11:55 a.m.
Author: shawkins
Date: 2010-06-28 12:55:37 -0400 (Mon, 28 Jun 2010)
New Revision: 2313
Added:
trunk/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml
trunk/documentation/reference/src/main/docbook/en-US/content/entitlements.xml
Modified:
trunk/build/kits/jboss-container/teiid-releasenotes.html
trunk/client/src/main/java/org/teiid/jdbc/TeiidStatement.java
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/JDBCExecutionFactory.java
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/mysql/MySQLExecutionFactory.java
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/oracle/OracleExecutionFactory.java
trunk/connectors/translator-salesforce/src/main/java/org/teiid/translator/salesforce/execution/QueryExecutionImpl.java
trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
trunk/documentation/client-developers-guide/
trunk/documentation/reference/src/main/docbook/en-US/Reference.xml
trunk/documentation/reference/src/main/docbook/en-US/content/system_schema.xml
trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml
Log:
forward merge from 7.0
Modified: trunk/build/kits/jboss-container/teiid-releasenotes.html
===================================================================
--- trunk/build/kits/jboss-container/teiid-releasenotes.html 2010-06-28 16:47:59 UTC (rev
2312)
+++ trunk/build/kits/jboss-container/teiid-releasenotes.html 2010-06-28 16:55:37 UTC (rev
2313)
@@ -95,8 +95,30 @@
<ul>
<li>Start time is now significantly longer due to the container deployment.
However many operations can be performed on configruation files that will trigger a
redeployment without the need for a restart.
<li>Parallel execution of source queries within a query plan has been temporarily
disabled.
+ <li>Inversion of parse, format, and convert system functions is not used if it
can be narrowing. In situations where a predicate has the form: parseTime(column,
'format') = {t 'time value'} may lead to reduced performance, since
+ the parseTime function cannot be pushed down. This should be addressed in future
releases.
</ul>
+<h4>Salesforce as Source</h4>
+Before Salesforce is used in your data integration project, the below issues need to be
resolved.
+<ul>
+ <li>Manually copy the following libraries from the JBOSS_HOME/client directory to
the JBOSS_HOME/lib/endorsed directory, so that the JAX-WS 2.0 apis supported by JBossWS
are used:
+ <ul>
+ <li>jbossws-native-saaj.jar</li>
+ <li>jbossws-native-jaxrpc.jar</li>
+ <li>jbossws-native-jaxws.jar</li>
+ <li>jbossws-native-jaxws-ext.jar</li>
+ </ul>
+ </li>
+ <li>There is issue with invoking "https" based URL with out specifying
the either a keystore or truststore properties with JBoss remoting 2.5.1. Generally you do
not need to specify the truststore as a anonymous truststore will be negotiated, however
if you fail to supply the following system properties there will be a error message in the
log (query will execute even with out the properties). Add these to
JBOSS_INSTALL/bin/run.conf file under JAVA_OPTS
+ <ul>
+ <li>-Djava.net.ssl.keyStore=<path-to-truststore></li>
+ <li>-Djava.net.ssl.keyStoreType=<certificate-type></li>
+ <li>-Djava.net.ssl.keyStorePassword=<password></li>
+ </ul>
+ </li>
+</ul>
+
<h2><a name="LibraryUpdates">Thirdparty Library
Updates</a></h2>
The following components have been updated:
Modified: trunk/client/src/main/java/org/teiid/jdbc/TeiidStatement.java
===================================================================
--- trunk/client/src/main/java/org/teiid/jdbc/TeiidStatement.java 2010-06-28 16:47:59 UTC
(rev 2312)
+++ trunk/client/src/main/java/org/teiid/jdbc/TeiidStatement.java 2010-06-28 16:55:37 UTC
(rev 2313)
@@ -64,7 +64,7 @@
/**
* Obtain the query planner debug log from the last command
* executed on this Statement, if it was requested with
- * OPTION DEBUG. If no debug output was requested, this
+ * SHOWPLAN DEBUG. If no debug output was requested, this
* method will return null.
