[teiid-commits] teiid SVN: r2313 - in trunk: client/src/main/java/org/teiid/jdbc and 8 other directories.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Mon Jun 28 12:55:38 EDT 2010
Author: shawkins
Date: 2010-06-28 12:55:37 -0400 (Mon, 28 Jun 2010)
New Revision: 2313
Added:
trunk/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml
trunk/documentation/reference/src/main/docbook/en-US/content/entitlements.xml
Modified:
trunk/build/kits/jboss-container/teiid-releasenotes.html
trunk/client/src/main/java/org/teiid/jdbc/TeiidStatement.java
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/JDBCExecutionFactory.java
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/mysql/MySQLExecutionFactory.java
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/oracle/OracleExecutionFactory.java
trunk/connectors/translator-salesforce/src/main/java/org/teiid/translator/salesforce/execution/QueryExecutionImpl.java
trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
trunk/documentation/client-developers-guide/
trunk/documentation/reference/src/main/docbook/en-US/Reference.xml
trunk/documentation/reference/src/main/docbook/en-US/content/system_schema.xml
trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml
Log:
forward merge from 7.0
Modified: trunk/build/kits/jboss-container/teiid-releasenotes.html
===================================================================
--- trunk/build/kits/jboss-container/teiid-releasenotes.html 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/build/kits/jboss-container/teiid-releasenotes.html 2010-06-28 16:55:37 UTC (rev 2313)
@@ -95,8 +95,30 @@
<ul>
<li>Start time is now significantly longer due to the container deployment. However many operations can be performed on configruation files that will trigger a redeployment without the need for a restart.
<li>Parallel execution of source queries within a query plan has been temporarily disabled.
+ <li>Inversion of parse, format, and convert system functions is not used if it can be narrowing. In situations where a predicate has the form: parseTime(column, 'format') = {t 'time value'} may lead to reduced performance, since
+ the parseTime function cannot be pushed down. This should be addressed in future releases.
</ul>
+<h4>Salesforce as Source</h4>
+Before Salesforce is used in your data integration project, the below issues need to be resolved.
+<ul>
+ <li>Manually copy the following libraries from the JBOSS_HOME/client directory to the JBOSS_HOME/lib/endorsed directory, so that the JAX-WS 2.0 apis supported by JBossWS are used:
+ <ul>
+ <li>jbossws-native-saaj.jar</li>
+ <li>jbossws-native-jaxrpc.jar</li>
+ <li>jbossws-native-jaxws.jar</li>
+ <li>jbossws-native-jaxws-ext.jar</li>
+ </ul>
+ </li>
+ <li>There is issue with invoking "https" based URL with out specifying the either a keystore or truststore properties with JBoss remoting 2.5.1. Generally you do not need to specify the truststore as a anonymous truststore will be negotiated, however if you fail to supply the following system properties there will be a error message in the log (query will execute even with out the properties). Add these to JBOSS_INSTALL/bin/run.conf file under JAVA_OPTS
+ <ul>
+ <li>-Djava.net.ssl.keyStore=<path-to-truststore></li>
+ <li>-Djava.net.ssl.keyStoreType=<certificate-type></li>
+ <li>-Djava.net.ssl.keyStorePassword=<password></li>
+ </ul>
+ </li>
+</ul>
+
<h2><a name="LibraryUpdates">Thirdparty Library Updates</a></h2>
The following components have been updated:
Modified: trunk/client/src/main/java/org/teiid/jdbc/TeiidStatement.java
===================================================================
--- trunk/client/src/main/java/org/teiid/jdbc/TeiidStatement.java 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/client/src/main/java/org/teiid/jdbc/TeiidStatement.java 2010-06-28 16:55:37 UTC (rev 2313)
@@ -64,7 +64,7 @@
/**
* Obtain the query planner debug log from the last command
* executed on this Statement, if it was requested with
- * OPTION DEBUG. If no debug output was requested, this
+ * SHOWPLAN DEBUG. If no debug output was requested, this
* method will return null.
