[teiid-commits] teiid SVN: r2615 - in branches/7.1.x: jboss-integration/src/main/java/org/teiid/jboss and 1 other directory.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Mon Sep 27 16:03:54 EDT 2010
Author: rareddy
Date: 2010-09-27 16:03:53 -0400 (Mon, 27 Sep 2010)
New Revision: 2615
Added:
branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/ResourceActions.java
branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/RoleBasedCredentialMapIdentityLoginModule.java
branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/Util.java
Modified:
branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java
Log:
TEIID-1265: Adding a login modue that uses role based credential map to Teiid. Also adding documentation on how to use credential maps and trusted tokens with Teiid/JBoss AS in admin guide.
Modified: branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
===================================================================
--- branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2010-09-27 19:08:58 UTC (rev 2614)
+++ branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2010-09-27 20:03:53 UTC (rev 2615)
@@ -79,13 +79,13 @@
Details of the failed attempt including invalid users, which
domains were consulted, etc. will be in the server log with appropriate
levels of severity.</para>
- <note>
- <para>The security-domain defined for the JDBC connection and Admin connections are separate.
- The default name of JDBC connection's security-domain is "teiid-security". The default name for Admin connection
- is "jmx-console". For the Admin connection's security domain, the user is allowed
- to change which LoginModule that "jmx-console" pointing to, however should not change the name of the domain, as this name is
- shared between the "admin-console" application.</para>
- </note>
+ <note>
+ <para>The security-domain defined for the JDBC connection and Admin connections are separate.
+ The default name of JDBC connection's security-domain is "teiid-security". The default name for Admin connection
+ is "jmx-console". For the Admin connection's security domain, the user is allowed
+ to change which LoginModule that "jmx-console" pointing to, however should not change the name of the domain, as this name is
+ shared between the "admin-console" application.</para>
+ </note>
<section>
<title>Built-in LoginModules</title>
@@ -93,14 +93,139 @@
<para>The UsersRolesLoginModule, which utilizes simple text files
to authenticate users and to define
their groups. The teiid-jboss-beans.xml configuration file contains an example of how to use UsersRolesLoginModule.
- Note that this is typically not for production use.
+ Note that this is typically not for production use and is strongly recommended that you replace this login module. Please
+ also note that, you can install multiple login modules as part of single security domain configuration and configure them
+ to part of login process. For example, for "teiid-security" domain, you can configure a file based and also LDAP based login modules,
+ and have your user authenticated with either both or single login module.
</para>
<para>See <ulink url="http://community.jboss.org/docs/DOC-11253">LDAP LoginModule configuration</ulink> for utilizing LDAP based authentication.
- If you want use a your own Custom Login module, check out the Developer's Guide for instructions.
+ If you want write your own Custom Login module, check out the Developer's Guide for instructions.
</para>
</section>
- </section>
+ <section>
+ <title>Security at Data Source level</title>
+ <para>In some use cases, user might need to pass-in different credentials to their data sources based on the logged in user
+ than using the shared credentials for all the logged users. To support this feature, JBoss AS and Teiid provide multiple different
+ login modules to be used in conjunction with Teiid's main security domain. See this
+ <ulink url="http://community.jboss.org/docs/DOC-9350">document</ulink> for details on configuration. Note that the below
+ directions need to be used in conjunction with this document.</para>
+
+ <section>
+ <title>CallerIdentity and Trusted Payload</title>
+ <para>If client wants to pass in simple text password or a certificate or a custom serialized object
+ as token credential to the data source, user can configure "CallerIdentity" login module.
+ Using this login module, user can pass-in same credential that user logged into Teiid security domain to the
+ data source. Here is a sample configuration, this needs to be configured in "teiid-jboss-beans.xml" file.
