[teiid-commits] teiid SVN: r3382 - in trunk: client/src/main/java/org/teiid and 20 other directories.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Mon Aug 15 14:31:50 EDT 2011
Author: rareddy
Date: 2011-08-15 14:31:49 -0400 (Mon, 15 Aug 2011)
New Revision: 3382
Added:
trunk/client/src/main/java/org/teiid/gss/
trunk/client/src/main/java/org/teiid/gss/GSSCallbackHandler.java
trunk/client/src/main/java/org/teiid/gss/MakeGSS.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/AssosiateCallerIdentityLoginModule.java
Modified:
trunk/build/kits/jboss-container/deploy/teiid/teiid-jboss-beans.xml
trunk/client/src/main/java/org/teiid/client/security/ILogon.java
trunk/client/src/main/java/org/teiid/client/security/LogonResult.java
trunk/client/src/main/java/org/teiid/jdbc/JDBCURL.java
trunk/client/src/main/java/org/teiid/jdbc/TeiidDataSource.java
trunk/client/src/main/java/org/teiid/net/TeiidURL.java
trunk/client/src/main/java/org/teiid/net/socket/SocketServerConnection.java
trunk/client/src/main/resources/org/teiid/jdbc/i18n.properties
trunk/client/src/test/java/org/teiid/jdbc/TestTeiidDriver.java
trunk/client/src/test/java/org/teiid/net/socket/TestSocketServerConnection.java
trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
trunk/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-connection.xml
trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/deployers/RuntimeEngineDeployer.java
trunk/runtime/src/main/java/org/teiid/odbc/ODBCClientRemote.java
trunk/runtime/src/main/java/org/teiid/odbc/ODBCServerRemote.java
trunk/runtime/src/main/java/org/teiid/odbc/ODBCServerRemoteImpl.java
trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
trunk/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java
trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java
trunk/runtime/src/main/java/org/teiid/transport/ODBCClientInstance.java
trunk/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java
trunk/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java
trunk/runtime/src/main/java/org/teiid/transport/PgFrontendProtocol.java
trunk/runtime/src/main/resources/org/teiid/runtime/i18n.properties
trunk/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java
trunk/runtime/src/test/java/org/teiid/transport/TestSocketRemoting.java
trunk/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java
trunk/test-integration/pom.xml
Log:
TEIID-1610: Implementing the GSSAPI support for remote JDBC & ODBC clients in Teiid
Modified: trunk/build/kits/jboss-container/deploy/teiid/teiid-jboss-beans.xml
===================================================================
--- trunk/build/kits/jboss-container/deploy/teiid/teiid-jboss-beans.xml 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/build/kits/jboss-container/deploy/teiid/teiid-jboss-beans.xml 2011-08-15 18:31:49 UTC (rev 3382)
@@ -13,6 +13,10 @@
<property name="sessionMaxLimit">5000</property>
<!-- Max allowed time before the session is terminated by the system, 0 indicates unlimited (default 0) -->
<property name="sessionExpirationTimeLimit">0</property>
+ <!-- authentication type are CLEARTEXT, KRB5 (default:CLEARTEXT) -->
+ <property name="authenticationType">CLEARTEXT</property>
+ <!-- When authenticationType=KRB5, then it requires a kerberos security domain to authorize first before teiid-security takes over -->
+ <property name="krb5SecurityDomain">teiid-krb5</property>
</bean>
<bean name="BufferService" class="org.teiid.services.BufferServiceImpl">
@@ -256,10 +260,36 @@
<property name="authenticationMode">1-way</property>
</bean>
- <!-- teiid's default security domain, replace this with your own if needs to be any other JAAS domain -->
+ <!-- un-comment and edit for Kerberos login configuration (comment the original login config below)
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="teiid-krb5">
+ <authentication>
+ <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
+ <module-option name="storeKey">true</module-option>
+ <module-option name="useKeyTab">true</module-option>
+ <module-option name="principal">demo at EXAMPLE.COM</module-option>
+ <module-option name="keyTab">/path/to/krb5.keytab</module-option>
+ <module-option name="doNotPrompt">true</module-option>
+ <module-option name="debug">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
<application-policy xmlns="urn:jboss:security-beans:1.0" name="teiid-security">
<authentication>
+ <login-module code="org.teiid.jboss.AssosiateCallerIdentityLoginModule" flag="required"/>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
+ <module-option name="password-stacking">useFirstPass</module-option>
+ <module-option name="usersProperties">props/teiid-security-users.properties</module-option>
+ <module-option name="rolesProperties">props/teiid-security-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ -->
+ <!-- teiid's default security domain, replace this with your own if needs to be any other JAAS domain -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="teiid-security">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<!-- property files can found under conf/props directory -->
<module-option name="usersProperties">props/teiid-security-users.properties</module-option>
<module-option name="rolesProperties">props/teiid-security-roles.properties</module-option>
Modified: trunk/client/src/main/java/org/teiid/client/security/ILogon.java
===================================================================
--- trunk/client/src/main/java/org/teiid/client/security/ILogon.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/main/java/org/teiid/client/security/ILogon.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -34,9 +34,14 @@
* Generic logon interface.
*/
public interface ILogon {
+ static final String KRB5TOKEN = "KRB5TOKEN"; //$NON-NLS-1$
+ static final String KRB5_ESTABLISHED = "KRB5_CONTEXT_ESTABLISHED"; //$NON-NLS-1$
+
LogonResult logon(Properties connectionProperties)
throws LogonException, TeiidComponentException, CommunicationException;
-
+
+ LogonResult neogitiateGssLogin(Properties connectionProperties, byte[] serviceToken, boolean createSession) throws LogonException;
+
/**
* Ping the server to see if the client-server connection is alive.
* @throws InvalidSessionException if the sessionID is invalid
Modified: trunk/client/src/main/java/org/teiid/client/security/LogonResult.java
===================================================================
--- trunk/client/src/main/java/org/teiid/client/security/LogonResult.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/main/java/org/teiid/client/security/LogonResult.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -26,10 +26,14 @@
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
+import java.util.HashMap;
+import java.util.Map;
import java.util.TimeZone;
+import org.teiid.core.util.ExternalizeUtil;
+
/**
* Dataholder for the result of <code>ILogon.logon()</code>.
* Contains a sessionID
@@ -44,8 +48,9 @@
private SessionToken sessionToken;
private String vdbName;
private int vdbVersion;
+ private Map<Object, Object> addtionalProperties;
- public LogonResult() {
+ public LogonResult() {
}
public LogonResult(SessionToken token, String vdbName, int vdbVersion, String clusterName) {
@@ -89,6 +94,20 @@
return vdbVersion;
}
+ public Object getProperty(String key) {
+ if (this.addtionalProperties == null) {
+ return null;
+ }
+ return addtionalProperties.get(key);
+ }
+
+ public void addProperty(String key, Object value) {
+ if (this.addtionalProperties == null) {
+ this.addtionalProperties = new HashMap<Object, Object>();
+ }
+ this.addtionalProperties.put(key, value);
+ }
+
@Override
public void readExternal(ObjectInput in) throws IOException,
ClassNotFoundException {
@@ -97,6 +116,7 @@
timeZone = (TimeZone)in.readObject();
clusterName = (String)in.readObject();
vdbVersion = in.readInt();
+ addtionalProperties = ExternalizeUtil.readMap(in);
}
@Override
@@ -106,6 +126,7 @@
out.writeObject(timeZone);
out.writeObject(clusterName);
out.writeInt(vdbVersion);
+ ExternalizeUtil.writeMap(out, addtionalProperties);
}
}
Added: trunk/client/src/main/java/org/teiid/gss/GSSCallbackHandler.java
===================================================================
--- trunk/client/src/main/java/org/teiid/gss/GSSCallbackHandler.java (rev 0)
+++ trunk/client/src/main/java/org/teiid/gss/GSSCallbackHandler.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -0,0 +1,85 @@
+/*-------------------------------------------------------------------------
+*
+* Copyright (c) 2008, PostgreSQL Global Development Group
+*
+* IDENTIFICATION
+* $PostgreSQL: pgjdbc/org/postgresql/gss/GSSCallbackHandler.java,v 1.2 2008/11/29 07:43:47 jurka Exp $
+*
+*-------------------------------------------------------------------------
+*/
+
+/*
+ * JBoss, Home of Professional Open Source.