* @return Debug log or null if no log exists
*/
Modified:
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/JDBCExecutionFactory.java
===================================================================
---
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/JDBCExecutionFactory.java 2010-06-28
16:47:59 UTC (rev 2312)
+++
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/JDBCExecutionFactory.java 2010-06-28
16:55:37 UTC (rev 2313)
@@ -40,6 +40,7 @@
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
+import java.util.concurrent.atomic.AtomicBoolean;
import javax.sql.DataSource;
@@ -139,7 +140,7 @@
private boolean useCommentsInSourceQuery;
private String version;
- boolean initialConnection = true;
+ private AtomicBoolean initialConnection = new AtomicBoolean(true);
public JDBCExecutionFactory() {
setSupportsFullOuterJoins(true);
@@ -216,7 +217,7 @@
public ResultSetExecution createResultSetExecution(QueryExpression command,
ExecutionContext executionContext, RuntimeMetadata metadata, Connection conn)
throws TranslatorException {
//TODO: This is not correct; this should be only called once for connection creation
- afterConnectionCreation(conn);
+ obtainedConnection(conn);
return new JDBCQueryExecution(command, conn, executionContext, this);
}
@@ -224,7 +225,7 @@
public ProcedureExecution createProcedureExecution(Call command, ExecutionContext
executionContext, RuntimeMetadata metadata, Connection conn)
throws TranslatorException {
//TODO: This is not correct; this should be only called once for connection creation
- afterConnectionCreation(conn);
+ obtainedConnection(conn);
return new JDBCProcedureExecution(command, conn, executionContext, this);
}
@@ -232,7 +233,7 @@
public UpdateExecution createUpdateExecution(Command command, ExecutionContext
executionContext, RuntimeMetadata metadata, Connection conn)
throws TranslatorException {
//TODO: This is not correct; this should be only called once for connection creation
- afterConnectionCreation(conn);
+ obtainedConnection(conn);
return new JDBCUpdateExecution(command, conn, executionContext, this);
}
@@ -989,12 +990,12 @@
* Called exactly once for this source.
* @param connection
*/
- protected void afterInitialConnectionCreation(Connection connection) {
+ protected void afterInitialConnectionObtained(Connection connection) {
// now dig some details about this driver/database for log.
try {
- StringBuffer sb = new StringBuffer();
+ StringBuffer sb = new StringBuffer(getClass().getSimpleName());
DatabaseMetaData dbmd = connection.getMetaData();
- sb.append("Commit=").append(connection.getAutoCommit());
//$NON-NLS-1$
+ sb.append(" Commit=").append(connection.getAutoCommit());
//$NON-NLS-1$
sb.append(";DatabaseProductName=").append(dbmd.getDatabaseProductName());
//$NON-NLS-1$
sb.append(";DatabaseProductVersion=").append(dbmd.getDatabaseProductVersion());
//$NON-NLS-1$
sb.append(";DriverMajorVersion=").append(dbmd.getDriverMajorVersion());
//$NON-NLS-1$
@@ -1012,19 +1013,13 @@
/**
* Provides a hook to call source specific logic when
- * a connection is created.
+ * a connection is obtained.
*
* defect request 13979 & 13978
*/
- public void afterConnectionCreation(Connection connection) {
- if (initialConnection) {
- synchronized (this) {
- if (!initialConnection) {
- return;
- }
- initialConnection = false;
- afterInitialConnectionCreation(connection);
- }
+ public void obtainedConnection(Connection connection) {
+ if (initialConnection.compareAndSet(true, false)) {
+ afterInitialConnectionObtained(connection);
}
}
Modified:
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/mysql/MySQLExecutionFactory.java
===================================================================
---
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/mysql/MySQLExecutionFactory.java 2010-06-28
16:47:59 UTC (rev 2312)
+++
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/mysql/MySQLExecutionFactory.java 2010-06-28
16:55:37 UTC (rev 2313)
@@ -22,10 +22,7 @@
package org.teiid.translator.jdbc.mysql;
-import java.sql.Connection;
import java.sql.Date;
-import java.sql.SQLException;
-import java.sql.Statement;
import java.sql.Time;
import java.sql.Timestamp;
import java.util.ArrayList;
@@ -33,11 +30,9 @@
import java.util.List;
import org.teiid.language.Function;
-import org.teiid.logging.LogConstants;
-import org.teiid.logging.LogManager;
+import org.teiid.translator.SourceSystemFunctions;
import org.teiid.translator.Translator;
import org.teiid.translator.TranslatorException;
-import org.teiid.translator.SourceSystemFunctions;
import org.teiid.translator.TypeFacility;
import org.teiid.translator.jdbc.ConvertModifier;
import org.teiid.translator.jdbc.FunctionModifier;
@@ -130,26 +125,6 @@
}
@Override
- public void afterConnectionCreation(Connection connection) {
- super.afterConnectionCreation(connection);
-
- Statement stmt = null;
- try {