+ </para>
+
+ <programlisting><![CDATA[
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="teiid-security">
+ <authentication>
+
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
+ <module-option name = "password-stacking">useFirstPass</module-option>
+ <module-option name="usersProperties">props/teiid-security-users.properties</module-option>
+ <module-option name="rolesProperties">props/teiid-security-roles.properties</module-option>
+ </login-module>
+
+ <login-module code="org.jboss.resource.security.CallerIdentityLoginModule" flag="required">
+ <module-option name = "password-stacking">useFirstPass</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+
+ </authentication>
+ </application-policy>
+ ]]></programlisting>
+
+ <para>In the -ds.xml file that is defined as the "managedConnectionFactoryName" in the above configuration,
+ you need to add the following element</para>
+
+ <programlisting><![CDATA[
+ <security-domain>teiid-security</security-domain>
+ ]]></programlisting>
+
+ <para>In the above configuration example, in the primary login module "UsersRolesLoginModule" is setup to hold the
+ passwords in the file, and when user logs in with password, the same password will be also set on the logged in Subject after
+ authentication. This credentials can be extracted by the data source by asking for Subject's private credentials.</para>
+
+ <para>To use a certificate or serialized object instead of plain password as the token, simply replace the simple text password
+ with Base64 encoded contents of the serialized object. Please note that, encoding and decoding of this object
+ is strictly up to the user as JBoss AS and Teiid will only act like carrier of the information from
+ login module to connection factory. Using this CallerIdentity module, the connection pool for data source is segmented
+ by Subject.</para>
+ </section>
+ <section>
+ <title>Role Based Credential Map</title>
+ <para>In some use cases, the users are divided by their functionality and they have varied level of security access to
+ data sources. These types of users are identified by their roles as to what they have access to. In the above "CallerIdentity"
+ login scenario, that may be too fine-grained security at data sources, that can lead resource exhaustion as every user has
+ their own separate connection.
+ Using Role based security gives a balance, where the users with same role are treated equally
+ for authentication purposes at the data source. Teiid provides a login module called "RoleBasedCredentialMap"
+ for this purposes, where administrator can define a role based authentication module, where given the role of the user
+ from the primary login module, this module will hold credentail to that role. So, it is container of credentials that
+ map to different roles. If a user has multiple roles, the first role that has the credential will be chosen.
+ Below find the sample configuration.</para>
+
+ <programlisting><![CDATA[
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="teiid-security">
+ <authentication>
+
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
+ <module-option name = "password-stacking">useFirstPass</module-option>
+ <module-option name="usersProperties">props/teiid-security-users.properties</module-option>
+ <module-option name="rolesProperties">props/teiid-security-roles.properties</module-option>
+ </login-module>
+
+ <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" flag="required">
+ <module-option name = "password-stacking">useFirstPass</module-option>
+ <module-option name="credentialMap">props/teiid-credentialmap.properties</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+
+ </authentication>
+ </application-policy>
+ ]]></programlisting>
+ <para>In the -ds.xml file that is defined as the "managedConnectionFactoryName" in the above configuration,
+ you need to add the following element</para>
+
+ <programlisting><![CDATA[
+ <security-domain>teiid-security</security-domain>
+ ]]></programlisting>
+
+ <para>In the above configuration example, in the primary login module "UsersRolesLoginModule" is setup for logging in
+ the primary user and assign some roles. The "RoleBasedCredentialMap" login module is configured to hold
+ role to password information in the file defined by "credentialMap" property. When user logs in, the role information
+ from the primary login module is taken, and extracts the role's passsword and attaches as
+ a private credential to the Subject. If you want use this for role based trusted token, you can configure the Base64 based
+ endcoding/decoded object as defined above.</para>
+