* @return Debug log or null if no log exists
*/
Modified: trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/JDBCExecutionFactory.java
===================================================================
--- trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/JDBCExecutionFactory.java 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/JDBCExecutionFactory.java 2010-06-28 16:55:37 UTC (rev 2313)
@@ -40,6 +40,7 @@
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
+import java.util.concurrent.atomic.AtomicBoolean;
import javax.sql.DataSource;
@@ -139,7 +140,7 @@
private boolean useCommentsInSourceQuery;
private String version;
- boolean initialConnection = true;
+ private AtomicBoolean initialConnection = new AtomicBoolean(true);
public JDBCExecutionFactory() {
setSupportsFullOuterJoins(true);
@@ -216,7 +217,7 @@
public ResultSetExecution createResultSetExecution(QueryExpression command, ExecutionContext executionContext, RuntimeMetadata metadata, Connection conn)
throws TranslatorException {
//TODO: This is not correct; this should be only called once for connection creation
- afterConnectionCreation(conn);
+ obtainedConnection(conn);
return new JDBCQueryExecution(command, conn, executionContext, this);
}
@@ -224,7 +225,7 @@
public ProcedureExecution createProcedureExecution(Call command, ExecutionContext executionContext, RuntimeMetadata metadata, Connection conn)
throws TranslatorException {
//TODO: This is not correct; this should be only called once for connection creation
- afterConnectionCreation(conn);
+ obtainedConnection(conn);
return new JDBCProcedureExecution(command, conn, executionContext, this);
}
@@ -232,7 +233,7 @@
public UpdateExecution createUpdateExecution(Command command, ExecutionContext executionContext, RuntimeMetadata metadata, Connection conn)
throws TranslatorException {
//TODO: This is not correct; this should be only called once for connection creation
- afterConnectionCreation(conn);
+ obtainedConnection(conn);
return new JDBCUpdateExecution(command, conn, executionContext, this);
}
@@ -989,12 +990,12 @@
* Called exactly once for this source.
* @param connection
*/
- protected void afterInitialConnectionCreation(Connection connection) {
+ protected void afterInitialConnectionObtained(Connection connection) {
// now dig some details about this driver/database for log.
try {
- StringBuffer sb = new StringBuffer();
+ StringBuffer sb = new StringBuffer(getClass().getSimpleName());
DatabaseMetaData dbmd = connection.getMetaData();
- sb.append("Commit=").append(connection.getAutoCommit()); //$NON-NLS-1$
+ sb.append(" Commit=").append(connection.getAutoCommit()); //$NON-NLS-1$
sb.append(";DatabaseProductName=").append(dbmd.getDatabaseProductName()); //$NON-NLS-1$
sb.append(";DatabaseProductVersion=").append(dbmd.getDatabaseProductVersion()); //$NON-NLS-1$
sb.append(";DriverMajorVersion=").append(dbmd.getDriverMajorVersion()); //$NON-NLS-1$
@@ -1012,19 +1013,13 @@
/**
* Provides a hook to call source specific logic when
- * a connection is created.
+ * a connection is obtained.
*
* defect request 13979 & 13978
*/
- public void afterConnectionCreation(Connection connection) {
- if (initialConnection) {
- synchronized (this) {
- if (!initialConnection) {
- return;
- }
- initialConnection = false;
- afterInitialConnectionCreation(connection);
- }
+ public void obtainedConnection(Connection connection) {
+ if (initialConnection.compareAndSet(true, false)) {
+ afterInitialConnectionObtained(connection);
}
}
Modified: trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/mysql/MySQLExecutionFactory.java
===================================================================
--- trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/mysql/MySQLExecutionFactory.java 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/mysql/MySQLExecutionFactory.java 2010-06-28 16:55:37 UTC (rev 2313)
@@ -22,10 +22,7 @@
package org.teiid.translator.jdbc.mysql;
-import java.sql.Connection;
import java.sql.Date;
-import java.sql.SQLException;
-import java.sql.Statement;
import java.sql.Time;
import java.sql.Timestamp;
import java.util.ArrayList;
@@ -33,11 +30,9 @@
import java.util.List;
import org.teiid.language.Function;
-import org.teiid.logging.LogConstants;
-import org.teiid.logging.LogManager;
+import org.teiid.translator.SourceSystemFunctions;
import org.teiid.translator.Translator;