+ * See the COPYRIGHT.txt file distributed with this work for information
+ * regarding copyright ownership. Some portions may be licensed
+ * to Red Hat, Inc. under one or more contributor license agreements.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA.
+ */
+package org.teiid.gss;
+
+import java.io.IOException;
+import javax.security.auth.callback.*;
+
+import org.teiid.jdbc.JDBCPlugin;
+
+public class GSSCallbackHandler implements CallbackHandler {
+
+ private final String user;
+ private final String password;
+
+ public GSSCallbackHandler(String user, String password)
+ {
+ this.user = user;
+ this.password = password;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ {
+ for (int i=0; i<callbacks.length; i++) {
+ if (callbacks[i] instanceof TextOutputCallback) {
+ TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+ switch (toc.getMessageType()) {
+ case TextOutputCallback.INFORMATION:
+ System.out.println("INFO: " + toc.getMessage());//$NON-NLS-1$
+ break;
+ case TextOutputCallback.ERROR:
+ System.out.println("ERROR: " + toc.getMessage()); //$NON-NLS-1$
+ break;
+ case TextOutputCallback.WARNING:
+ System.out.println("WARNING: " + toc.getMessage());//$NON-NLS-1$
+ break;
+ default:
+ throw new IOException("Unsupported message type: " + toc.getMessageType()); //$NON-NLS-1$
+ }
+ } else if (callbacks[i] instanceof NameCallback) {
+ NameCallback nc = (NameCallback)callbacks[i];
+ nc.setName(user);
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ PasswordCallback pc = (PasswordCallback)callbacks[i];
+ if (password == null) {
+ throw new IOException(JDBCPlugin.Util.getString("no_krb_ticket")); //$NON-NLS-1$
+ }
+ pc.setPassword(password.toCharArray());
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); //$NON-NLS-1$
+ }
+ }
+ }
+
+}
+
+
Property changes on: trunk/client/src/main/java/org/teiid/gss/GSSCallbackHandler.java
___________________________________________________________________
Added: svn:mime-type
+ text/plain
Added: trunk/client/src/main/java/org/teiid/gss/MakeGSS.java
===================================================================
--- trunk/client/src/main/java/org/teiid/gss/MakeGSS.java (rev 0)
+++ trunk/client/src/main/java/org/teiid/gss/MakeGSS.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -0,0 +1,163 @@
+/*-------------------------------------------------------------------------
+*
+* Copyright (c) 2008, PostgreSQL Global Development Group
+*
+* IDENTIFICATION
+* $PostgreSQL: pgjdbc/org/postgresql/gss/MakeGSS.java,v 1.2.2.1 2009/08/18 03:37:08 jurka Exp $
+*
+*-------------------------------------------------------------------------
+*/
+
+/*
+ * JBoss, Home of Professional Open Source.
+ * See the COPYRIGHT.txt file distributed with this work for information
+ * regarding copyright ownership. Some portions may be licensed
+ * to Red Hat, Inc. under one or more contributor license agreements.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA.
+ */
+
+package org.teiid.gss;
+
+import java.security.PrivilegedAction;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.teiid.client.security.ILogon;
+import org.teiid.client.security.LogonException;
+import org.teiid.client.security.LogonResult;
+import org.teiid.core.TeiidComponentException;
+import org.teiid.jdbc.JDBCPlugin;
+import org.teiid.jdbc.TeiidSQLException;
+import org.teiid.net.CommunicationException;
+import org.teiid.net.TeiidURL;
+
+
+
+public class MakeGSS {
+
+ private static Logger logger = Logger.getLogger("org.teiid.jdbc"); //$NON-NLS-1$
+
+ public static LogonResult authenticate(ILogon logon, Properties props)
+ throws LogonException, TeiidComponentException, CommunicationException {
+ if (logger.isLoggable(Level.FINE)) {
+ logger.fine("GSS Authentication Request"); //$NON-NLS-1$
+ }
+
+ Object result = null;
+
+ String jaasApplicationName = props.getProperty(TeiidURL.CONNECTION.JAAS_NAME, "teiid"); //$NON-NLS-1$
+ String kerberosPrincipalName = props.getProperty(TeiidURL.CONNECTION.KERBEROS_SERVICE_PRINCIPLE_NAME, "teiid"); //$NON-NLS-1$
+ String user = props.getProperty(TeiidURL.CONNECTION.USER_NAME);
+ String password = props.getProperty(TeiidURL.CONNECTION.PASSWORD);
+
+ try {
+ LoginContext lc = new LoginContext(jaasApplicationName, new GSSCallbackHandler(user, password));
+ lc.login();
+
+ Subject sub = lc.getSubject();
+ PrivilegedAction action = new GssAction(logon, kerberosPrincipalName, props);
+ result = Subject.doAs(sub, action);
+ } catch (Exception e) {
+ throw new LogonException(e, JDBCPlugin.Util.getString("gss_auth_failed")); //$NON-NLS-1$
+ }
+
+ if (result instanceof LogonException)
+ throw (LogonException)result;
+ else if (result instanceof TeiidComponentException)
+ throw (TeiidComponentException)result;
+ else if (result instanceof CommunicationException)
+ throw (CommunicationException)result;
+ else if (result instanceof Exception)
+ throw new LogonException((Exception)result, JDBCPlugin.Util.getString("gss_auth_failed")); //$NON-NLS-1$
+
+ return (LogonResult)result;
+ }
+
+}
+
+class GssAction implements PrivilegedAction {
+
+ private static Logger logger = Logger.getLogger("org.teiid.jdbc"); //$NON-NLS-1$
+ private final ILogon logon;
+ private final String kerberosPrincipalName;
+ private Properties props;
+
+ public GssAction(ILogon pgStream, String kerberosPrincipalName, Properties props) {
+ this.logon = pgStream;
+ this.kerberosPrincipalName = kerberosPrincipalName;
+ this.props = props;
+ }
+
+ public Object run() {
+ byte outToken[] = null;
+
+ try {
+ org.ietf.jgss.Oid desiredMechs[] = new org.ietf.jgss.Oid[1];
+ desiredMechs[0] = new org.ietf.jgss.Oid("1.2.840.113554.1.2.2"); //$NON-NLS-1$
+
+ GSSManager manager = GSSManager.getInstance();
+
+ // null on second param means the serverName is already in the native format.