+ <para>You can also encrypt the password instead of plain text password using this module. Just include the encrypted
+ password in the file defined by the "credentialMap" property, and define following properties in
+ the "RoleBasedCredentialMap" login module.</para>
+
+ <programlisting><![CDATA[
+ <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" flag="required">
+ <module-option name = "password-stacking">useFirstPass</module-option>
+ <module-option name="credentialMap">props/teiid-credentialmap.properties</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+
+ <!-- below properties are only required when passwords are encrypted -->
+ <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
+ <module-option name = "pbepass">testPBEIdentityLoginModule</module-option>
+ <module-option name = "salt">abcdefgh</module-option>
+ <module-option name = "iterationCount">19</module-option>
+ </login-module>
+ ]]></programlisting>
+
+ <para>For full details about encryption of the password, please follow this
+ <ulink url="http://community.jboss.org/docs/DOC-9703">document</ulink>'s
+ "A KeyStore based login module for encrypting a datasource password" section. Be sure to give the same configuration elements
+ in the above configuration, as they are used to encrypt the password.</para>
+ </section>
+ </section>
+ </section>
<section id="ssl_config">
<title>Configuring SSL</title>
@@ -134,7 +259,7 @@
enabled = traffic will be secured using the other configuration properties.</para></listitem>
<listitem><para>sslProtocol- Type of SSL protocol to be used. Default is TLSv1</para></listitem>
<listitem><para>keystoreType - Keystore type created by the keytool. Default "JKS" is used.</para></listitem>
- <listitem><para>authenticationMode - anonymous|1-way|2-way, Type of <link linkend="ssl_aut">SSL Authentication Mode</link>.</para></listitem>
+ <listitem><para>authenticationMode - anonymous|1-way|2-way, Type of <link linkend="ssl_auth">SSL Authentication Mode</link>.</para></listitem>
<listitem><para>keymanagementAlgorithm - Type of key algorithm used. Default
is based upon the VM, e.g. "SunX509"</para></listitem>
<listitem><para>keystoreFilename - The file name of the keystore, which contains the
Added: branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/ResourceActions.java
===================================================================
--- branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/ResourceActions.java (rev 0)
+++ branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/ResourceActions.java 2010-09-27 20:03:53 UTC (rev 2615)
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.teiid.jboss;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 26, 2007
+ * @version $Revision$
+ */
+class ResourceActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static URL findResource(final URLClassLoader cl, final String name)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
+ {
+ public URL run()
+ {
+ return cl.findResource(name);
+ }
+ });
+ }
+
+ static InputStream openStream(final URL url) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>()
+ {
+ public InputStream run() throws IOException
+ {
+ return url.openStream();
+ }
+ });
+ }
+}
\ No newline at end of file
Property changes on: branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/ResourceActions.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/RoleBasedCredentialMapIdentityLoginModule.java
===================================================================
--- branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/RoleBasedCredentialMapIdentityLoginModule.java (rev 0)
+++ branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/RoleBasedCredentialMapIdentityLoginModule.java 2010-09-27 20:03:53 UTC (rev 2615)
@@ -0,0 +1,228 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.teiid.jboss;
+
+
+import java.io.IOException;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import javax.resource.spi.security.PasswordCredential;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.logging.Logger;
+import org.jboss.resource.security.AbstractPasswordCredentialLoginModule;
+import org.jboss.security.Base64Utils;
+import org.jboss.security.SimplePrincipal;
+
+/**
+ * A credential mapping login module that associates currently logged in
+ * principle's role name to password mapping from a simple properties file. It
+ * is similar to name=password, only here this uses role=password. If user has
+ * more than single role that has passwords, then first role with non null
+ * password is chosen. This login module must be defined with Managed Connection
+ * Factory.
+ *
+ * Please note, you can not use this as the primary login module, this should be strictly used
