[teiid-commits] teiid SVN: r4024 - in branches/8.0.x/engine/src: test/java/org/teiid/dqp/internal/process and 1 other directory.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Fri Apr 20 12:29:17 EDT 2012
Author: shawkins
Date: 2012-04-20 12:29:16 -0400 (Fri, 20 Apr 2012)
New Revision: 4024
Modified:
branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java
branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/PreparedStatementRequest.java
branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/Request.java
branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/RequestWorkItem.java
branches/8.0.x/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java
Log:
TEIID-2009 allowing for a custom AuthorizationValidator to modify the command
Modified: branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
===================================================================
--- branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java 2012-04-20 14:50:45 UTC (rev 4023)
+++ branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java 2012-04-20 16:29:16 UTC (rev 4024)
@@ -33,8 +33,34 @@
*/
public interface AuthorizationValidator {
- void validate(Command command, QueryMetadataInterface metadata, CommandContext commandContext) throws QueryValidatorException, TeiidComponentException;
+ enum CommandType {
+ USER,
+ PREPARED,
+ CACHED
+ }
+ /**
+ * Validates the given command. If the command is not a {@link CommandType#USER} command, the command object should not be modified.
+ * Any modification must be fully resolved using the associated {@link QueryMetadataInterface}. Returning true for a
+ * {@link CommandType#PREPARED} or {@link CommandType#CACHED} commands means that the matching prepared plan or cache entry
+ * will not be used.
+ * @param originalSql array of commands will typically contain only a single string, but may have multiple for batched updates.
+ * @param command the parsed and resolved command.
+ * @param metadata
+ * @param commandContext
+ * @param commandType
+ * @return true if the USER command was modified, or if the non-USER command should be modified.
+ * @throws QueryValidatorException
+ * @throws TeiidComponentException
+ */
+ boolean validate(String[] originalSql, Command command, QueryMetadataInterface metadata, CommandContext commandContext, CommandType commandType) throws QueryValidatorException, TeiidComponentException;
+
+ /**
+ *
+ * @param roleName
+ * @param commandContext
+ * @return true if the current user has the given role
+ */
boolean hasRole(String roleName, CommandContext commandContext);
boolean isEnabled();
Modified: branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java
===================================================================
--- branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java 2012-04-20 14:50:45 UTC (rev 4023)
+++ branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java 2012-04-20 16:29:16 UTC (rev 4024)
@@ -41,11 +41,15 @@
}
@Override
- public void validate(Command command, QueryMetadataInterface metadata, CommandContext commandContext) throws QueryValidatorException, TeiidComponentException {
+ public boolean validate(String[] originalSql, Command command,
+ QueryMetadataInterface metadata, CommandContext commandContext,
+ CommandType commandType) throws QueryValidatorException,
+ TeiidComponentException {
if (enabled && policyDecider.validateCommand(commandContext)) {
AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(this.policyDecider, commandContext);
Request.validateWithVisitor(visitor, metadata, command);
}
+ return false;
}
@Override
Modified: branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/PreparedStatementRequest.java
===================================================================
--- branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/PreparedStatementRequest.java 2012-04-20 14:50:45 UTC (rev 4023)