+ GSSName serverName = manager.createName(this.kerberosPrincipalName, null);
+
+ GSSContext secContext = manager.createContext(serverName, desiredMechs[0], null, GSSContext.DEFAULT_LIFETIME);
+ secContext.requestMutualAuth(true);
+ secContext.requestConf(true); // Will use confidentiality later
+ secContext.requestInteg(true); // Will use integrity later
+
+ byte inToken[] = new byte[0];
+
+ boolean established = false;
+ LogonResult result = null;
+ while (!established) {
+ outToken = secContext.initSecContext(inToken, 0, inToken.length);
+ if (outToken != null) {
+ if (logger.isLoggable(Level.FINE)) {
+ logger.fine("Sending Service Token to Server (GSS Authentication Token)"); //$NON-NLS-1$
+ }
+ result = logon.neogitiateGssLogin(this.props, outToken, true);
+ inToken = (byte[])result.getProperty(ILogon.KRB5TOKEN);
+ }
+
+ if (!secContext.isEstablished()) {
+ if (logger.isLoggable(Level.FINE)) {
+ logger.fine("Authentication GSS Continue"); //$NON-NLS-1$
+ }
+ } else {
+ established = true;
+ if (logger.isLoggable(Level.FINE)) {
+ logger.fine("Authentication GSS Established"); //$NON-NLS-1$
+ }
+ }
+ }
+ return result;
+ } catch (GSSException gsse) {
+ return TeiidSQLException.create(gsse, JDBCPlugin.Util.getString("gss_auth_failed")); //$NON-NLS-1$
+ } catch(Exception e) {
+ return e;
+ }
+ }
+}
+
Property changes on: trunk/client/src/main/java/org/teiid/gss/MakeGSS.java
___________________________________________________________________
Added: svn:mime-type
+ text/plain
Modified: trunk/client/src/main/java/org/teiid/jdbc/JDBCURL.java
===================================================================
--- trunk/client/src/main/java/org/teiid/jdbc/JDBCURL.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/main/java/org/teiid/jdbc/JDBCURL.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -73,7 +73,10 @@
BaseDataSource.PASSWORD,
TeiidURL.CONNECTION.AUTO_FAILOVER,
TeiidURL.CONNECTION.DISCOVERY_STRATEGY,
- TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION));
+ TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION,
+ TeiidURL.CONNECTION.AUTHENTICATION_TYPE,
+ TeiidURL.CONNECTION.JAAS_NAME,
+ TeiidURL.CONNECTION.KERBEROS_SERVICE_PRINCIPLE_NAME));
props.addAll(EXECUTION_PROPERTIES);
return Collections.unmodifiableSet(props);
}
Modified: trunk/client/src/main/java/org/teiid/jdbc/TeiidDataSource.java
===================================================================
--- trunk/client/src/main/java/org/teiid/jdbc/TeiidDataSource.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/main/java/org/teiid/jdbc/TeiidDataSource.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -98,7 +98,21 @@
*/
private boolean passthroughAuthentication = false;
-
+ /**
+ * Authentication type to used from client. choices are simple - which is plain user/password; krb5 - kerberos
+ */
+ private String authenticationType;
+
+ /**
+ * Name of the jass configuration to use from the -Djava.security.auth.login.config=login.conf property
+ */
+ private String jaasName;
+
+ /**
+ * Name of Kerberos KDC service principle name
+ */
+ private String kerberosServicePrincipleName;
+
public TeiidDataSource() {
}
@@ -243,6 +257,16 @@
private Properties buildEmbeddedProperties(final String userName, final String password) {
Properties props = buildProperties(userName, password);
props.setProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, Boolean.toString(this.passthroughAuthentication));
+
+ if (getAuthenticationType() != null) {
+ props.setProperty(TeiidURL.CONNECTION.AUTHENTICATION_TYPE, getAuthenticationType());
+ }
+ if (getJaasName() != null) {
+ props.setProperty(TeiidURL.CONNECTION.JAAS_NAME, getJaasName());
+ }
+ if (getKerberosServicePrincipleName() != null) {
+ props.setProperty(TeiidURL.CONNECTION.KERBEROS_SERVICE_PRINCIPLE_NAME, getKerberosServicePrincipleName());
+ }
return props;
}
@@ -466,6 +490,57 @@
*/
public void setPassthroughAuthentication(final boolean passthroughAuthentication) {
this.passthroughAuthentication = passthroughAuthentication;
- }
+ }
+
+ /**
+ * Authentication Type {simple, krb5} default:simple
+ * @return
+ */
+ public String getAuthenticationType() {
+ return authenticationType;
+ }
+
+ /**
+ * Authentication Type.
+ * @since 7.6
+ * @return
+ */
+ public void setAuthenticationType(final String authType) {
+ this.authenticationType = authType;
+ }
+
+ /**
+ * Application name from JAAS Login Config file
+ * @since 7.6
+ * @return
+ */
+ public String getJaasName() {
+ return jaasName;
+ }
+
+ /**
+ * Application name from JAAS Login Config file
+ * @since 7.6
+ */
+ public void setJaasName(String jaasApplicationName) {
+ this.jaasName = jaasApplicationName;
+ }
+
+ /**
+ * Kerberos KDC service principle name
+ * @since 7.6
+ * @return
+ */
+ public String getKerberosServicePrincipleName() {
+ return kerberosServicePrincipleName;
+ }
+
+ /**
+ * Kerberos KDC service principle name
+ * @since 7.6
+ */
+ public void setKerberosServicePrincipleName(String kerberosServerName) {
+ this.kerberosServicePrincipleName = kerberosServerName;
+ }
}
Modified: trunk/client/src/main/java/org/teiid/net/TeiidURL.java
===================================================================
--- trunk/client/src/main/java/org/teiid/net/TeiidURL.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/main/java/org/teiid/net/TeiidURL.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -82,6 +82,16 @@
public static final String ADMIN = "admin"; //$NON-NLS-1$
public static final String PASSTHROUGH_AUTHENTICATION = "PassthroughAuthentication"; //$NON-NLS-1$
+
+ public static final String AUTHENTICATION_TYPE = "authenticationType"; //$NON-NLS-1$
+
+ public static final String JAAS_NAME = "jaasName"; //$NON-NLS-1$
+
+ public static final String KERBEROS_SERVICE_PRINCIPLE_NAME = "kerberosServicePrincipleName"; //$NON-NLS-1$
+
+ public enum AuthenticationType {
+ CLEARTEXT,KRB5
+ };
}
public static final String DOT_DELIMITER = "."; //$NON-NLS-1$
Modified: trunk/client/src/main/java/org/teiid/net/socket/SocketServerConnection.java
===================================================================
--- trunk/client/src/main/java/org/teiid/net/socket/SocketServerConnection.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/main/java/org/teiid/net/socket/SocketServerConnection.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -49,12 +49,14 @@
import org.teiid.client.util.ResultsFuture;
import org.teiid.core.TeiidComponentException;
import org.teiid.core.TeiidException;
+import org.teiid.gss.MakeGSS;
import org.teiid.jdbc.JDBCPlugin;
import org.teiid.net.CommunicationException;
import org.teiid.net.ConnectionException;
import org.teiid.net.HostInfo;
import org.teiid.net.ServerConnection;
import org.teiid.net.TeiidURL;
+import org.teiid.net.TeiidURL.CONNECTION.AuthenticationType;
/**
@@ -166,8 +168,18 @@
private void logon(ILogon newLogon, boolean logoff) throws LogonException,
TeiidComponentException, CommunicationException {
- LogonResult newResult = newLogon.logon(connProps);
+
SocketServerInstance instance = this.serverInstance;
+ LogonResult newResult = null;
+
+ AuthenticationType authType = getAuthenticationType();
+ if (AuthenticationType.CLEARTEXT.equals(authType)) {
+ newResult = newLogon.logon(connProps);
+ }
+ else if (AuthenticationType.KRB5.equals(authType)) {
+ newResult = MakeGSS.authenticate(newLogon, connProps);
+ }
+
if (logoff) {
if ("7.3".compareTo(this.serverInstance.getServerVersion()) <= 0) { //$NON-NLS-1$
//just remove the current instance - the server has already logged off the current user
@@ -176,10 +188,19 @@
}
logoffAll();
}
+
this.logonResult = newResult;
this.logonResults.put(instance.getHostInfo(), this.logonResult);
this.connectionFactory.connected(instance, this.logonResult.getSessionToken());
}
+
+ private AuthenticationType getAuthenticationType() {
+ String authStr = this.connProps.getProperty(TeiidURL.CONNECTION.AUTHENTICATION_TYPE);
+ if (authStr == null) {
+ return AuthenticationType.CLEARTEXT;
+ }
+ return AuthenticationType.valueOf(authStr);
+ }
private ILogon connect(HostInfo hostInfo) throws CommunicationException,
IOException {
Modified: trunk/client/src/main/resources/org/teiid/jdbc/i18n.properties
===================================================================
--- trunk/client/src/main/resources/org/teiid/jdbc/i18n.properties 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/main/resources/org/teiid/jdbc/i18n.properties 2011-08-15 18:31:49 UTC (rev 3382)
@@ -150,3 +150,8 @@
TeiidURL.port_out_of_range=The port ''{0}'' is out of range.