+ * to get a role based password, that can be used as credential mapping at data source level. If you
+ * are working with a object as trusted token, then do not use the encryption, and provide base64 encoded
+ * string of the object as the password and decrypt it in your custom connection factory.
+ *
+ *<pre>{@code
+ * <application-policy name = "teiid-security">
+ * <authentication>
+ * <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
+ * <module-option name="usersProperties">props/teiid-security-users.properties</module-option>
+ * <module-option name="rolesProperties">props/teiid-security-roles.properties</module-option>
+ * <module-option name="password-stacking">useFirstPass</module-option>
+ * </login-module>
+ * <login-module code = "org.teiid.jboss.MapIdentityLoginModule" flag = "required">
+ * <module-option name="password-stacking">useFirstPass</module-option>
+ * <module-option name = "credentialMap">config/props/rolepasswords.properties</module-option>
+ * <module-option name = "encryptedPasswords">true</module-option>
+ *
+ * <!-- below properties are only required when passwords are encrypted -->
+ * <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
+ * <module-option name = "pbepass">testPBEIdentityLoginModule</module-option>
+ * <module-option name = "salt">abcdefgh</module-option>
+ * <module-option name = "iterationCount">19</module-option>
+ * <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }</pre>
+ *
+ * @see org.jboss.security.SimpleGroup
+ * @see org.jboss.security.SimplePrincipal
+ *
+ */
+public class RoleBasedCredentialMapIdentityLoginModule extends AbstractPasswordCredentialLoginModule {
+ private Properties credentialMap;
+ private String mappedRole = "mappedRole"; //$NON-NLS-1$
+ private static final Logger log = Logger.getLogger(RoleBasedCredentialMapIdentityLoginModule.class);
+
+ /** The Blowfish key material */
+ private char[] pbepass = "jaas is the way".toCharArray(); //$NON-NLS-1$
+ private String pbealgo = "PBEwithMD5andDES"; //$NON-NLS-1$
+ private byte[] salt = {1, 7, 2, 9, 3, 11, 4, 13};
+ private int iterationCount = 37;
+ private boolean encryptionInUse = false;
+
+ public RoleBasedCredentialMapIdentityLoginModule(){
+ }
+
+ public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) {
+ super.initialize(subject, handler, sharedState, options);
+
+ String file = (String) options.get("credentialMap"); //$NON-NLS-1$
+ if (file == null) {
+ throw new IllegalArgumentException("Must supply credentialMap file name!"); //$NON-NLS-1$
+ }
+
+ try {
+ credentialMap = Util.loadProperties(file, log);
+ } catch (IOException e) {
+ log.error("failed to load credentail map"); //$NON-NLS-1$
+ }
+
+ String tmp = (String) options.get("encryptedPasswords"); //$NON-NLS-1$
+ if (tmp != null && tmp.equalsIgnoreCase("true")) { //$NON-NLS-1$
+ this.encryptionInUse = true;
+
+ // Look for the cipher password and algo parameters
+ tmp = (String) options.get("pbepass"); //$NON-NLS-1$
+ if (tmp != null) {
+ try {
+ this.pbepass = org.jboss.security.Util.loadPassword(tmp);
+ } catch (Exception e) {
+ throw new IllegalStateException(e);
+ }
+ }
+ tmp = (String) options.get("pbealgo"); //$NON-NLS-1$
+ if (tmp != null) {
+ this.pbealgo = tmp;
+ }
+ tmp = (String) options.get("salt"); //$NON-NLS-1$
+ if (tmp != null) {
+ this.salt = tmp.substring(0, 8).getBytes();
+ }
+ tmp = (String) options.get("iterationCount"); //$NON-NLS-1$
+ if (tmp != null) {
+ this.iterationCount = Integer.parseInt(tmp);
+ }
+ }
+ }
+
+ public boolean login() throws LoginException {
+
+ if (credentialMap == null) {
+ throw new LoginException( "Credential Map properties file failed to load"); //$NON-NLS-1$
+ }
+
+ return super.login();
+ }
+
+ public boolean commit() throws LoginException {
+
+ String userRole = null;
+ String rolePassword = null;
+
+ Set<String> roles = getRoles();
+ for (String role:roles) {
+ String password = this.credentialMap.getProperty(role);
+ if (password != null) {
+ userRole = role;
+ rolePassword = password;
+ }
+ }
+
+ try {
+ if (userRole != null && rolePassword != null) {
+ this.mappedRole = userRole;
+ PasswordCredential cred = new PasswordCredential(userRole, decode(rolePassword));
+ cred.setManagedConnectionFactory(getMcf());
+ SecurityActions.addCredentials(this.subject, cred);
+ }
+ return super.commit();
+ } catch (Exception e) {
+ throw new LoginException("Failed to decode password: "+e.getMessage()); //$NON-NLS-1$
+ }
+ }
+
+ protected Principal getIdentity() {
+ Principal principal = new SimplePrincipal(this.mappedRole);
+ return principal;
+ }
+
+ /**
+ * This method simply returns an empty array of Groups which means that
+ * no role based permissions are assigned.