import org.teiid.translator.TranslatorException;
-import org.teiid.translator.SourceSystemFunctions;
import org.teiid.translator.TypeFacility;
import org.teiid.translator.jdbc.ConvertModifier;
import org.teiid.translator.jdbc.FunctionModifier;
@@ -130,26 +125,6 @@
}
@Override
- public void afterConnectionCreation(Connection connection) {
- super.afterConnectionCreation(connection);
-
- Statement stmt = null;
- try {
- stmt = connection.createStatement();
- stmt.execute("set SESSION sql_mode = 'ANSI'"); //$NON-NLS-1$
- } catch (SQLException e) {
- LogManager.logError(LogConstants.CTX_CONNECTOR, e, "Error setting ANSI mode"); //$NON-NLS-1$
- } finally {
- if (stmt != null) {
- try {
- stmt.close();
- } catch (SQLException e) {
- LogManager.logDetail("Error closing statement", e); //$NON-NLS-1$
- }
- }
- }
- }
- @Override
public boolean useParensForJoins() {
return true;
}
Modified: trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/oracle/OracleExecutionFactory.java
===================================================================
--- trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/oracle/OracleExecutionFactory.java 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/oracle/OracleExecutionFactory.java 2010-06-28 16:55:37 UTC (rev 2313)
@@ -24,11 +24,8 @@
*/
package org.teiid.translator.jdbc.oracle;
-import java.sql.Connection;
import java.sql.PreparedStatement;
-import java.sql.ResultSet;
import java.sql.SQLException;
-import java.sql.Statement;
import java.sql.Timestamp;
import java.sql.Types;
import java.util.ArrayList;
@@ -51,8 +48,6 @@
import org.teiid.language.SQLConstants.Tokens;
import org.teiid.language.SetQuery.Operation;
import org.teiid.language.visitor.CollectorVisitor;
-import org.teiid.logging.LogConstants;
-import org.teiid.logging.LogManager;
import org.teiid.metadata.Column;
import org.teiid.translator.ExecutionContext;
import org.teiid.translator.SourceSystemFunctions;
@@ -64,7 +59,6 @@
import org.teiid.translator.jdbc.ExtractFunctionModifier;
import org.teiid.translator.jdbc.FunctionModifier;
import org.teiid.translator.jdbc.JDBCExecutionFactory;
-import org.teiid.translator.jdbc.JDBCPlugin;
import org.teiid.translator.jdbc.LocateFunctionModifier;
@@ -395,41 +389,6 @@
}
@Override
- public void afterInitialConnectionCreation(Connection connection) {
- String errorStr = JDBCPlugin.Util.getString("ConnectionListener.failed_to_report_oracle_connection_details"); //$NON-NLS-1$
- ResultSet rs = null;
- Statement stmt = null;
- try {
- stmt = connection.createStatement();
- rs = stmt.executeQuery("select * from v$instance"); //$NON-NLS-1$
-
- int columnCount = rs.getMetaData().getColumnCount();
- while (rs.next()) {
- StringBuffer sb = new StringBuffer();
- for (int i = 1; i <= columnCount; i++) {
- sb.append(rs.getMetaData().getColumnName(i)).append("=").append(rs.getString(i)).append(";"); //$NON-NLS-1$ //$NON-NLS-2$
- }
- // log the queried information
- LogManager.logInfo(LogConstants.CTX_CONNECTOR, sb.toString());
- }
-
- } catch (SQLException e) {
- LogManager.logInfo(LogConstants.CTX_CONNECTOR, errorStr);
- }finally {
- try {
- if (rs != null) {
- rs.close();
- }
- if (stmt != null) {
- stmt.close();
- }
- } catch (SQLException e1) {
- LogManager.logInfo(LogConstants.CTX_CONNECTOR, errorStr);
- }
- }
- }
-
- @Override
public NullOrder getDefaultNullOrder() {
return NullOrder.HIGH;
}
Modified: trunk/connectors/translator-salesforce/src/main/java/org/teiid/translator/salesforce/execution/QueryExecutionImpl.java
===================================================================
--- trunk/connectors/translator-salesforce/src/main/java/org/teiid/translator/salesforce/execution/QueryExecutionImpl.java 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/connectors/translator-salesforce/src/main/java/org/teiid/translator/salesforce/execution/QueryExecutionImpl.java 2010-06-28 16:55:37 UTC (rev 2313)
@@ -114,14 +114,14 @@
@Override
public void execute() throws TranslatorException {
try {
- LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble() + "Incoming Query: " + query.toString()); //$NON-NLS-1$
+ LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble(), "Incoming Query:", query); //$NON-NLS-1$
List<TableReference> from = ((Select)query).getFrom();
String finalQuery;
if(from.get(0) instanceof Join) {
visitor = new JoinQueryVisitor(metadata);
visitor.visitNode(query);
