 +150,11 @@
if (!domains.isEmpty()) {
// Authenticate user...
// if not authenticated, this method throws exception
- TeiidLoginContext membership = authenticate(userName, credentials, applicationName, domains);
+ TeiidLoginContext membership = authenticate(userName, credentials, applicationName, domains, this.securityHelper);
loginContext = membership.getLoginContext();
userName = membership.getUserName();
securityDomain = membership.getSecurityDomain();
- securityContext = membership.getSecurityContext(securityHelper);
+ securityContext = membership.getSecurityContext();
}
// Validate VDB and version if logging on to server product...
@@ -204,9 +204,9 @@
return newSession;
}
- protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, List<String> domains)
+ protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, List<String> domains, SecurityHelper helper)
throws LoginException {
- TeiidLoginContext membership = new TeiidLoginContext();
+ TeiidLoginContext membership = new TeiidLoginContext(helper);
membership.authenticateUser(userName, credentials, applicationName, domains);
return membership;
}
Modified: trunk/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java 2010-07-21 19:15:52 UTC (rev 2365)
+++ trunk/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java 2010-07-21 22:27:10 UTC (rev 2366)
@@ -24,10 +24,12 @@
import java.io.IOException;
import java.security.Principal;
+import java.security.acl.Group;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
+import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@@ -56,7 +58,12 @@
private String userName;
private String securitydomain;
private Object credentials;
+ private SecurityHelper securityHelper;
+ public TeiidLoginContext(SecurityHelper helper) {
+ this.securityHelper = helper;
+ }
+
public void authenticateUser(String username, final Credentials credential, String applicationName, List<String> domains) throws LoginException {
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] {"authenticateUser", username, applicationName}); //$NON-NLS-1$
@@ -67,6 +74,14 @@
// If username specifies no domain, then all domains are tried in order.
for (String domain:getDomainsForUser(domains, username)) {
+ Subject existing = this.securityHelper.getSubjectInContext(domain);
+ if (existing != null) {
+ this.userName = getUserName(existing)+AT+domain;
+ this.securitydomain = domain;
+ this.loginContext = new LoginContext(domain, existing);
+ return;
+ }
+
try {
CallbackHandler handler = new CallbackHandler() {
@Override
@@ -104,7 +119,18 @@
throw new LoginException(RuntimePlugin.Util.getString("SessionServiceImpl.The_username_0_and/or_password_are_incorrect", username )); //$NON-NLS-1$
}
- protected LoginContext createLoginContext(String domain, CallbackHandler handler) throws LoginException {
+ private String getUserName(Subject subject) {
+ Set<Principal> principals = subject.getPrincipals();
+ for (Principal p:principals) {
+ if (p instanceof Group) {
+ continue;
+ }
+ return p.getName();
+ }
+ return null;
+ }
+
+ protected LoginContext createLoginContext(String domain, CallbackHandler handler) throws LoginException {
return new LoginContext(domain, handler);
}
@@ -120,10 +146,10 @@
return this.securitydomain;
}
- public Object getSecurityContext(SecurityHelper helper) {
+ public Object getSecurityContext() {
Object sc = null;
if (this.loginContext != null) {
- sc = helper.getSecurityContext(this.securitydomain);
+ sc = this.securityHelper.getSecurityContext(this.securitydomain);
if ( sc == null){
Subject subject = this.loginContext.getSubject();
Principal principal = null;
@@ -133,7 +159,7 @@
break;
}
}
- return helper.createSecurityContext(this.securitydomain, principal, credentials, subject);
+ return this.securityHelper.createSecurityContext(this.securitydomain, principal, credentials, subject);
}
}
return sc;
Modified: trunk/runtime/src/test/java/org/teiid/services/TestMembershipServiceImpl.java
===================================================================
--- trunk/runtime/src/test/java/org/teiid/services/TestMembershipServiceImpl.java 2010-07-21 19:15:52 UTC (rev 2365)
+++ trunk/runtime/src/test/java/org/teiid/services/TestMembershipServiceImpl.java 2010-07-21 22:27:10 UTC (rev 2366)
@@ -51,7 +51,7 @@
}
private TeiidLoginContext createMembershipService() throws Exception {
- TeiidLoginContext membershipService = new TeiidLoginContext() {
+ TeiidLoginContext membershipService = new TeiidLoginContext(null) {
public LoginContext createLoginContext(String domain, CallbackHandler handler) throws LoginException {
LoginContext context = Mockito.mock(LoginContext.class);
return context;
Modified: trunk/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java
===================================================================
--- trunk/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java 2010-07-21 19:15:52 UTC (rev 2365)
+++ trunk/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java 2010-07-21 22:27:10 UTC (rev 2366)
@@ -15,6 +15,7 @@
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.client.security.InvalidSessionException;
import org.teiid.security.Credentials;
+import org.teiid.security.SecurityHelper;
import org.teiid.services.TeiidLoginContext;
import org.teiid.services.SessionServiceImpl;
@@ -30,7 +31,7 @@
SessionServiceImpl ssi = new SessionServiceImpl() {
@Override
- protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, List<String> domains)
+ protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, List<String> domains, SecurityHelper helper)
throws LoginException {
impl.authenticateUser(userName, credentials, applicationName, domains);
return impl;
More information about the teiid-commits
mailing list