[teiid-commits] teiid SVN: r4145 - in branches/7.4.x: engine/src/main/java/org/teiid/security and 4 other directories.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Tue May 29 08:26:44 EDT 2012
Author: jolee
Date: 2012-05-29 08:26:43 -0400 (Tue, 29 May 2012)
New Revision: 4145
Modified:
branches/7.4.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
branches/7.4.x/engine/src/main/java/org/teiid/dqp/internal/process/ThreadReuseExecutor.java
branches/7.4.x/engine/src/main/java/org/teiid/security/SecurityHelper.java
branches/7.4.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
branches/7.4.x/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java
branches/7.4.x/runtime/src/main/java/org/teiid/transport/SocketClientInstance.java
branches/7.4.x/runtime/src/test/java/org/teiid/services/TestMembershipServiceImpl.java
Log:
TEIID-2037 Security context is not propagated correctly between Teiid engine and data sources
Modified: branches/7.4.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
===================================================================
--- branches/7.4.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-25 15:11:25 UTC (rev 4144)
+++ branches/7.4.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-29 12:26:43 UTC (rev 4145)
@@ -94,12 +94,12 @@
}
public static void setWorkContext(DQPWorkContext context) {
- CONTEXTS.set(context);
+ if (context == null) {
+ CONTEXTS.remove();
+ } else {
+ CONTEXTS.set(context);
+ }
}
-
- public static void releaseWorkContext() {
- CONTEXTS.set(null);
- }
private SessionMetadata session = new SessionMetadata();
private String clientAddress;
@@ -132,6 +132,10 @@
public void setSecurityHelper(SecurityHelper securityHelper) {
this.securityHelper = securityHelper;
}
+
+ public SecurityHelper getSecurityHelper() {
+ return securityHelper;
+ }
/**
* @return
@@ -225,29 +229,21 @@
public void runInContext(final Runnable runnable) {
DQPWorkContext previous = DQPWorkContext.getWorkContext();
- boolean associated = attachDQPWorkContext();
+ DQPWorkContext.setWorkContext(this);
+ Object previousSecurityContext = null;
+ if (securityHelper != null) {
+ previousSecurityContext = securityHelper.assosiateSecurityContext(this.getSecurityContext());
+ }
try {
runnable.run();
} finally {
- if (associated) {
- securityHelper.clearSecurityContext(this.getSecurityDomain());
+ if (securityHelper != null) {
+ securityHelper.assosiateSecurityContext(previousSecurityContext);
}
- DQPWorkContext.releaseWorkContext();
- if (previous != null) {
- previous.attachDQPWorkContext();
- }
+ DQPWorkContext.setWorkContext(previous);
}
- }
+ }
- private boolean attachDQPWorkContext() {
- DQPWorkContext.setWorkContext(this);
- boolean associated = false;
- if (securityHelper != null && this.getSubject() != null) {
- associated = securityHelper.assosiateSecurityContext(this.getSecurityDomain(), this.getSecurityContext());
- }
- return associated;
- }
-
public HashMap<String, DataPolicy> getAllowedDataPolicies() {
if (this.policies == null) {
this.policies = new HashMap<String, DataPolicy>();
Modified: branches/7.4.x/engine/src/main/java/org/teiid/dqp/internal/process/ThreadReuseExecutor.java
===================================================================
--- branches/7.4.x/engine/src/main/java/org/teiid/dqp/internal/process/ThreadReuseExecutor.java 2012-05-25 15:11:25 UTC (rev 4144)
+++ branches/7.4.x/engine/src/main/java/org/teiid/dqp/internal/process/ThreadReuseExecutor.java 2012-05-29 12:26:43 UTC (rev 4145)
@@ -115,6 +115,10 @@
@Override
public void run() {
+ if (workContext.getSecurityHelper() != null) {
+ //if using the inheritable thread local security or if un-association has been sloppy, there may a security context associated
+ workContext.getSecurityHelper().clearSecurityContext();
+ }
workContext.runInContext(r);
}
Modified: branches/7.4.x/engine/src/main/java/org/teiid/security/SecurityHelper.java
===================================================================
--- branches/7.4.x/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-25 15:11:25 UTC (rev 4144)
+++ branches/7.4.x/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-29 12:26:43 UTC (rev 4145)
@@ -28,9 +28,9 @@
public interface SecurityHelper {
- boolean assosiateSecurityContext(String securityDomain, Object context);
+ Object assosiateSecurityContext(Object context);
- void clearSecurityContext(String securityDomain);
+ void clearSecurityContext();
Object getSecurityContext(String securityDomain);
Modified: branches/7.4.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
--- branches/7.4.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-25 15:11:25 UTC (rev 4144)
+++ branches/7.4.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-29 12:26:43 UTC (rev 4145)
@@ -36,17 +36,16 @@
private static final long serialVersionUID = 3598997061994110254L;
@Override