BatchSerializer.datatype_mismatch=The modeled datatype {0} for column {1} doesn''t match the runtime type "{2}". Please ensure that the column''s modeled datatype matches the expected data.
+
+
+no_krb_ticket=No cached kerberos ticket found and/or no password supplied
+gss_auth_failed=GSS Authentication failed
+setup_failed=Protocol error. Session setup failed.
Modified: trunk/client/src/test/java/org/teiid/jdbc/TestTeiidDriver.java
===================================================================
--- trunk/client/src/test/java/org/teiid/jdbc/TestTeiidDriver.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/test/java/org/teiid/jdbc/TestTeiidDriver.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -138,7 +138,7 @@
@Test public void testGetPropertyInfo1() throws Exception {
DriverPropertyInfo info[] = drv.getPropertyInfo("jdbc:teiid:vdb at mm://localhost:12345;applicationName=x", null); //$NON-NLS-1$
- assertEquals(21, info.length);
+ assertEquals(24, info.length);
assertEquals(false, info[0].required);
assertEquals("ApplicationName", info[0].name); //$NON-NLS-1$
assertEquals("x", info[0].value); //$NON-NLS-1$
Modified: trunk/client/src/test/java/org/teiid/net/socket/TestSocketServerConnection.java
===================================================================
--- trunk/client/src/test/java/org/teiid/net/socket/TestSocketServerConnection.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/client/src/test/java/org/teiid/net/socket/TestSocketServerConnection.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -107,6 +107,12 @@
throws TeiidComponentException, CommunicationException {
return ping();
}
+
+ @Override
+ public LogonResult neogitiateGssLogin(Properties connectionProperties,
+ byte[] serviceToken, boolean createSession) throws LogonException {
+ return null;
+ }
}
/**
Modified: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2011-08-15 18:31:49 UTC (rev 3382)
@@ -102,6 +102,115 @@
If you want write your own Custom Login module, check out the Developer's Guide for instructions.
</para>
</section>
+
+ <section>
+ <title>Kerberos support through GSSAPI</title>
+ <para>Teiid supports kerberos authentication using GSSAPI, to be used with single sign-on applications.
+ This service ticket negotiation based authentication is supported through remote JDBC and ODBC drivers and as
+ well as in LocalConnections. However, configuration is varies for local connections vs remote connections</para>
+
+ <section>
+ <title>LocalConnection</title>
+ <para>For supporting kerberos through local connections, provide JDBC URL property <emphasis>PassthroughAuthentication</emphasis>
+ as true and use the <ulink url="http://community.jboss.org/docs/DOC-10680">JBoss Negotiation</ulink> as
+ authentication configure your web-application for kerberos. When the web application authenticates with the provided
+ kerberos token, the same subject authenticated will be used in Teiid. For details about configuration, check the
+ JBoss Negotiation documentation.</para>
+ </section>
+
+ <section>
+ <title>Remote JDBC Connection</title>
+ <para>Server: For supporting the kerberos through jdbc from a remote client application, follow the below configuration.
+ On the server, edit "{jboss-as}/server/{profile}/deploy/teiid/teiid-jboss-beans.xml" file, and make sure under
+ "SessionService" bean definition the following properties are set.
+ <programlisting><![CDATA[
+ <!-- Sets the authentication Type -->
+ <property name="authenticationType">KRB5</property>
+ <!-- Security domain used for kerberos authentication -->
+ <property name="krb5SecurityDomain">teiid-krb5</property>
+ ]]></programlisting>
+
+ Now we need to define security domain context for kerberos with name mentioned in above, and since the kerberos
+ authorization can not define authorization roles, we need devise a way to define them using another login context.
+ Given below is sample configuration to define roles using UserRolesLoginModule.
+ Note that the below configuration replaces the default Teiid login configuration. Note to change the principal
+ and key tab locations accordingly.
+
+ <programlisting><![CDATA[
+ <!--login module that negotiates the login conext for kerberos -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="teiid-krb5">
+ <authentication>
+ <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
+ <module-option name="storeKey">true</module-option>
+ <module-option name="useKeyTab">true</module-option>
+ <module-option name="principal">demo at EXAMPLE.COM</module-option>
+ <module-option name="keyTab">path/to/krb5.keytab</module-option>
+ <module-option name="doNotPrompt">true</module-option>
+ <module-option name="debug">false</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- teiid's default security domain, replace this with your own if needs to be any other JAAS domain -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="teiid-security">
+ <authentication>
+ <!-- This module assosiates kerberos user with this login set of login modules -->
+ <login-module code="org.teiid.jboss.AssosiateCallerIdentityLoginModule" flag="required"/>
+ <!-- Login module used for defining roles for user authencated using kerberos, keep the users file empty
+ but provide roles in the roles file for users -->
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
+ <module-option name="password-stacking">useFirstPass</module-option>
+ <module-option name="usersProperties">props/teiid-security-users.properties</module-option>
+ <module-option name="rolesProperties">props/teiid-security-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ ]]></programlisting>
+ Edit "run.conf" or "run.conf.bat"file depending upon the environment in "${jboss-as}/bin" directory
+ and add the following JVM options to startup script (note to change the realm and KDC settings according to your environment)
+ <programlisting><![CDATA[
+ JAVA_OPTS = "$JAVA_OPTS -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=kerberos.example.com -Djavax.security.auth.useSubjectCredsOnly=false"
+ ]]></programlisting>
+ This finishes the configuration on the server side, restart the server and make sure that there were no errors during startup.
+ </para>
+
+ <para>Client: The following configuration needs to be done on the Teiid client application VM. For client VM, JAAS
+ configuration for kerberos authentication needs to be written. A sample configuration file (client.conf) is show below
+
+ <programlisting><![CDATA[
+ Client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useTicketCache=true
+ storeKey=true
+ useKeyTab=true
+ keyTab="/path/to/krb5.keytab"
+ doNotPrompt=false
+ debug=false
+ principal="demo at EXAMPLE.COM";
+ };
+ ]]></programlisting>
+
+ Add the following JVM options to your client's startup script, note the change Realm and KDC settings according to
+ your environment
+ <programlisting><![CDATA[
+ -Djava.security.krb5.realm=EXAMPLE.COM
+ -Djava.security.krb5.kdc=kerberos.example.com
+ -Djavax.security.auth.useSubjectCredsOnly=false
+ -Dsun.security.krb5.debug=false
+ -Djava.security.auth.login.config=/path/to/client.conf
+ ]]></programlisting>
+
+ Add the following URL connection properties to Teiid JDBC connection string
+ <programlisting><![CDATA[
+ authenticationType=KRB5;jaasName=Client;kerberosServicePrincipleName=demo at EXAMPLE.COM
+ ]]></programlisting>
+ There is no need to provide the user name and password, when the application is trying to make JDBC connection it
+ will authenticate locally and use the same user credetinals to neogitiate service token with server and grant the
+ connection. See Client Developer's guide for information on connection properties and how to configure data sources.
+ </para>
+ </section>
+
+ </section>
<section>
<title>Security at Data Source level</title>
Modified: trunk/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-connection.xml
===================================================================
--- trunk/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-connection.xml 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-connection.xml 2011-08-15 18:31:49 UTC (rev 3382)
@@ -255,7 +255,45 @@
backwards compatibility when JDBC3 and older support is still required. Defaults to true.
</para>
</entry>
- </row>
+ </row>
+ <row>
+ <entry>
+ <code>authenticationType</code>
+ </entry>
+ <entry>
+ <code>String</code>
+ </entry>
+ <entry>
+ <para>Type of authentication to use. Valid values are CLEARTEXT (default) and KRB5 (kerberos). See
+ Admin Guide for configuration required for kerberos
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <code>jaasName</code>
+ </entry>
+ <entry>
+ <code>String</code>
+ </entry>
+ <entry>
+ <para>JAAS configuration name. Only applies when configuring a kerberos authentication.