+ */
+ protected Group[] getRoleSets() throws LoginException {
+ return new Group[] {};
+ }
+
+ private Set<String> getRoles() {
+ Set<String> roles = new HashSet<String>();
+
+ Set<Principal> principals = this.subject.getPrincipals();
+ for(Principal p: principals) {
+ if ((p instanceof Group) && p.getName().equals("Roles")){ //$NON-NLS-1$
+ Group g = (Group)p;
+ Enumeration<? extends Principal> rolesPrinciples = g.members();
+ while(rolesPrinciples.hasMoreElements()) {
+ roles.add(rolesPrinciples.nextElement().getName());
+ }
+ }
+ }
+ return roles;
+ }
+
+ private char[] decode(String secret) throws Exception {
+ if (!this.encryptionInUse) {
+ return secret.toCharArray();
+ }
+ // Create the PBE secret key
+ PBEParameterSpec cipherSpec = new PBEParameterSpec(this.salt, this.iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(this.pbepass);
+ SecretKeyFactory factory = SecretKeyFactory.getInstance(this.pbealgo);
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+ // Decode the secret
+ byte[] encoding = Base64Utils.fromb64(secret);
+ Cipher cipher = Cipher.getInstance(this.pbealgo);
+ cipher.init(Cipher.DECRYPT_MODE, cipherKey, cipherSpec);
+ byte[] decode = cipher.doFinal(encoding);
+ return new String(decode).toCharArray();
+ }
+}
Property changes on: branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/RoleBasedCredentialMapIdentityLoginModule.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Modified: branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java
===================================================================
--- branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java 2010-09-27 19:08:58 UTC (rev 2614)
+++ branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java 2010-09-27 20:03:53 UTC (rev 2615)
@@ -25,6 +25,7 @@
import java.security.Principal;
import java.security.PrivilegedAction;
+import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import org.jboss.security.SecurityContext;
@@ -82,4 +83,26 @@
}
});
}
+
+ static class AddCredentialsAction implements PrivilegedAction
+ {
+ Subject subject;
+ PasswordCredential cred;
+ AddCredentialsAction(Subject subject, PasswordCredential cred)
+ {
+ this.subject = subject;
+ this.cred = cred;
+ }
+ public Object run()
+ {
+ subject.getPrivateCredentials().add(cred);
+ return null;
+ }
+ }
+
+ static void addCredentials(Subject subject, PasswordCredential cred)
+ {
+ AddCredentialsAction action = new AddCredentialsAction(subject, cred);
+ AccessController.doPrivileged(action);
+ }
}
Added: branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/Util.java
===================================================================
--- branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/Util.java (rev 0)
+++ branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/Util.java 2010-09-27 20:03:53 UTC (rev 2615)
@@ -0,0 +1,90 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.teiid.jboss;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.security.PrivilegedActionException;
+import java.util.Properties;
+
+import org.jboss.logging.Logger;
+
+/**
+ * Common login module utility methods
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision: 68749 $
+ */
+public class Util {
+ /**
+ * Utility method which loads the given properties file and returns a
+ * Properties object containing the key,value pairs in that file. The
+ * properties files should be in the class path as this method looks to the
+ * thread context class loader (TCL) to locate the resource. If the TCL is a
+ * URLClassLoader the findResource(String) method is first tried. If this
+ * fails or the TCL is not a URLClassLoader getResource(String) is tried. If
+ * not, an absolute path is tried.
+ *
+ * @param propertiesName
+ * - the name of the properties file resource
+ * @param log
+ * - the logger used for trace level messages
+ * @return the loaded properties file if found
+ * @exception java.io.IOException
+ * thrown if the properties file cannot be found or loaded
+ */
+ static Properties loadProperties(String propertiesName, Logger log) throws IOException {
+ ClassLoader loader = ResourceActions.getContextClassLoader();
+ URL url = null;
+ // First check for local visibility via a URLClassLoader.findResource
+ if (loader instanceof URLClassLoader) {
+ URLClassLoader ucl = (URLClassLoader) loader;
+ url = ResourceActions.findResource(ucl, propertiesName);
+ log.trace("findResource: " + url); //$NON-NLS-1$
+ }
+ if (url == null)
+ url = loader.getResource(propertiesName);
+ if (url == null) {
+ url = new URL(propertiesName);
+ }
+
+ log.trace("Properties file=" + url); //$NON-NLS-1$
+
+ Properties bundle = new Properties();
+ InputStream is = null;
+ try {
+ is = ResourceActions.openStream(url);
+ } catch (PrivilegedActionException e) {
+ throw new IOException(e.getLocalizedMessage());
+ }
+ if (is != null) {
+ bundle.load(is);
+ is.close();
+ } else {
+ throw new IOException("Properties file " + propertiesName + " not available");//$NON-NLS-1$ //$NON-NLS-2$
+ }
+ log.debug("Loaded properties, users=" + bundle.keySet());//$NON-NLS-1$
+ return bundle;
+ }
+}
Property changes on: branches/7.1.x/jboss-integration/src/main/java/org/teiid/jboss/Util.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
More information about the teiid-commits
mailing list