- public boolean assosiateSecurityContext(String securityDomain, Object newContext) {
+ public Object assosiateSecurityContext(Object newContext) {
SecurityContext context = SecurityActions.getSecurityContext();
- if (newContext != null && (context == null || newContext != context)) {
+ if (newContext != context) {
SecurityActions.setSecurityContext((SecurityContext)newContext);
- return true;
}
- return false;
+ return context;
}
@Override
- public void clearSecurityContext(String securityDomain) {
+ public void clearSecurityContext() {
SecurityActions.clearSecurityContext();
}
Modified: branches/7.4.x/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java
===================================================================
--- branches/7.4.x/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java 2012-05-25 15:11:25 UTC (rev 4144)
+++ branches/7.4.x/runtime/src/main/java/org/teiid/services/TeiidLoginContext.java 2012-05-29 12:26:43 UTC (rev 4145)
@@ -59,6 +59,7 @@
private String securitydomain;
private Object credentials;
private SecurityHelper securityHelper;
+ private Object securityContext;
public TeiidLoginContext(SecurityHelper helper) {
this.securityHelper = helper;
@@ -79,6 +80,7 @@
this.userName = getUserName(existing)+AT+domain;
this.securitydomain = domain;
this.loginContext = createLoginContext(domain, existing);
+ this.securityContext = this.securityHelper.getSecurityContext(this.securitydomain);
return;
}
}
@@ -118,7 +120,16 @@
this.loginContext.login();
this.userName = baseUsername+AT+domain;
this.securitydomain = domain;
- return;
+ Subject subject = this.loginContext.getSubject();
+ Principal principal = null;
+ for(Principal p:subject.getPrincipals()) {
+ if (baseUsername.equals(p.getName())) {
+ principal = p;
+ break;
+ }
+ }
+ this.securityContext = this.securityHelper.createSecurityContext(this.securitydomain, principal, credentials, subject);
+ return;
} catch (LoginException e) {
LogManager.logDetail(LogConstants.CTX_SECURITY,e, e.getMessage());
}
@@ -158,22 +169,7 @@
}
public Object getSecurityContext() {
- Object sc = null;
- if (this.loginContext != null) {
- sc = this.securityHelper.getSecurityContext(this.securitydomain);
- if ( sc == null){
- Subject subject = this.loginContext.getSubject();
- Principal principal = null;
- for(Principal p:subject.getPrincipals()) {
- if (this.userName.startsWith(p.getName())) {
- principal = p;
- break;
- }
- }
- return this.securityHelper.createSecurityContext(this.securitydomain, principal, credentials, subject);
- }
- }
- return sc;
+ return this.securityContext;
}
static String getBaseUsername(String username) {
Modified: branches/7.4.x/runtime/src/main/java/org/teiid/transport/SocketClientInstance.java
===================================================================
--- branches/7.4.x/runtime/src/main/java/org/teiid/transport/SocketClientInstance.java 2012-05-25 15:11:25 UTC (rev 4144)
+++ branches/7.4.x/runtime/src/main/java/org/teiid/transport/SocketClientInstance.java 2012-05-29 12:26:43 UTC (rev 4145)
@@ -159,6 +159,9 @@
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_TRANSPORT, MessageLevel.DETAIL)) {
LogManager.logDetail(LogConstants.CTX_TRANSPORT, "processing message:" + packet); //$NON-NLS-1$
}
+ if (this.workContext.getSecurityHelper() != null) {
+ this.workContext.getSecurityHelper().clearSecurityContext();
+ }
final ServerWorkItem work = new ServerWorkItem(this, packet.getMessageKey(), packet, this.csr);
this.workContext.runInContext(work);
}
Modified: branches/7.4.x/runtime/src/test/java/org/teiid/services/TestMembershipServiceImpl.java
===================================================================
--- branches/7.4.x/runtime/src/test/java/org/teiid/services/TestMembershipServiceImpl.java 2012-05-25 15:11:25 UTC (rev 4144)
+++ branches/7.4.x/runtime/src/test/java/org/teiid/services/TestMembershipServiceImpl.java 2012-05-29 12:26:43 UTC (rev 4145)
@@ -59,17 +59,19 @@
HashSet<Principal> principals = new HashSet<Principal>();
principals.add(p);
- Subject subject = new Subject(false, principals, new HashSet(), new HashSet());
+ final Subject subject = new Subject(false, principals, new HashSet(), new HashSet());
SecurityHelper sh = Mockito.mock(SecurityHelper.class);
Mockito.stub(sh.getSubjectInContext("passthrough")).toReturn(subject); //$NON-NLS-1$
TeiidLoginContext membershipService = new TeiidLoginContext(sh) {
public LoginContext createLoginContext(String domain, CallbackHandler handler) throws LoginException {
LoginContext context = Mockito.mock(LoginContext.class);
+ Mockito.stub(context.getSubject()).toReturn(subject);
return context;
}
protected LoginContext createLoginContext(String domain, Subject subject) throws LoginException {
LoginContext context = Mockito.mock(LoginContext.class);
+ Mockito.stub(context.getSubject()).toReturn(subject);
return context;
}
};
More information about the teiid-commits
mailing list