+ See Admin Guide for configuration required for kerberos</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <code>kerberosServicePrincipleName</code>
+ </entry>
+ <entry>
+ <code>String</code>
+ </entry>
+ <entry>
+ <para>Kerberos authenticated principle name. Only applies when configuring a kerberos authentication.
+ See Admin Guide for configuration required for kerberos</para>
+ </entry>
+ </row>
+
</tbody>
</tgroup>
</table>
Modified: trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -23,13 +23,17 @@
package org.teiid.dqp.service;
import java.util.Collection;
+import java.util.List;
import java.util.Properties;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.client.security.InvalidSessionException;
import org.teiid.dqp.internal.process.DQPCore;
+import org.teiid.net.TeiidURL.CONNECTION.AuthenticationType;
import org.teiid.security.Credentials;
@@ -138,5 +142,12 @@
SessionMetadata getActiveSession(String sessionID);
void setDqp(DQPCore dqp);
+
+ LoginContext createLoginContext(String securityDomain, String user, String password) throws LoginException;
+ AuthenticationType getAuthType();
+
+ String getKrb5SecurityDomain();
+
+ void assosiateSubjectInContext(String securityDomain, Subject subject);
}
Added: trunk/jboss-integration/src/main/java/org/teiid/jboss/AssosiateCallerIdentityLoginModule.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/AssosiateCallerIdentityLoginModule.java (rev 0)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/AssosiateCallerIdentityLoginModule.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -0,0 +1,87 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.teiid.jboss;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SubjectInfo;
+import org.jboss.security.auth.spi.AbstractServerLoginModule;
+
+/**
+ * This login modules simply takes the subject in the current context and adds
+ * its principle to shared state. This is same as CallerIdentityLoginModule,
+ * just it does not extend the AbstractPasswordCredentialLoginModule
+ */
+public class AssosiateCallerIdentityLoginModule extends AbstractServerLoginModule {
+
+ private Principal principal;
+
+ public void initialize(Subject subject, CallbackHandler handler,
+ Map sharedState, Map options) {
+ super.initialize(subject, handler, sharedState, options);
+ }
+
+ /**
+ * Performs the login association between the caller and the resource for a
+ * 1 to 1 mapping. This acts as a login propagation strategy and is useful
+ * for single-sign on requirements
+ *
+ * @return True if authentication succeeds
+ * @throws LoginException
+ */
+ public boolean login() throws LoginException {
+
+ SecurityContext sc = SecurityActions.getSecurityContext();
+ SubjectInfo si = sc.getSubjectInfo();
+ Subject subject = si.getAuthenticatedSubject();
+
+ Set<Principal> principals = subject.getPrincipals();
+ this.principal = principals.iterator().next();
+
+ if (super.login() == true) {
+ return true;
+ }
+
+ // Put the principal name into the sharedState map
+ sharedState.put("javax.security.auth.login.name", principal.getName()); //$NON-NLS-1$
+ sharedState.put("javax.security.auth.login.password", ""); //$NON-NLS-1$ //$NON-NLS-2$
+ super.loginOk = true;
+
+ return true;
+ }
+
+ protected Principal getIdentity() {
+ return principal;
+ }
+
+ protected Group[] getRoleSets() throws LoginException {
+ return new Group[] {};
+ }
+}
Property changes on: trunk/jboss-integration/src/main/java/org/teiid/jboss/AssosiateCallerIdentityLoginModule.java
___________________________________________________________________
Added: svn:mime-type
+ text/plain
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/deployers/RuntimeEngineDeployer.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/deployers/RuntimeEngineDeployer.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/deployers/RuntimeEngineDeployer.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -244,7 +244,9 @@
if (this.odbcSocketConfiguration.getEnabled()) {
this.vdbRepository.odbcEnabled();
- this.odbcSocket = new ODBCSocketListener(this.odbcSocketConfiguration, this.dqpCore.getBufferManager(), offset, getMaxODBCLobSizeAllowed());
+ ODBCSocketListener odbc = new ODBCSocketListener(this.odbcSocketConfiguration, this.dqpCore.getBufferManager(), offset, getMaxODBCLobSizeAllowed(), this.logon);
+ odbc.setAuthenticationType(sessionService.getAuthType());
+ this.odbcSocket = odbc;
LogManager.logInfo(LogConstants.CTX_RUNTIME, IntegrationPlugin.Util.getString("odbc_enabled","Teiid ODBC - SSL=", (this.odbcSocketConfiguration.getSSLConfiguration().isSslEnabled()?"ON":"OFF")+" Host = "+this.odbcSocketConfiguration.getHostAddress().getHostName()+" Port = "+(this.odbcSocketConfiguration.getPortNumber()+offset))); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$ //$NON-NLS-6$
} else {
LogManager.logInfo(LogConstants.CTX_RUNTIME, IntegrationPlugin.Util.getString("odbc_not_enabled")); //$NON-NLS-1$
Modified: trunk/runtime/src/main/java/org/teiid/odbc/ODBCClientRemote.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/odbc/ODBCClientRemote.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/odbc/ODBCClientRemote.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -39,6 +39,12 @@
// AuthenticationCleartextPassword (B)
void useClearTextAuthentication();
+ // AuthenticationGSS (B)
+ void useAuthenticationGSS();
+
+ // AuthenticationGSSContinue (B)
+ void authenticationGSSContinue(byte[] serviceToken);
+
// AuthenticationOk (B)
// BackendKeyData (B)
// ParameterStatus (B)
@@ -101,9 +107,7 @@
// AuthenticationKerberosV5 (B)
// AuthenticationMD5Password (B)
// AuthenticationSCMCredential (B)
- // AuthenticationGSS (B)
// AuthenticationSSPI (B)
- // AuthenticationGSSContinue (B)
// CloseComplete (B)
Modified: trunk/runtime/src/main/java/org/teiid/odbc/ODBCServerRemote.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/odbc/ODBCServerRemote.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/odbc/ODBCServerRemote.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -23,12 +23,13 @@
import java.util.Properties;
+import org.teiid.transport.PgFrontendProtocol.NullTerminatedStringDataInputStream;
+
public interface ODBCServerRemote {
- enum AuthenticationType {CLEARTEXT, MD5};
void initialize(Properties props);
- void logon(String databaseName, String userid, String password);
+ void logon(String databaseName, String userid, NullTerminatedStringDataInputStream data);
void prepare(String prepareName, String sql, int[] paramType);
Modified: trunk/runtime/src/main/java/org/teiid/odbc/ODBCServerRemoteImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/odbc/ODBCServerRemoteImpl.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/odbc/ODBCServerRemoteImpl.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -40,6 +40,9 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import org.teiid.client.security.ILogon;
+import org.teiid.client.security.LogonException;
+import org.teiid.client.security.LogonResult;
import org.teiid.client.util.ResultsFuture;
import org.teiid.core.util.ApplicationInfo;
import org.teiid.core.util.StringUtil;
@@ -50,9 +53,11 @@
import org.teiid.jdbc.TeiidDriver;
import org.teiid.logging.LogConstants;
import org.teiid.logging.LogManager;
+import org.teiid.net.TeiidURL.CONNECTION.AuthenticationType;
import org.teiid.odbc.PGUtil.PgColInfo;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.transport.ODBCClientInstance;
+import org.teiid.transport.PgFrontendProtocol.NullTerminatedStringDataInputStream;
/**
* While executing the multiple prepared statements I see this bug currently
