[teiid-commits] teiid SVN: r4129 - in trunk: engine/src/main/java/org/teiid/dqp/service and 5 other directories.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Mon May 21 11:16:47 EDT 2012
Author: shawkins
Date: 2012-05-21 11:16:44 -0400 (Mon, 21 May 2012)
New Revision: 4129
Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java
trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java
Log:
TEIID-2055 forward merge with minor changes
Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-21 14:56:10 UTC (rev 4128)
+++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-21 15:16:44 UTC (rev 4129)
@@ -103,13 +103,13 @@
}
public static void setWorkContext(DQPWorkContext context) {
- CONTEXTS.set(context);
+ if (context == null) {
+ CONTEXTS.remove();
+ } else {
+ CONTEXTS.set(context);
+ }
}
- public static void releaseWorkContext() {
- CONTEXTS.set(null);
- }
-
private SessionMetadata session = new SessionMetadata();
private String clientAddress;
private String clientHostname;
@@ -236,29 +236,21 @@
public void runInContext(final Runnable runnable) {
DQPWorkContext previous = DQPWorkContext.getWorkContext();
- boolean associated = attachDQPWorkContext();
+ DQPWorkContext.setWorkContext(this);
+ Object previousSecurityContext = null;
+ if (securityHelper != null) {
+ previousSecurityContext = securityHelper.associateSecurityContext(this.getSecurityContext());
+ }
try {
runnable.run();
} finally {
- if (associated) {
- securityHelper.clearSecurityContext();
+ if (securityHelper != null) {
+ securityHelper.associateSecurityContext(previousSecurityContext);
}
- DQPWorkContext.releaseWorkContext();
- if (previous != null) {
- previous.attachDQPWorkContext();
- }
+ DQPWorkContext.setWorkContext(previous);
}
}
- private boolean attachDQPWorkContext() {
- DQPWorkContext.setWorkContext(this);
- boolean associated = false;
- if (securityHelper != null && this.getSubject() != null) {
- associated = securityHelper.associateSecurityContext(this.getSecurityContext());
- }
- return associated;
- }
-
public HashMap<String, DataPolicy> getAllowedDataPolicies() {
if (this.policies == null) {
this.policies = new HashMap<String, DataPolicy>();
Modified: trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-21 14:56:10 UTC (rev 4128)
+++ trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-21 15:16:44 UTC (rev 4129)
@@ -25,7 +25,6 @@
import java.util.Collection;
import java.util.Properties;
-import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -34,6 +33,7 @@
import org.teiid.dqp.internal.process.DQPCore;
import org.teiid.net.socket.AuthenticationType;
import org.teiid.security.Credentials;
+import org.teiid.security.SecurityHelper;
/**
@@ -148,9 +148,5 @@
String getGssSecurityDomain();
- boolean associateSubjectInContext(String securityDomain, Subject subject);
-
- Subject getSubjectInContext(String securityDomain);
-
- public void clearSubjectInContext();
+ SecurityHelper getSecurityHelper();
}
Modified: trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-21 14:56:10 UTC (rev 4128)
+++ trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-21 15:16:44 UTC (rev 4129)
@@ -28,7 +28,7 @@
public interface SecurityHelper {
- boolean associateSecurityContext(Object context);
+ Object associateSecurityContext(Object context);
void clearSecurityContext();
Modified: trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
===================================================================
--- trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java 2012-05-21 14:56:10 UTC (rev 4128)
+++ trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java 2012-05-21 15:16:44 UTC (rev 4129)
@@ -22,29 +22,25 @@
package org.teiid.dqp.internal.process;
+import static org.junit.Assert.*;
+
+import java.security.Principal;
import java.util.Map;
+import javax.security.auth.Subject;
+
+import org.junit.Test;
import org.mockito.Mockito;
import org.teiid.adminapi.DataPolicy;
import org.teiid.adminapi.impl.DataPolicyMetadata;
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.adminapi.impl.VDBMetaData;
import org.teiid.core.util.UnitTestUtil;
+import org.teiid.security.SecurityHelper;
-import junit.framework.TestCase;
+public class TestDQPWorkContext {
-public class TestDQPWorkContext extends TestCase {
-
- /**
- * Constructor for TestRequestMessage.