finalQuery = visitor.getQuery().trim();
- LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble() + "Executing Query: " + finalQuery); //$NON-NLS-1$
+ LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble(), "Executing Query:", finalQuery); //$NON-NLS-1$
results = connection.query(finalQuery, this.context.getBatchSize(), visitor.getQueryAll());
} else {
@@ -132,7 +132,7 @@
visitor.getTableName(), visitor.getIdInCriteria());
} else {
finalQuery = visitor.getQuery().trim();
- LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble() + "Executing Query: " + finalQuery); //$NON-NLS-1$
+ LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble(), "Executing Query:", finalQuery); //$NON-NLS-1$
results = connection.query(finalQuery, this.context.getBatchSize(), visitor.getQueryAll());
}
}
@@ -147,6 +147,9 @@
List<?> result;
if (query.getProjectedQuery().getDerivedColumns().get(0)
.getExpression() instanceof AggregateFunction) {
+ if (results == null) {
+ return null;
+ }
result = Arrays.asList(results.getSize());
results = null;
Copied: trunk/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml (from rev 2311, branches/7.0.x/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml)
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml (rev 0)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml 2010-06-28 16:55:37 UTC (rev 2313)
@@ -0,0 +1,28 @@
+<!--
+TODO: incorporate a performance chapter.
+
+The information about document materialization belongs in the reference though. And is not completely correct
+w.r.t. the use of document projection.
+
+ <para>Your application can use a statement object to execute queries that return XML documents.
+ The query must specify a valid document in VDB, or should have used SQL XML functions
+ to create a XMl document.</para>
+ <sect3>
+ <title>XML Streaming</title>
+ <para>XML documents are streamed from Teiid Server to the Teiid JDBC API.
+ Normally, the document never materializes in the server memory, avoiding potential
+ out-of-memory issues and improving the first response time for large documents.
+ When using style sheets, or XQuery, the whole document
+ must be materialized on the server. Therefore memory issues may occur for large documents.
+ A result document can be obtained from the JDBC resultset using <code>getSQLXML</code> method.
+ </para>
+ <para>The document is broken into pieces when being created and streamed.
+ The maximum size of each piece in the stream can be configured with the
+ <code>"lobChunkSizeInKB"</code> system property on the Server. The default value is 100 KB.
+ At any given time, this is the maximum amount of memory that can be held by a particular
+ XML query against the system. In heavily loaded or memory-constrained scenarios,
+ this value can decrease the amount of memory used. As a side effect, streaming will occur in smaller pieces, reducing initial document response time while
+ increasing full response time (as this is less efficient).</para>
+ </sect3>
+
+ -->
\ No newline at end of file
Modified: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2010-06-28 16:55:37 UTC (rev 2313)
@@ -3,7 +3,7 @@
<chapter id="custom_security">
<title>Teiid Security</title>
<para>The Teiid system provides a range of built-in and extensible security features to enable the
- secure access of data. </para>
+ secure access of data.</para>
<sect1>
<title>Authentication</title>
<para>JDBC clients may use simple passwords to authenticate a user.</para>
@@ -11,6 +11,13 @@
identity of the user can be discerned by the password credential alone. In
any case it is up to the configured security domain to determine whether a user can be
authenticated.</para>
+
+ <note><para>By default, access to Teiid is NOT secure. The default login modules are only
+ backed by file based authentication, which has a well known user
+ name and password.
+ The same is true for making connections to the Admin Console application.
+ We DO NOT recommend leaving the default security profile as defined when you
+ are exposing sensitive data.</para></note>
</sect1>
<sect1>
<title>Authorization</title>
@@ -59,6 +66,14 @@
Details of the failed attempt including invalid users, which
domains were consulted, etc. will be in the server log with appropriate
levels of severity.</para>
+ <note>
+ <para>The security-domain defined for the JDBC connection and Admin connections are separate.