@@ -165,11 +170,13 @@
private Map<String, Prepared> preparedMap = Collections.synchronizedMap(new HashMap<String, Prepared>());
private Map<String, Portal> portalMap = Collections.synchronizedMap(new HashMap<String, Portal>());
private Map<String, Cursor> cursorMap = Collections.synchronizedMap(new HashMap<String, Cursor>());
+ private ILogon logon;
- public ODBCServerRemoteImpl(ODBCClientInstance client, AuthenticationType authType, TeiidDriver driver) {
+ public ODBCServerRemoteImpl(ODBCClientInstance client, AuthenticationType authType, TeiidDriver driver, ILogon logon) {
this.driver = driver;
this.client = client.getClient();
this.authType = authType;
+ this.logon = logon;
}
@Override
@@ -181,18 +188,39 @@
if (this.authType.equals(AuthenticationType.CLEARTEXT)) {
this.client.useClearTextAuthentication();
}
- else if (this.authType.equals(AuthenticationType.MD5)) {
- // TODO: implement MD5 auth type
+ else if (this.authType.equals(AuthenticationType.KRB5)) {
+ this.client.useAuthenticationGSS();
}
}
@Override
- public void logon(String databaseName, String user, String password) {
+ public void logon(String databaseName, String user, NullTerminatedStringDataInputStream data) {
try {
- java.util.Properties info = new java.util.Properties();
- String url = "jdbc:teiid:"+databaseName+";ApplicationName=ODBC"; //$NON-NLS-1$ //$NON-NLS-2$
+ java.util.Properties info = new java.util.Properties();
info.put("user", user); //$NON-NLS-1$
- info.put("password", password); //$NON-NLS-1$
+
+ String password = null;
+ String passthroughAuthentication = ""; //$NON-NLS-1$
+ if (authType.equals(AuthenticationType.CLEARTEXT)) {
+ password = data.readString();
+ }
+ else if (authType.equals(AuthenticationType.KRB5)) {
+ byte[] serviceToken = data.readServiceToken();
+ LogonResult result = this.logon.neogitiateGssLogin(this.props, serviceToken, false);
+ if ((Boolean)result.getProperty(ILogon.KRB5_ESTABLISHED)) {
+ serviceToken = (byte[])result.getProperty(ILogon.KRB5TOKEN);
+ this.client.authenticationGSSContinue(serviceToken);
+ return;
+ }
+ passthroughAuthentication = ";PassthroughAuthentication=true"; //$NON-NLS-1$
+ }
+
+ String url = "jdbc:teiid:"+databaseName+";ApplicationName=ODBC"+passthroughAuthentication; //$NON-NLS-1$ //$NON-NLS-2$
+
+ if (password != null) {
+ info.put("password", password); //$NON-NLS-1$
+ }
+
this.connection = (ConnectionImpl)driver.connect(url, info);
int hash = this.connection.getConnectionId().hashCode();
Enumeration keys = this.props.propertyNames();
@@ -207,7 +235,13 @@
} catch (SQLException e) {
errorOccurred(e);
terminate();
- }
+ } catch(LogonException e) {
+ errorOccurred(e);
+ terminate();
+ } catch (IOException e) {
+ errorOccurred(e);
+ terminate();
+ }
}
private void cursorExecute(final String cursorName, final String sql, final ResultsFuture<Integer> completion) {
Modified: trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -22,6 +22,8 @@
package org.teiid.services;
+import java.io.IOException;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -33,6 +35,12 @@
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -55,6 +63,7 @@
import org.teiid.logging.LogManager;
import org.teiid.net.ServerConnection;
import org.teiid.net.TeiidURL;
+import org.teiid.net.TeiidURL.CONNECTION.AuthenticationType;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
import org.teiid.security.SecurityHelper;
@@ -72,6 +81,8 @@
*/
private long sessionMaxLimit = DEFAULT_MAX_SESSIONS;
private long sessionExpirationTimeLimit = DEFAULT_SESSION_EXPIRATION;
+ private String authenticationType = AuthenticationType.CLEARTEXT.name();
+ private String krb5SecurityDomain;
/*
* Injected state
@@ -249,6 +260,31 @@
}
@Override
+ public LoginContext createLoginContext(final String securityDomain, final String user, final String password) throws LoginException{
+ CallbackHandler handler = new CallbackHandler() {
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof NameCallback) {
+ NameCallback nc = (NameCallback)callbacks[i];
+ nc.setName(user);
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ PasswordCallback pc = (PasswordCallback)callbacks[i];
+ if (password != null) {
+ pc.setPassword(password.toCharArray());
+ }
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); //$NON-NLS-1$
+ }
+ }
+ }
+ };
+
+ TeiidLoginContext context = new TeiidLoginContext(this.securityHelper);
+ return context.createLoginContext(securityDomain, handler);
+ }
+
+ @Override
public Collection<SessionMetadata> getActiveSessions() throws SessionServiceException {
return new ArrayList<SessionMetadata>(this.sessionCache.values());
}
@@ -333,8 +369,18 @@
public void setSessionExpirationTimeLimit(long limit) {
this.sessionExpirationTimeLimit = limit;
- }
+ }
+ @Override
+ public AuthenticationType getAuthType() {
+ return AuthenticationType.valueOf(this.authenticationType);
+ }
+
+ public void setAuthenticationType(String flag) {
+ this.authenticationType = flag;
+ LogManager.logInfo(LogConstants.CTX_SECURITY, "Authentication Type set to: "+flag); //$NON-NLS-1$
+ }
+
public void setSecurityDomains(String domainNameOrder) {
if (domainNameOrder != null && domainNameOrder.trim().length()>0) {
LogManager.logInfo(LogConstants.CTX_SECURITY, "Security Enabled: true"); //$NON-NLS-1$
@@ -345,7 +391,7 @@
}
}
}
-
+
public void setAdminSecurityDomain(String domain) {
this.adminSecurityDomains.add(domain);
LogManager.logInfo(LogConstants.CTX_SECURITY, "Admin Security Enabled: true"); //$NON-NLS-1$
@@ -376,4 +422,23 @@
public void setDqp(DQPCore dqp) {
this.dqp = dqp;
}
+
+ @Override
+ public void assosiateSubjectInContext(String securityDomain, Subject subject) {
+ Principal principal = null;
+ for(Principal p:subject.getPrincipals()) {
+ principal = p;
+ break;
+ }
+ this.securityHelper.assosiateSecurityContext(securityDomain, this.securityHelper.createSecurityContext(securityDomain, principal, null, subject));
+ }
+
+ public void setKrb5SecurityDomain(String domain) {
+ this.krb5SecurityDomain = domain;
+ }
+
+ @Override
+ public String getKrb5SecurityDomain(){
+ return this.krb5SecurityDomain;
+ }
}
Modified: trunk/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -137,7 +137,7 @@
return null;
}
- protected LoginContext createLoginContext(String domain, CallbackHandler handler) throws LoginException {
+ public LoginContext createLoginContext(String domain, CallbackHandler handler) throws LoginException {
return new LoginContext(domain, handler);
}
Modified: trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -22,11 +22,18 @@
package org.teiid.transport;
+import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Properties;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.client.security.ILogon;
import org.teiid.client.security.InvalidSessionException;
@@ -34,7 +41,6 @@
import org.teiid.client.security.LogonResult;
import org.teiid.client.security.SessionToken;
import org.teiid.client.util.ResultsFuture;
-import org.teiid.core.ComponentNotFoundException;
import org.teiid.core.CoreConstants;
import org.teiid.core.TeiidComponentException;
import org.teiid.dqp.internal.process.DQPWorkContext;
@@ -44,6 +50,8 @@
import org.teiid.logging.LogManager;
import org.teiid.net.CommunicationException;
import org.teiid.net.TeiidURL;
+import org.teiid.net.TeiidURL.CONNECTION.AuthenticationType;
+import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
@@ -57,8 +65,15 @@
this.clusterName = clusterName;
}
- public LogonResult logon(Properties connProps) throws LogonException,
- ComponentNotFoundException {