- *
- * @param name
- */
- public TestDQPWorkContext(String name) {
- super(name);
- }
-
public static DQPWorkContext example() {
DQPWorkContext message = new DQPWorkContext();
message.getSession().setVDBName("vdbName"); //$NON-NLS-1$
@@ -55,7 +51,7 @@
return message;
}
- public void testSerialize() throws Exception {
+ @Test public void testSerialize() throws Exception {
DQPWorkContext copy = UnitTestUtil.helpSerialize(example());
assertEquals("5", copy.getSessionId()); //$NON-NLS-1$
@@ -64,9 +60,8 @@
assertEquals(1, copy.getVdbVersion());
assertEquals("querybuilder", copy.getAppName()); //$NON-NLS-1$
}
-
- public void testClearPolicies() {
+ @Test public void testClearPolicies() {
DQPWorkContext message = new DQPWorkContext();
message.setSession(Mockito.mock(SessionMetadata.class));
Mockito.stub(message.getSession().getVdb()).toReturn(new VDBMetaData());
@@ -80,7 +75,7 @@
assertTrue(map.isEmpty());
}
- public void testAnyAuthenticated() {
+ @Test public void testAnyAuthenticated() {
DQPWorkContext message = new DQPWorkContext();
message.setSession(Mockito.mock(SessionMetadata.class));
VDBMetaData vdb = new VDBMetaData();
@@ -92,4 +87,62 @@
Map<String, DataPolicy> map = message.getAllowedDataPolicies();
assertEquals(1, map.size());
}
+
+ @Test public void testRestoreSecurityContext() {
+ final SecurityHelper sc = new SecurityHelper() {
+ Object mycontext = null;
+
+ @Override
+ public boolean sameSubject(String securityDomain, Object context, Subject subject) {
+ return mycontext == context;
+ }
+ @Override
+ public Subject getSubjectInContext(String securityDomain) {
+ return null;
+ }
+ @Override
+ public Object getSecurityContext(String securityDomain) {
+ return this.mycontext;
+ }
+ @Override
+ public Object createSecurityContext(String securityDomain, Principal p,Object credentials, Subject subject) {
+ return securityDomain+"SC"; //$NON-NLS-1$
+ }
+ @Override
+ public void clearSecurityContext() {
+ this.mycontext = null;
+ }
+ @Override
+ public Object associateSecurityContext(Object context) {
+ Object old = mycontext;
+ this.mycontext = context;
+ return old;
+ }
+ };
+ Object previousSC = sc.createSecurityContext("test", null, null, null); //$NON-NLS-1$
+ sc.associateSecurityContext(previousSC);
+
+ DQPWorkContext message = new DQPWorkContext() {
+ public Subject getSubject() {
+ return new Subject();
+ }
+ };
+ message.setSecurityHelper(sc);
+ message.setSession(Mockito.mock(SessionMetadata.class));
+ final String currentSC = "teiid-security-context"; //$NON-NLS-1$
+ Mockito.stub(message.getSession().getSecurityContext()).toReturn(currentSC);
+
+ Runnable r = new Runnable() {
+ @Override
+ public void run() {
+ assertEquals(currentSC, sc.getSecurityContext(null));
+ }
+ };
+
+ message.runInContext(r);
+
+ assertEquals(previousSC, sc.getSecurityContext(null));
+ }
+
+
}
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-21 14:56:10 UTC (rev 4128)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-21 15:16:44 UTC (rev 4129)
@@ -36,13 +36,12 @@
private static final long serialVersionUID = 3598997061994110254L;
@Override
- public boolean associateSecurityContext(Object newContext) {
+ public Object associateSecurityContext(Object newContext) {
SecurityContext context = SecurityActions.getSecurityContext();
- if (context == null || (newContext != null && newContext != context)) {
+ if (newContext != context) {
SecurityActions.setSecurityContext((SecurityContext)newContext);
- return true;
}
- return false;
+ return context;
}
@Override
Modified: trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-21 14:56:10 UTC (rev 4128)