+ The default name of JDBC connection's security-domain is "teiid-security". The default name for Admin connection
+ is "jmx-console". For the Admin connection's security domain, the user is allowed
+ to change which LoginModule that "jmx-console" pointing to, however should not change the name of the domain, as this name is
+ shared between the "admin-console" application.</para>
+ </note>
+
<sect2>
<title>Built-in LoginModules</title>
<para>JBossAS provides several LoginModules for common authentication needs, such as authenticating from text files or LDAP.</para>
@@ -71,12 +86,52 @@
If you want use a your own Custom Login module, check out the Developer's Guide for instructions.
</para>
</sect2>
+
</sect1>
- <note>
- <para>The security-domain defined for the JDBC connection and Admin connections are separate.
- The default name of JDBC connection's security-domain is "teiid-security". The default name for Admin connection
- is "jmx-console". For the Admin connection's security domain, the user is allowed
- to change which LoginModule that "jmx-console" pointing to, however should not change the name of the domain, as this name is
- shared between the "admin-console" application.</para>
- </note>
+
+ <sect1 id="connfigure_server">
+ <title>Configuring SSL</title>
+ <para>The Teiid's configuration file
+ <code><jboss-install>/server/<profile>/deploy/teiid/teiid-jboss-beans.xml</code>,
+ contains the properties to configure SSL.</para>
+ <itemizedlist>
+ <para>There are two separate connection profiles:</para>
+ <listitem><para>JDBC Connection - The <code>JdbcSslConfiguration</code> bean configuration defines this.</para></listitem>
+ <listitem><para>Admin Connection - The <code>AdminSslConfiguration</code> bean configuration defines this.</para></listitem>
+ </itemizedlist>
+ <example><title>Example Configuration</title>
+ <programlisting><![CDATA[<bean name="JdbcSslConfiguration" class="org.teiid.transport.SSLConfiguration">
+ <property name="sslEnabled">false</property>
+ <property name="keystoreFilename">cert.keystore</property>
+ <property name="keystorePassword">passwd</property>
+ <property name="keystoreType">JKS</property>
+ <property name="sslProtocol">SSLv3</property>
+ <property name="keymanagementAlgorithm">false</property>
+ <property name="truststoreFilename">cert.truststore</property>
+ <property name="truststorePassword">passwd</property>
+ <!-- 1-way, 2-way, anonymous -->
+ <property name="authenticationMode">1-way</property>
+ <property name="clientEncryptionEnabled">true</property>
+</bean>]]></programlisting>
+</example>
+ <orderedlist>
+ <title>Properties</title>
+ <listitem><para>sslEnabled - true|false, SSL usage either turned ON or OFF </para></listitem>
+ <listitem><para>sslProtocol- Type of SSL protocol to be used. Default is SSLv3</para></listitem>
+ <listitem><para>keystoreType - Keystore type created by the keytool. Default "JKS" is used.</para></listitem>
+ <listitem><para>authenticationMode - anonymous|1-way|2-way, Type of SSL mode, see
+ above about different <link linkend="ssl_modes">SSL modes</link> available.</para></listitem>
+ <listitem><para>keymanagementAlgorithm - Type of key algorithm used. Default
+ is based upon the VM, e.g. "SunX509"</para></listitem>
+ <listitem><para>keystoreFilename - The file name of the keystore, which contains the
+ private key of the Server. This must be available in the classpath of Teiid Server</para></listitem>
+ <listitem><para>keystorePassword - password for the keystore.</para></listitem>
+ <listitem><para>truststoreFilename - if "authenticationMode" is chosen
+ as "2-way", then this property must be provided. This is the truststore that contains the
+ public key for the client. Depending upon how you created the keystore and truststores,
+ this may be same file as defined under "keystoreFilename" property.</para></listitem>
+ <listitem><para>truststorePassword - password for the truststore. </para></listitem>
+ </orderedlist>
+
+ </sect1>
</chapter>
\ No newline at end of file
Property changes on: trunk/documentation/client-developers-guide