+ public LogonResult logon(Properties connProps) throws LogonException, TeiidComponentException, CommunicationException {
+ if (!AuthenticationType.CLEARTEXT.equals(service.getAuthType())) {
+ throw new LogonException(RuntimePlugin.Util.getString("wrong_logon_type_jaas")); //$NON-NLS-1$
+ }
+ return logon(connProps, null);
+ }
+
+
+ private LogonResult logon(Properties connProps, byte[] krb5ServiceTicket) throws LogonException {
DQPWorkContext workContext = DQPWorkContext.getWorkContext();
String oldSessionId = workContext.getSessionId();
String applicationName = connProps.getProperty(TeiidURL.CONNECTION.APP_NAME);
@@ -84,14 +99,88 @@
} catch (InvalidSessionException e) {
}
}
- return new LogonResult(sessionInfo.getSessionToken(), sessionInfo.getVDBName(), sessionInfo.getVDBVersion(), clusterName);
+ LogonResult result = new LogonResult(sessionInfo.getSessionToken(), sessionInfo.getVDBName(), sessionInfo.getVDBVersion(), clusterName);
+ if (krb5ServiceTicket != null) {
+ result.addProperty(ILogon.KRB5TOKEN, krb5ServiceTicket);
+ }
+ return result;
} catch (LoginException e) {
throw new LogonException(e.getMessage());
} catch (SessionServiceException e) {
throw new LogonException(e, e.getMessage());
}
}
-
+
+ class GssAction implements PrivilegedAction<GSSResult> {
+ byte[] serviceTicket;
+
+ public GssAction(byte[] ticket) {
+ this.serviceTicket = ticket;
+ }
+
+ @Override
+ public GSSResult run() {
+ GSSContext context = null;
+ try {
+ GSSManager manager = GSSManager.getInstance();
+ context = manager.createContext((GSSCredential)null);
+ this.serviceTicket = context.acceptSecContext(this.serviceTicket, 0, this.serviceTicket.length);
+ return new GSSResult(context, serviceTicket);
+ } catch (GSSException e) {
+ LogManager.logError(LogConstants.CTX_SECURITY, e, "Kerberos context login failed"); //$NON-NLS-1$
+ }
+ return null;
+ }
+ }
+
+ class GSSResult {
+ GSSContext context;
+ byte[] serviceTicket;
+ public GSSResult(GSSContext context, byte[] serviceTicket) {
+ this.context = context;
+ this.serviceTicket = serviceTicket;
+ }
+ }
+
+ @Override
+ public LogonResult neogitiateGssLogin(Properties connProps, byte[] serviceTicket, boolean createSession) throws LogonException {
+
+ if (!AuthenticationType.KRB5.equals(service.getAuthType())) {
+ throw new LogonException(RuntimePlugin.Util.getString("wrong_logon_type_krb5")); //$NON-NLS-1$
+ }
+
+ String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
+ String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
+
+ try {
+ String securityDomain = service.getKrb5SecurityDomain();
+ if (securityDomain == null) {
+ throw new LogonException(RuntimePlugin.Util.getString("no_security_domains")); //$NON-NLS-1$
+ }
+ // If this KRB5 and using keytab, user and password callback handler never gets called
+ LoginContext ctx = service.createLoginContext(securityDomain, user, password);
+ ctx.login();
+ Subject subject = ctx.getSubject();
+ GSSResult result = Subject.doAs(subject, new GssAction(serviceTicket));
+ if (result == null) {
+ throw new LogonException(RuntimePlugin.Util.getString("krb5_login_failed")); //$NON-NLS-1$
+ }
+ if (!result.context.isEstablished() || !createSession) {
+ LogonResult logonResult = new LogonResult(new SessionToken(0, "temp"), "internal", 0, "internal"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ logonResult.addProperty(ILogon.KRB5TOKEN, result.serviceTicket);
+ logonResult.addProperty(ILogon.KRB5_ESTABLISHED, new Boolean(result.context.isEstablished()));
+ return logonResult;
+ }
+
+ LogManager.logDetail(LogConstants.CTX_SECURITY, "Kerberos context established"); //$NON-NLS-1$
+ //connProps.setProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, "true"); //$NON-NLS-1$
+ service.assosiateSubjectInContext(securityDomain, subject);
+ return logon(connProps, result.serviceTicket);
+ } catch (LoginException e) {
+ throw new LogonException(e, RuntimePlugin.Util.getString("krb5_login_failed")); //$NON-NLS-1$
+ }
+ }
+
private String updateDQPContext(SessionMetadata s) {
String sessionID = s.getSessionId();
Modified: trunk/runtime/src/main/java/org/teiid/transport/ODBCClientInstance.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/ODBCClientInstance.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/transport/ODBCClientInstance.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -28,12 +28,14 @@
import java.util.Arrays;
import java.util.concurrent.ConcurrentLinkedQueue;
+import org.teiid.client.security.ILogon;
import org.teiid.core.util.ReflectionHelper;
import org.teiid.jdbc.TeiidDriver;
import org.teiid.logging.LogConstants;
import org.teiid.logging.LogManager;
import org.teiid.logging.MessageLevel;
import org.teiid.net.CommunicationException;
+import org.teiid.net.TeiidURL.CONNECTION.AuthenticationType;
import org.teiid.net.socket.ObjectChannel;
import org.teiid.net.socket.ServiceInvocationStruct;
import org.teiid.odbc.ODBCClientRemote;
@@ -48,7 +50,7 @@
private ReflectionHelper serverProxy = new ReflectionHelper(ODBCServerRemote.class);
private ConcurrentLinkedQueue<PGRequest> messageQueue = new ConcurrentLinkedQueue<PGRequest>();
- public ODBCClientInstance(final ObjectChannel channel, ODBCServerRemote.AuthenticationType authType, TeiidDriver driver) {
+ public ODBCClientInstance(final ObjectChannel channel, AuthenticationType authType, TeiidDriver driver, ILogon logonService) {
this.client = (ODBCClientRemote)Proxy.newProxyInstance(this.getClass().getClassLoader(), new Class[] {ODBCClientRemote.class}, new InvocationHandler() {
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
@@ -60,7 +62,7 @@
return null;
}
});
- this.server = new ODBCServerRemoteImpl(this, authType, driver) {
+ this.server = new ODBCServerRemoteImpl(this, authType, driver, logonService) {
@Override
protected synchronized void doneExecuting() {
super.doneExecuting();
Modified: trunk/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -25,20 +25,22 @@
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.DefaultChannelPipeline;
+import org.teiid.client.security.ILogon;
import org.teiid.common.buffer.StorageManager;
import org.teiid.core.TeiidException;
import org.teiid.jdbc.EmbeddedProfile;
import org.teiid.jdbc.TeiidDriver;
import org.teiid.net.ServerConnection;
+import org.teiid.net.TeiidURL.CONNECTION.AuthenticationType;
import org.teiid.net.socket.ObjectChannel;
-import org.teiid.odbc.ODBCServerRemote;
public class ODBCSocketListener extends SocketListener {
- private ODBCServerRemote.AuthenticationType authType = ODBCServerRemote.AuthenticationType.CLEARTEXT;
+ private AuthenticationType authType = AuthenticationType.CLEARTEXT;
private int maxLobSize;
private TeiidDriver driver;
+ private ILogon logonService;
- public ODBCSocketListener(SocketConfiguration config, StorageManager storageManager, int portOffset, int maxLobSize) {
+ public ODBCSocketListener(SocketConfiguration config, StorageManager storageManager, int portOffset, int maxLobSize, ILogon logon) {
//the clientserviceregistry isn't actually used by ODBC
super(config, new ClientServiceRegistryImpl(ClientServiceRegistry.Type.ODBC), storageManager, portOffset);
this.maxLobSize = maxLobSize;
@@ -51,6 +53,7 @@
return new LocalServerConnection(info, false);
}
});
+ this.logonService = logon;
}
public void setDriver(TeiidDriver driver) {
@@ -73,11 +76,11 @@
@Override
public ChannelListener createChannelListener(ObjectChannel channel) {
- return new ODBCClientInstance(channel, this.authType, driver);
+ return new ODBCClientInstance(channel, this.authType, driver, logonService);
}
- public void setAuthenticationType(String value) {
