[teiid-commits] teiid SVN: r3060 - in trunk/engine/src: test/java/org/teiid/dqp/internal/process and 1 other directories.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Mon Apr 4 22:39:40 EDT 2011
Author: shawkins
Date: 2011-04-04 22:39:40 -0400 (Mon, 04 Apr 2011)
New Revision: 3060
Added:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java
Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPCore.java
trunk/engine/src/main/java/org/teiid/dqp/internal/process/Request.java
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestPreparedStatement.java
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java
trunk/engine/src/test/java/org/teiid/query/processor/TestProcessor.java
Log:
TEIID-1327 created an AuthorizationValidator interface
Added: trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java (rev 0)
+++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java 2011-04-05 02:39:40 UTC (rev 3060)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * See the COPYRIGHT.txt file distributed with this work for information
+ * regarding copyright ownership. Some portions may be licensed
+ * to Red Hat, Inc. under one or more contributor license agreements.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA.
+ */
+
+package org.teiid.dqp.internal.process;
+
+import org.teiid.api.exception.query.QueryValidatorException;
+import org.teiid.core.TeiidComponentException;
+import org.teiid.query.metadata.QueryMetadataInterface;
+import org.teiid.query.sql.lang.Command;
+
+/**
+ * Defines a validator that checks for proper authorization.
+ */
+public interface AuthorizationValidator {
+
+ void validate(Command command, QueryMetadataInterface metadata,
+ DQPWorkContext workContext) throws QueryValidatorException, TeiidComponentException;
+
+ boolean hasRole(String roleName, DQPWorkContext workContext);
+}
Property changes on: trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
___________________________________________________________________
Added: svn:mime-type
+ text/plain
Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java 2011-04-04 22:35:34 UTC (rev 3059)
+++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java 2011-04-05 02:39:40 UTC (rev 3060)
@@ -54,6 +54,8 @@
private CacheConfiguration resultsetCacheConfig;
private int maxODBCLobSizeAllowed = 5*1024*1024; // 5 MB
private int userRequestSourceConcurrency = DEFAULT_USER_REQUEST_SOURCE_CONCURRENCY;
+
+ private AuthorizationValidator authorizationValidator;
@ManagementProperty(description="Max active plans (default 20). Increase this value, and max threads, on highly concurrent systems - but ensure that the underlying pools can handle the increased load without timeouts.")
public int getMaxActivePlans() {
@@ -209,4 +211,13 @@
public void setMaxODBCLobSizeAllowed(int lobSize) {
this.maxODBCLobSizeAllowed = lobSize;
}
+
+ public AuthorizationValidator getAuthorizationValidator() {
+ return authorizationValidator;
+ }
+
+ public void setAuthorizationValidator(
+ AuthorizationValidator authorizationValidator) {
+ this.authorizationValidator = authorizationValidator;
+ }
}
Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPCore.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPCore.java 2011-04-04 22:35:34 UTC (rev 3059)
+++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPCore.java 2011-04-05 02:39:40 UTC (rev 3060)
@@ -191,6 +191,8 @@
private CacheFactory cacheFactory;
private SessionAwareCache<CachedResults> matTables;
+
+ private AuthorizationValidator authorizationValidator;
/**
* perform a full shutdown and wait for 10 seconds for all threads to finish
@@ -319,9 +321,9 @@
ClientState state = this.getClientState(workContext.getSessionId(), true);
request.initialize(requestMsg, bufferManager,
dataTierMgr, transactionService, state.sessionTables,
- workContext, this.config.getUseDataRoles(), this.prepPlanCache);
+ workContext, this.prepPlanCache);
request.setResultSetCacheEnabled(this.rsCache != null);
- request.setAllowCreateTemporaryTablesByDefault(this.config.isAllowCreateTemporaryTablesByDefault());
+ request.setAuthorizationValidator(this.authorizationValidator);
request.setUserRequestConcurrency(this.getUserRequestSourceConcurrency());
ResultsFuture<ResultsMessage> resultsFuture = new ResultsFuture<ResultsMessage>();
RequestWorkItem workItem = new RequestWorkItem(this, requestMsg, request, resultsFuture.getResultsReceiver(), requestID, workContext);
@@ -666,7 +668,10 @@
public void start(DQPConfiguration config) {
this.config = config;
-
+ this.authorizationValidator = config.getAuthorizationValidator();
+ if (this.authorizationValidator == null) {
+ this.authorizationValidator = new DataRoleAuthorizationValidator(config.getUseDataRoles(), config.isAllowCreateTemporaryTablesByDefault());
+ }
this.chunkSize = config.getLobChunkSizeInKB() * 1024;
//get buffer manager
Added: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java (rev 0)
+++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java 2011-04-05 02:39:40 UTC (rev 3060)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * See the COPYRIGHT.txt file distributed with this work for information
+ * regarding copyright ownership. Some portions may be licensed
+ * to Red Hat, Inc. under one or more contributor license agreements.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA.