___________________________________________________________________
Name: svn:ignore
- target
.project
.settings
.classpath
+ target
.project
.settings
.classpath
Legal_Notice.html
Modified: trunk/documentation/reference/src/main/docbook/en-US/Reference.xml
===================================================================
--- trunk/documentation/reference/src/main/docbook/en-US/Reference.xml 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/documentation/reference/src/main/docbook/en-US/Reference.xml 2010-06-28 16:55:37 UTC (rev 2313)
@@ -53,6 +53,7 @@
<xi:include href="content/scalar_functions.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/procedures.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/transaction_support.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="content/entitlements.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/system_schema.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/translators.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/federated_planning.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
Copied: trunk/documentation/reference/src/main/docbook/en-US/content/entitlements.xml (from rev 2311, branches/7.0.x/documentation/reference/src/main/docbook/en-US/content/entitlements.xml)
===================================================================
--- trunk/documentation/reference/src/main/docbook/en-US/content/entitlements.xml (rev 0)
+++ trunk/documentation/reference/src/main/docbook/en-US/content/entitlements.xml 2010-06-28 16:55:37 UTC (rev 2313)
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % CustomDTD SYSTEM "../../../../../../docbook/custom.dtd">
+%CustomDTD;
+]>
+<chapter id="entitlements">
+ <title>Data Roles</title>
+ <para>Data roles, also called entitlements, are sets of permissions that are defined
+ per VDB that dictate data access (create, read, update, delete). The use of data roles is controlled system wide with the property in
+ <code><jboss-install>/server/<profile>/deploy/teiid/teiid-jboss-beans.xml</code> file
+ in bean configuration section of <code>RuntimeEngineDeployer</code> with property <code>useEntitlements</code>.</para>
+
+ <para>Once data roles are enabled, the access permissions defined in a VDB will be enforced by the Teiid Server.</para>
+
+ <sect1>
+ <title>Permissions</title>
+ <orderedlist>
+ <para>To process a <code>SELECT</code> statement or a stored procedure execution, the user account requires the following access rights:</para>
+ <listitem> <para><code>READ</code> - on the Table(s) being accessed or the procedure being called.</para></listitem>
+ <listitem> <para><code>READ</code> - on every column referenced.</para></listitem>
+ </orderedlist>
+
+ <orderedlist>
+ <para>To process an <code>INSERT</code> statement, the user account requires the following access rights:</para>
+ <listitem> <para><code>CREATE</code> - on the Table being inserted into.</para></listitem>
+ <listitem> <para><code>CREATE</code> - on every column being inserted on that Table.</para></listitem>
+ </orderedlist>
+
+ <orderedlist>
+ <para>To process an <code>UPDATE</code> statement, the user account requires the following access rights:</para>
+ <listitem> <para><code>UPDATE</code> - on the Table being updated.</para></listitem>
+ <listitem> <para><code>UPDATE</code> - on every column being updated on that Table.</para></listitem>
+ <listitem> <para><code>READ</code> - on every column referenced in the criteria.</para></listitem>
+ </orderedlist>
+
+ <orderedlist>
+ <para>To process a <code>DELETE</code> statement, the user account requires the following access rights:</para>
+ <listitem> <para><code>DELETE</code> - on the Table being deleted.</para></listitem>
+ <listitem> <para><code>READ</code> - on every column referenced in the criteria.</para></listitem>
+ </orderedlist>
+ </sect1>
+
+ <sect1>
+ <title>XML Definition</title>
+ <para>Data roles are defined inside the <code>vdb.xml</code> file (inside the .vdb Zip archive under META-INF/vdb.xml) if you used Designer.