+++ branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/PreparedStatementRequest.java 2012-04-20 16:29:16 UTC (rev 4024)
@@ -35,6 +35,7 @@
import org.teiid.core.TeiidComponentException;
import org.teiid.core.TeiidProcessingException;
import org.teiid.core.types.DataTypeManager;
+import org.teiid.dqp.internal.process.AuthorizationValidator.CommandType;
import org.teiid.dqp.internal.process.SessionAwareCache.CacheID;
import org.teiid.logging.LogConstants;
import org.teiid.logging.LogManager;
@@ -131,6 +132,21 @@
String sqlQuery = requestMsg.getCommands()[0];
CacheID id = new CacheID(this.workContext, Request.createParseInfo(this.requestMsg), sqlQuery);
prepPlan = prepPlanCache.get(id);
+
+ if (prepPlan != null) {
+ ProcessorPlan cachedPlan = prepPlan.getPlan();
+ this.userCommand = prepPlan.getCommand();
+ if (validateAccess(requestMsg.getCommands(), userCommand, CommandType.PREPARED)) {
+ LogManager.logDetail(LogConstants.CTX_DQP, requestId, "AuthorizationValidator indicates that the prepared plan for command will not be used"); //$NON-NLS-1$
+ prepPlan = null;
+ } else {
+ LogManager.logTrace(LogConstants.CTX_DQP, new Object[] { "Query exist in cache: ", sqlQuery }); //$NON-NLS-1$
+ processPlan = cachedPlan.clone();
+ //already in cache. obtain the values from cache
+ analysisRecord = prepPlan.getAnalysisRecord();
+ }
+ }
+
if (prepPlan == null) {
//if prepared plan does not exist, create one
prepPlan = new PreparedPlan();
@@ -149,15 +165,7 @@
}
this.prepPlanCache.put(id, determinismLevel, prepPlan, userCommand.getCacheHint() != null?userCommand.getCacheHint().getTtl():null);
- }
- } else {
- ProcessorPlan cachedPlan = prepPlan.getPlan();
- this.userCommand = prepPlan.getCommand();
- validateAccess(userCommand);
- LogManager.logTrace(LogConstants.CTX_DQP, new Object[] { "Query exist in cache: ", sqlQuery }); //$NON-NLS-1$
- processPlan = cachedPlan.clone();
- //already in cache. obtain the values from cache
- analysisRecord = prepPlan.getAnalysisRecord();
+ }
}
if (requestMsg.isBatchedUpdate()) {
Modified: branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/Request.java
===================================================================
--- branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/Request.java 2012-04-20 14:50:45 UTC (rev 4023)
+++ branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/Request.java 2012-04-20 16:29:16 UTC (rev 4024)
@@ -46,6 +46,7 @@
import org.teiid.core.types.DataTypeManager;
import org.teiid.core.util.Assertion;
import org.teiid.dqp.internal.datamgr.ConnectorManagerRepository;
+import org.teiid.dqp.internal.process.AuthorizationValidator.CommandType;
import org.teiid.dqp.internal.process.multisource.MultiSourceCapabilitiesFinder;
import org.teiid.dqp.internal.process.multisource.MultiSourceMetadataWrapper;
import org.teiid.dqp.internal.process.multisource.MultiSourcePlanToProcessConverter;
@@ -283,8 +284,6 @@
//ensure that the user command is distinct from the processing command
//rewrite and planning may alter options, symbols, etc.
QueryResolver.resolveCommand(command, metadata);
-
- this.userCommand = (Command)command.clone();
}
private void validateQuery(Command command)
@@ -386,8 +385,10 @@
resolveCommand(command);
- validateAccess(userCommand);
+ validateAccess(requestMsg.getCommands(), command, CommandType.USER);
+ this.userCommand = (Command) command.clone();
+
Collection<GroupSymbol> groups = GroupCollectorVisitor.getGroups(command, true);
for (GroupSymbol groupSymbol : groups) {
if (groupSymbol.isTempTable()) {
@@ -465,11 +466,14 @@
this.context.setValidateXML(requestMsg.getValidationMode());
}
- protected void validateAccess(Command command) throws QueryValidatorException, TeiidComponentException {
- createCommandContext(command);
+ protected boolean validateAccess(String[] commandStr, Command command, CommandType type) throws QueryValidatorException, TeiidComponentException {
+ if (context == null) {
+ createCommandContext(command);
+ }