- this.authType = ODBCServerRemote.AuthenticationType.valueOf(value);
+ public void setAuthenticationType(AuthenticationType value) {
+ this.authType = value;
}
}
Modified: trunk/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -254,6 +254,24 @@
}
@Override
+ public void useAuthenticationGSS() {
+ try {
+ sendAuthenticationGSS();
+ } catch (IOException e) {
+ terminate(e);
+ }
+ }
+
+ @Override
+ public void authenticationGSSContinue(byte[] serviceToken) {
+ try {
+ sendAuthenticationGSSContinue(serviceToken);
+ } catch (IOException e) {
+ terminate(e);
+ }
+ }
+
+ @Override
public void authenticationSucess(int processId, int screctKey) {
try {
sendAuthenticationOk();
@@ -749,7 +767,20 @@
writeInt(3);
sendMessage();
}
-
+
+ private void sendAuthenticationGSS() throws IOException {
+ startMessage('R');
+ writeInt(7);
+ sendMessage();
+ }
+
+ private void sendAuthenticationGSSContinue(byte[] serviceToken) throws IOException {
+ startMessage('R');
+ writeInt(8);
+ write(serviceToken);
+ sendMessage();
+ }
+
private void sendAuthenticationOk() throws IOException {
startMessage('R');
writeInt(0);
@@ -918,6 +949,5 @@
default:
return PG_TYPE_UNKNOWN;
}
- }
-
+ }
}
Modified: trunk/runtime/src/main/java/org/teiid/transport/PgFrontendProtocol.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/PgFrontendProtocol.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/java/org/teiid/transport/PgFrontendProtocol.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -131,7 +131,7 @@
byte[] data = createByteArray(this.dataLength - 4);
buffer.readBytes(data);
- createRequestMessage(this.messageType, new NullTerminatedStringDataInputStream(new DataInputStream(new ByteArrayInputStream(data, 0, this.dataLength-4)), this.encoding));
+ createRequestMessage(this.messageType, new NullTerminatedStringDataInputStream(data, new DataInputStream(new ByteArrayInputStream(data, 0, this.dataLength-4)), this.encoding));
this.dataLength = null;
this.messageType = null;
return message;
@@ -223,8 +223,7 @@
}
private Object buildLogin(NullTerminatedStringDataInputStream data) throws IOException{
- String password = data.readString();
- this.odbcProxy.logon(this.databaseName, this.user, password);
+ this.odbcProxy.logon(this.databaseName, this.user, data);
return message;
}
@@ -403,12 +402,14 @@
ServiceInvocationStruct struct;
}
- static class NullTerminatedStringDataInputStream extends DataInputStream{
+ public static class NullTerminatedStringDataInputStream extends DataInputStream{
private Charset encoding;
+ private byte[] rawData;
- public NullTerminatedStringDataInputStream(DataInputStream in, Charset encoding) {
+ public NullTerminatedStringDataInputStream(byte[] rawData, DataInputStream in, Charset encoding) {
super(in);
this.encoding = encoding;
+ this.rawData = rawData;
}
public String readString() throws IOException {
@@ -422,6 +423,10 @@
}
return new String(buff.toByteArray(), this.encoding);
}
+
+ public byte[] readServiceToken() {
+ return this.rawData;
+ }
}
private static void trace(Object... msg) {
Modified: trunk/runtime/src/main/resources/org/teiid/runtime/i18n.properties
===================================================================
--- trunk/runtime/src/main/resources/org/teiid/runtime/i18n.properties 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/main/resources/org/teiid/runtime/i18n.properties 2011-08-15 18:31:49 UTC (rev 3382)
@@ -94,4 +94,8 @@
SSLConfiguration.no_anonymous=The anonymous cipher suite TLS_DH_anon_WITH_AES_128_CBC_SHA is not available. Please change the transport to be non-SSL or use non-anonymous SSL.
execution_failed=Cursor execution failed
-PgBackendProtocol.ssl_error=Could not initialize ODBC SSL. non-SSL connections will still be allowed.
\ No newline at end of file
+PgBackendProtocol.ssl_error=Could not initialize ODBC SSL. non-SSL connections will still be allowed.
+wrong_logon_type_jaas = Wrong logon method is being used. Server is not set up for JAAS based authentication. Correct your client's 'AuthenticationType' property.
+wrong_logon_type_krb5 = Wrong logon method is being used. Server is not set up for Kerberos based authentication. Correct your client's 'AuthenticationType' property.
+krb5_login_failed=Kerberos context login failed
+no_security_domains=No security domain configured for Kerberos authentication. Can not authenticate.
\ No newline at end of file
Modified: trunk/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java
===================================================================
--- trunk/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -34,12 +34,14 @@
import org.teiid.dqp.internal.process.DQPWorkContext;
import org.teiid.dqp.service.SessionService;
import org.teiid.net.TeiidURL;
+import org.teiid.net.TeiidURL.CONNECTION.AuthenticationType;
public class TestLogonImpl extends TestCase {
public void testLogonResult() throws Exception {
SessionService ssi = Mockito.mock(SessionService.class);
+ Mockito.stub(ssi.getAuthType()).toReturn(AuthenticationType.CLEARTEXT);
DQPWorkContext.setWorkContext(new DQPWorkContext());
String userName = "Fred"; //$NON-NLS-1$
String applicationName = "test"; //$NON-NLS-1$
Modified: trunk/runtime/src/test/java/org/teiid/transport/TestSocketRemoting.java
===================================================================
--- trunk/runtime/src/test/java/org/teiid/transport/TestSocketRemoting.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/runtime/src/test/java/org/teiid/transport/TestSocketRemoting.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -193,6 +193,13 @@
TeiidComponentException {
}
+ @Override
+ public LogonResult neogitiateGssLogin(
+ Properties connectionProperties, byte[] serviceToken, boolean createSession)
+ throws LogonException {
+ return null;
+ }
+
}, "foo"); //$NON-NLS-1$
csr.registerClientService(FakeService.class, new FakeServiceImpl(), "foo"); //$NON-NLS-1$
final FakeClientServerInstance serverInstance = new FakeClientServerInstance(csr);
Modified: trunk/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java
===================================================================
--- trunk/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java 2011-08-15 18:31:49 UTC (rev 3382)
@@ -47,7 +47,9 @@
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
+import org.mockito.Mockito;
import org.postgresql.Driver;
+import org.teiid.client.security.ILogon;
import org.teiid.common.buffer.BufferManagerFactory;
import org.teiid.core.util.UnitTestUtil;
import org.teiid.jdbc.FakeServer;
@@ -127,7 +129,7 @@
addr = new InetSocketAddress(0);
config.setBindAddress(addr.getHostName());
config.setPortNumber(0);
- odbcTransport = new ODBCSocketListener(config, BufferManagerFactory.getStandaloneBufferManager(), 0, 100000);
+ odbcTransport = new ODBCSocketListener(config, BufferManagerFactory.getStandaloneBufferManager(), 0, 100000, Mockito.mock(ILogon.class));
FakeServer server = new FakeServer();
server.setUseCallingThread(false);
Modified: trunk/test-integration/pom.xml
===================================================================
--- trunk/test-integration/pom.xml 2011-08-15 15:36:27 UTC (rev 3381)
+++ trunk/test-integration/pom.xml 2011-08-15 18:31:49 UTC (rev 3382)
@@ -14,7 +14,7 @@
<properties>
<derby.version>10.2.1.6</derby.version>
<mysql.connector.version>5.1.5</mysql.connector.version>
- <postgresql.version>8.3-603.jdbc3</postgresql.version>
+ <postgresql.version>8.4-702.jdbc4</postgresql.version>
<apache.ant.version>1.7.0</apache.ant.version>
</properties>
More information about the teiid-commits
mailing list