+ This example will show a sample "vdb.xml" file with few simple data rules.</para>
+
+ <para>For example, if a VDB defines a table "TableA" in schema "modelName" with columns (column1, column2) - note that the column types do not matter. And we wish to define three roles "RoleA", "RoleB", "RoleC" with following permissions:
+ <orderedlist>
+ <listitem><para>RoleA has privileges to read, write access to TableA, but can not delete.</para></listitem>
+ <listitem><para>RoleB has no privileges that allow access to TableA</para></listitem>
+ <listitem><para>RoleC has privileges that only allow read access to TableA.column1</para></listitem>
+ </orderedlist>
+ </para>
+ <example><title>vdb.xml defining RoleA, RoleB, and RoleC</title>
+ <programlisting><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
+<vdb name="sample" version="1">
+
+ <model name="modelName">
+ <source name="source-name" translator-name="oracle" connection-jndi-name="java:myDS" />
+ </model>
+
+ <data-policy name="RoleA">
+ <description>Allow all, except Delete</description>
+
+ <permission>
+ <resource-name>modelName.TableA</resource-name>
+ <allow-create />
+ <allow-read />
+ <allow-update />
+ </permission>
+
+ <permission>
+ <resource-name>modelName.TableA.colum1</resource-name>
+ <allow-create />
+ <allow-read />
+ <allow-update />
+ </permission>
+
+ <permission>
+ <resource-name>modelName.TableA.column2</resource-name>
+ <allow-create />
+ <allow-read />
+ <allow-update />
+ </permission>
+
+ <mapped-role-name>role1</mapped-role-name>
+
+ </data-policy>
+
+ <data-policy name="RoleC">
+ <description>Allow read only</description>
+
+ <permission>
+ <resource-name>modelName.TableA</resource-name>
+ <allow-read />
+ </permission>
+
+ <permission>
+ <resource-name>modelName.TableA.colum1</resource-name>
+ <allow-read />
+ </permission>
+
+ <mapped-role-name>role2</mapped-role-name>
+ </data-policy>
+</vdb>]]></programlisting>
+</example>
+ <para>The above XML defined two data roles, "RoleA" which allows everything except delete on the table, "RoleC" that
+ allows only read operation on the table. Since Teiid uses deny by default, there is no explict data-policy entry needed for "RoleB". The "mapped-role-name" defines the "role" to whom these policies are applicable. Each data-policy
+ must define a "role" to be enforced by the Teiid Server.</para>
+
+ <para>For assigning the roles to your users, in the JBoss AS,
+ check out the instructions for the selected Login Module. Check "Admin Guide" for configuring Login Modules.</para>
+
+ <para>"vdb.xml" file is checked against the schema file <code>vdb-deployer.xsd</code>, check the documents sections of the Teiid kit
+ to find a copy of the schema file.</para>
+
+ <note><para>Currently there is no GUI tooling support in the Designer or any other management tool to create this data roles
+ permissions xml, however this is in our roadmap for future releases to provide.</para></note>
+ </sect1>
+
+</chapter>
\ No newline at end of file
Modified: trunk/documentation/reference/src/main/docbook/en-US/content/system_schema.xml
===================================================================
--- trunk/documentation/reference/src/main/docbook/en-US/content/system_schema.xml 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/documentation/reference/src/main/docbook/en-US/content/system_schema.xml 2010-06-28 16:55:37 UTC (rev 2313)
@@ -1518,7 +1518,7 @@
<para>getCharacterVDBResource</para>
</entry>
<entry>
- <para>(string resourcePath)/para>
+ <para>(string resourcePath)</para>
</entry>
<entry>
<para>A single column containing the resource as a clob.</para>
@@ -1551,7 +1551,7 @@
<para>getXMLSchemas</para>
</entry>
<entry>
- <para>string document</para>
+ <para>(string document)</para>
</entry>
<entry>
<para>A single column containing the schemas as clobs.</para>
Modified: trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml
===================================================================
--- trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml 2010-06-28 16:47:59 UTC (rev 2312)
+++ trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml 2010-06-28 16:55:37 UTC (rev 2313)
@@ -137,12 +137,9 @@
<para><emphasis>metamatrix</emphasis> - for use with MetaMatrix 5.5.0 or later.</para>
</listitem>
<listitem>
-<para><emphasis>mysql</emphasis> - for use with MySQL version 4.x.</para>
+<para><emphasis>mysql</emphasis>/<emphasis>mysql5</emphasis> - for use with MySQL version 4.x and 5 or later respectively. <note>The MySQL Translators expect the database or session to be using ANSI mode. If the database is not using ANSI mode, an initialization query should be used on the pool to set ANSI mode: <programlisting>set SESSION sql_mode = 'ANSI'</programlisting></note></para>
</listitem>
<listitem>
-<para><emphasis>mysql5</emphasis> - for use with MySQL version 5 or later.</para>
-</listitem>
-<listitem>
<para><emphasis>oracle</emphasis> - for use with Oracle 9i or later. Sequences may be used with the Oracle translator.
A sequence may be modeled as a table with a name in source of DUAL and columns with the name in source set to <sequencesequence name>.[nextval|currentval].
You can use a sequence as the default value for insert columns by setting the column to autoincrement and the name in source to <element name>:SEQUENCE=<sequence name>.<sequence value>.</para>
More information about the teiid-commits
mailing list