+ */
+
+package org.teiid.dqp.internal.process;
+
+import org.teiid.api.exception.query.QueryValidatorException;
+import org.teiid.core.TeiidComponentException;
+import org.teiid.query.metadata.QueryMetadataInterface;
+import org.teiid.query.sql.lang.Command;
+
+/**
+ * The default Teiid authorization validator
+ */
+public class DataRoleAuthorizationValidator implements AuthorizationValidator {
+
+ private boolean useEntitlements;
+ private boolean allowCreateTemporaryTablesByDefault;
+
+ public DataRoleAuthorizationValidator(boolean useEntitlements,
+ boolean allowCreateTemporaryTablesByDefault) {
+ this.useEntitlements = useEntitlements;
+ this.allowCreateTemporaryTablesByDefault = allowCreateTemporaryTablesByDefault;
+ }
+
+ @Override
+ public void validate(Command command, QueryMetadataInterface metadata, DQPWorkContext workContext) throws QueryValidatorException, TeiidComponentException {
+ if (useEntitlements && !workContext.getVDB().getDataPolicies().isEmpty()) {
+ AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(workContext.getAllowedDataPolicies(), workContext.getUserName());
+ visitor.setAllowCreateTemporaryTablesDefault(allowCreateTemporaryTablesByDefault);
+ Request.validateWithVisitor(visitor, metadata, command);
+ }
+ }
+
+ @Override
+ public boolean hasRole(String roleName, DQPWorkContext workContext) {
+ if (!useEntitlements) {
+ return true;
+ }
+ return workContext.getAllowedDataPolicies().containsKey(roleName);
+ }
+
+}
Property changes on: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java
___________________________________________________________________
Added: svn:mime-type
+ text/plain
Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/Request.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/internal/process/Request.java 2011-04-04 22:35:34 UTC (rev 3059)
+++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/Request.java 2011-04-05 02:39:40 UTC (rev 3060)
@@ -130,12 +130,11 @@
protected Command userCommand;
protected boolean returnsUpdateCount;
- protected boolean useEntitlements;
private TempTableStore globalTables;
private SessionAwareCache<PreparedPlan> planCache;
private boolean resultSetCacheEnabled = true;
- private boolean allowCreateTemporaryTablesByDefault;
private int userRequestConcurrency;
+ private AuthorizationValidator authorizationValidator;
void initialize(RequestMessage requestMsg,
BufferManager bufferManager,
@@ -143,7 +142,6 @@
TransactionService transactionService,
TempTableStore tempTableStore,
DQPWorkContext workContext,
- boolean useEntitlements,
SessionAwareCache<PreparedPlan> planCache) {
this.requestMsg = requestMsg;
@@ -157,7 +155,6 @@
this.workContext = workContext;
this.requestId = workContext.getRequestID(this.requestMsg.getExecutionId());
this.connectorManagerRepo = workContext.getVDB().getAttachment(ConnectorManagerRepository.class);
- this.useEntitlements = useEntitlements && !workContext.getVDB().getDataPolicies().isEmpty();
this.planCache = planCache;
}
@@ -171,11 +168,11 @@
this.resultSetCacheEnabled = resultSetCacheEnabled;
}
- public void setAllowCreateTemporaryTablesByDefault(
- boolean allowCreateTemporaryTablesByDefault) {
- this.allowCreateTemporaryTablesByDefault = allowCreateTemporaryTablesByDefault;
+ public void setAuthorizationValidator(
+ AuthorizationValidator authorizationValidator) {
+ this.authorizationValidator = authorizationValidator;
}
-
+
/**
* if the metadata has not been supplied via setMetadata, this method will create the appropriate state
*
@@ -250,13 +247,10 @@
context.setSecurityFunctionEvaluator(new SecurityFunctionEvaluator() {
@Override
public boolean hasRole(String roleType, String roleName) throws TeiidComponentException {
- if (!useEntitlements) {
- return true;
- }
if (!DATA_ROLE.equalsIgnoreCase(roleType)) {
return false;
}
- return workContext.getAllowedDataPolicies().containsKey(roleName);
+ return authorizationValidator.hasRole(roleName, workContext);
}
});
context.setTempTableStore(tempTableStore);
@@ -472,11 +466,7 @@
}
protected void validateAccess(Command command) throws QueryValidatorException, TeiidComponentException {
- if (useEntitlements) {
- AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(this.workContext.getAllowedDataPolicies(), this.workContext.getUserName());
- visitor.setAllowCreateTemporaryTablesDefault(this.allowCreateTemporaryTablesByDefault);
- validateWithVisitor(visitor, this.metadata, command);
- }
+ this.authorizationValidator.validate(command, metadata, workContext);
}
}
Modified: trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestPreparedStatement.java
===================================================================
--- trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestPreparedStatement.java 2011-04-04 22:35:34 UTC (rev 3059)
+++ trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestPreparedStatement.java 2011-04-05 02:39:40 UTC (rev 3060)
@@ -60,9 +60,6 @@
private static final int SESSION_ID = 6;
- private static boolean DEBUG = false;
-
-
static void helpTestProcessing(String preparedSql, List values, List[] expected, ProcessorDataManager dataManager, QueryMetadataInterface metadata, boolean callableStatement, VDBMetaData vdb) throws Exception {
helpTestProcessing(preparedSql, values, expected, dataManager, metadata, callableStatement, false, vdb);
}
@@ -246,9 +243,9 @@
ConnectorManagerRepository repo = Mockito.mock(ConnectorManagerRepository.class);
Mockito.stub(repo.getConnectorManager(Mockito.anyString())).toReturn(new AutoGenDataService());
- serverRequest.initialize(request, BufferManagerFactory.getStandaloneBufferManager(), null, new FakeTransactionService(), null, workContext, false, prepPlanCache);
-
+ serverRequest.initialize(request, BufferManagerFactory.getStandaloneBufferManager(), null, new FakeTransactionService(), null, workContext, prepPlanCache);
serverRequest.setMetadata(capFinder, metadata, null);
+ serverRequest.setAuthorizationValidator(new DataRoleAuthorizationValidator(false, true));
serverRequest.processRequest();
assertNotNull(serverRequest.processPlan);
Modified: trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java
===================================================================
--- trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java 2011-04-04 22:35:34 UTC (rev 3059)
+++ trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java 2011-04-05 02:39:40 UTC (rev 3060)
@@ -70,7 +70,6 @@
public void testValidateEntitlement() throws Exception {
QueryMetadataInterface metadata = FakeMetadataFactory.example1Cached();
-
Request request = new Request();
Command command = QueryParser.getQueryParser().parseCommand(QUERY);
QueryResolver.resolveCommand(command, metadata);
@@ -78,8 +77,9 @@
RequestMessage message = new RequestMessage();
DQPWorkContext workContext = FakeMetadataFactory.buildWorkContext(metadata, FakeMetadataFactory.example1VDB());
- request.initialize(message, null, null,new FakeTransactionService(),null, workContext, false, null);
+ request.initialize(message, null, null,new FakeTransactionService(),null, workContext, null);
request.initMetadata();
+ request.setAuthorizationValidator(new DataRoleAuthorizationValidator(true, true));
request.validateAccess(command);
}
@@ -132,8 +132,8 @@
Mockito.stub(repo.getConnectorManager(Mockito.anyString())).toReturn(new AutoGenDataService());
request.initialize(message, Mockito.mock(BufferManager.class),
- new FakeDataManager(), new FakeTransactionService(), null, workContext, false, null);
-
+ new FakeDataManager(), new FakeTransactionService(), null, workContext, null);
+ request.setAuthorizationValidator(new DataRoleAuthorizationValidator(false, true));
request.processRequest();
return request;
}
Modified: trunk/engine/src/test/java/org/teiid/query/processor/TestProcessor.java
===================================================================
--- trunk/engine/src/test/java/org/teiid/query/processor/TestProcessor.java 2011-04-04 22:35:34 UTC (rev 3059)
+++ trunk/engine/src/test/java/org/teiid/query/processor/TestProcessor.java 2011-04-05 02:39:40 UTC (rev 3060)
@@ -7650,5 +7650,5 @@
helpProcess(plan, dataManager, expected);
}
- private static final boolean DEBUG = true;
+ private static final boolean DEBUG = false;
}
More information about the teiid-commits
mailing list