+++ trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-21 15:16:44 UTC (rev 4129)
@@ -24,7 +24,6 @@
import java.io.IOException;
-import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -387,21 +386,7 @@
this.dqp = dqp;
}
- @Override
- public boolean associateSubjectInContext(String securityDomain, Subject subject) {
- Principal principal = null;
- for(Principal p:subject.getPrincipals()) {
- principal = p;
- break;
- }
- return this.securityHelper.associateSecurityContext(this.securityHelper.createSecurityContext(securityDomain, principal, null, subject));
- }
- @Override
- public Subject getSubjectInContext(String securityDomain) {
- return this.securityHelper.getSubjectInContext(securityDomain);
- }
-
public void setGssSecurityDomain(String domain) {
this.gssSecurityDomain = domain;
}
@@ -410,12 +395,12 @@
public String getGssSecurityDomain(){
return this.gssSecurityDomain;
}
-
- @Override
- public void clearSubjectInContext() {
- this.securityHelper.clearSecurityContext();
- }
+ @Override
+ public SecurityHelper getSecurityHelper() {
+ return securityHelper;
+ }
+
protected Collection<String> getDomainsForUser(List<String> domains, String username) {
// If username is null, return all domains
if (username == null) {
Modified: trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-21 14:56:10 UTC (rev 4128)
+++ trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-21 15:16:44 UTC (rev 4129)
@@ -22,6 +22,7 @@
package org.teiid.transport;
+import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Properties;
@@ -53,6 +54,7 @@
import org.teiid.net.socket.AuthenticationType;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
+import org.teiid.security.SecurityHelper;
public class LogonImpl implements ILogon {
@@ -67,7 +69,7 @@
public LogonResult logon(Properties connProps) throws LogonException, TeiidComponentException, CommunicationException {
if (this.service.getGssSecurityDomain() != null && connProps.get(ILogon.KRB5TOKEN) != null) {
- Subject user = this.service.getSubjectInContext(this.service.getGssSecurityDomain());
+ Subject user = this.service.getSecurityHelper().getSubjectInContext(this.service.getGssSecurityDomain());
if (user == null) {
throw new LogonException(RuntimePlugin.Event.TEIID40054, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40054));
}
@@ -80,7 +82,6 @@
return logon(connProps, null);
}
-
private LogonResult logon(Properties connProps, byte[] krb5ServiceTicket) throws LogonException {
DQPWorkContext workContext = DQPWorkContext.getWorkContext();
String oldSessionId = workContext.getSessionId();
@@ -158,6 +159,7 @@
String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
+ Object previous = null;
boolean associated = false;
try {
String securityDomain = service.getGssSecurityDomain();
@@ -174,7 +176,15 @@
}
if (result.context.isEstablished()) {
- associated = service.associateSubjectInContext(securityDomain, subject);
+ Principal principal = null;
+ for(Principal p:subject.getPrincipals()) {
+ principal = p;
+ break;
+ }
+ SecurityHelper securityHelper = service.getSecurityHelper();
+ Object securityContext = securityHelper.createSecurityContext(securityDomain, principal, null, subject);
+ previous = securityHelper.associateSecurityContext(securityContext);
+ associated = true;
}
if (!result.context.isEstablished() || !createSession) {
@@ -192,7 +202,7 @@
throw new LogonException(RuntimePlugin.Event.TEIID40061, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40061));
} finally {
if (associated) {
- service.clearSubjectInContext();
+ service.getSecurityHelper().associateSecurityContext(previous);
}
}
}
More information about the teiid-commits
mailing list