if (this.authorizationValidator != null) {
- this.authorizationValidator.validate(command, metadata, context);
+ return this.authorizationValidator.validate(commandStr, command, metadata, context, type);
}
+ return false;
}
public void setExecutor(Executor executor) {
Modified: branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/RequestWorkItem.java
===================================================================
--- branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/RequestWorkItem.java 2012-04-20 14:50:45 UTC (rev 4023)
+++ branches/8.0.x/engine/src/main/java/org/teiid/dqp/internal/process/RequestWorkItem.java 2012-04-20 16:29:16 UTC (rev 4024)
@@ -45,12 +45,12 @@
import org.teiid.common.buffer.TupleBatch;
import org.teiid.common.buffer.TupleBuffer;
import org.teiid.common.buffer.BufferManager.TupleSourceType;
-import org.teiid.core.BundleUtil;
import org.teiid.core.TeiidComponentException;
import org.teiid.core.TeiidException;
import org.teiid.core.TeiidProcessingException;
import org.teiid.core.TeiidRuntimeException;
import org.teiid.core.types.DataTypeManager;
+import org.teiid.dqp.internal.process.AuthorizationValidator.CommandType;
import org.teiid.dqp.internal.process.DQPCore.CompletionListener;
import org.teiid.dqp.internal.process.DQPCore.FutureWork;
import org.teiid.dqp.internal.process.SessionAwareCache.CacheID;
@@ -520,9 +520,11 @@
this.resultsBuffer = cr.getResults();
request.initMetadata();
this.originalCommand = cr.getCommand(requestMsg.getCommandString(), request.metadata, pi);
- request.validateAccess(this.originalCommand);
- this.doneProducingBatches();
- return;
+ if (!request.validateAccess(requestMsg.getCommands(), this.originalCommand, CommandType.CACHED)) {
+ this.doneProducingBatches();
+ return;
+ }
+ LogManager.logDetail(LogConstants.CTX_DQP, requestID, "Cached result command to be modified, will not use the cached results", cacheId); //$NON-NLS-1$
}
} else {
LogManager.logDetail(LogConstants.CTX_DQP, requestID, "Parameters are not serializable - cache cannot be used for", cacheId); //$NON-NLS-1$
Modified: branches/8.0.x/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java
===================================================================
--- branches/8.0.x/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java 2012-04-20 14:50:45 UTC (rev 4023)
+++ branches/8.0.x/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java 2012-04-20 16:29:16 UTC (rev 4024)
@@ -35,6 +35,7 @@
import org.teiid.core.TeiidProcessingException;
import org.teiid.dqp.internal.datamgr.ConnectorManagerRepository;
import org.teiid.dqp.internal.datamgr.FakeTransactionService;
+import org.teiid.dqp.internal.process.AuthorizationValidator.CommandType;
import org.teiid.dqp.service.AutoGenDataService;
import org.teiid.query.metadata.QueryMetadataInterface;
import org.teiid.query.parser.QueryParser;
@@ -88,10 +89,9 @@
drpd.setAllowFunctionCallsByDefault(true);
drav.setPolicyDecider(drpd);
request.setAuthorizationValidator(drav);
- request.validateAccess(command);
+ request.validateAccess(new String[] {QUERY}, command, CommandType.USER);
}
-
/**
* Test Request.processRequest().
* Test processing the same query twice, and make sure that doesn't cause problems.
@@ -165,7 +165,7 @@
DQPWorkContext workContext = RealMetadataFactory.buildWorkContext(metadata, RealMetadataFactory.example1VDB());
message.setStatementType(StatementType.PREPARED);
- message.setParameterValues(new ArrayList());
+ message.setParameterValues(new ArrayList<Object>());
helpProcessMessage(message, cache, workContext);
@@ -173,7 +173,7 @@
//If this doesn't throw an exception, assume it was successful.
message = new RequestMessage(QUERY);
message.setStatementType(StatementType.PREPARED);
- message.setParameterValues(new ArrayList());
+ message.setParameterValues(new ArrayList<Object>());
helpProcessMessage(message, cache, workContext);
}
More information about the teiid-commits
mailing list