- stmt = connection.createStatement();
- stmt.execute("set SESSION sql_mode = 'ANSI'"); //$NON-NLS-1$
- } catch (SQLException e) {
- LogManager.logError(LogConstants.CTX_CONNECTOR, e, "Error setting ANSI
mode"); //$NON-NLS-1$
- } finally {
- if (stmt != null) {
- try {
- stmt.close();
- } catch (SQLException e) {
- LogManager.logDetail("Error closing statement", e); //$NON-NLS-1$
- }
- }
- }
- }
- @Override
public boolean useParensForJoins() {
return true;
}
Modified:
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/oracle/OracleExecutionFactory.java
===================================================================
---
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/oracle/OracleExecutionFactory.java 2010-06-28
16:47:59 UTC (rev 2312)
+++
trunk/connectors/translator-jdbc/src/main/java/org/teiid/translator/jdbc/oracle/OracleExecutionFactory.java 2010-06-28
16:55:37 UTC (rev 2313)
@@ -24,11 +24,8 @@
*/
package org.teiid.translator.jdbc.oracle;
-import java.sql.Connection;
import java.sql.PreparedStatement;
-import java.sql.ResultSet;
import java.sql.SQLException;
-import java.sql.Statement;
import java.sql.Timestamp;
import java.sql.Types;
import java.util.ArrayList;
@@ -51,8 +48,6 @@
import org.teiid.language.SQLConstants.Tokens;
import org.teiid.language.SetQuery.Operation;
import org.teiid.language.visitor.CollectorVisitor;
-import org.teiid.logging.LogConstants;
-import org.teiid.logging.LogManager;
import org.teiid.metadata.Column;
import org.teiid.translator.ExecutionContext;
import org.teiid.translator.SourceSystemFunctions;
@@ -64,7 +59,6 @@
import org.teiid.translator.jdbc.ExtractFunctionModifier;
import org.teiid.translator.jdbc.FunctionModifier;
import org.teiid.translator.jdbc.JDBCExecutionFactory;
-import org.teiid.translator.jdbc.JDBCPlugin;
import org.teiid.translator.jdbc.LocateFunctionModifier;
@@ -395,41 +389,6 @@
}
@Override
- public void afterInitialConnectionCreation(Connection connection) {
- String errorStr =
JDBCPlugin.Util.getString("ConnectionListener.failed_to_report_oracle_connection_details");
//$NON-NLS-1$
- ResultSet rs = null;
- Statement stmt = null;
- try {
- stmt = connection.createStatement();
- rs = stmt.executeQuery("select * from v$instance"); //$NON-NLS-1$
-
- int columnCount = rs.getMetaData().getColumnCount();
- while (rs.next()) {
- StringBuffer sb = new StringBuffer();
- for (int i = 1; i <= columnCount; i++) {
-
sb.append(rs.getMetaData().getColumnName(i)).append("=").append(rs.getString(i)).append(";");
//$NON-NLS-1$ //$NON-NLS-2$
- }
- // log the queried information
- LogManager.logInfo(LogConstants.CTX_CONNECTOR, sb.toString());
- }
-
- } catch (SQLException e) {
- LogManager.logInfo(LogConstants.CTX_CONNECTOR, errorStr);
- }finally {
- try {
- if (rs != null) {
- rs.close();
- }
- if (stmt != null) {
- stmt.close();
- }
- } catch (SQLException e1) {
- LogManager.logInfo(LogConstants.CTX_CONNECTOR, errorStr);
- }
- }
- }
-
- @Override
public NullOrder getDefaultNullOrder() {
return NullOrder.HIGH;
}
Modified:
trunk/connectors/translator-salesforce/src/main/java/org/teiid/translator/salesforce/execution/QueryExecutionImpl.java
===================================================================
---
trunk/connectors/translator-salesforce/src/main/java/org/teiid/translator/salesforce/execution/QueryExecutionImpl.java 2010-06-28
16:47:59 UTC (rev 2312)
+++
trunk/connectors/translator-salesforce/src/main/java/org/teiid/translator/salesforce/execution/QueryExecutionImpl.java 2010-06-28
16:55:37 UTC (rev 2313)
@@ -114,14 +114,14 @@
@Override
public void execute() throws TranslatorException {
try {
- LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble() + "Incoming
Query: " + query.toString()); //$NON-NLS-1$
+ LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble(), "Incoming
Query:", query); //$NON-NLS-1$
List<TableReference> from = ((Select)query).getFrom();
String finalQuery;
if(from.get(0) instanceof Join) {
visitor = new JoinQueryVisitor(metadata);
visitor.visitNode(query);
finalQuery = visitor.getQuery().trim();
- LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble() + "Executing
Query: " + finalQuery); //$NON-NLS-1$
+ LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble(), "Executing
Query:", finalQuery); //$NON-NLS-1$
results = connection.query(finalQuery, this.context.getBatchSize(),
visitor.getQueryAll());
} else {
@@ -132,7 +132,7 @@
visitor.getTableName(), visitor.getIdInCriteria());
} else {
finalQuery = visitor.getQuery().trim();
- LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble() + "Executing
Query: " + finalQuery); //$NON-NLS-1$
+ LogManager.logDetail(LogConstants.CTX_CONNECTOR, getLogPreamble(), "Executing
Query:", finalQuery); //$NON-NLS-1$
results = connection.query(finalQuery, this.context.getBatchSize(),
visitor.getQueryAll());
}
}
@@ -147,6 +147,9 @@
List<?> result;
if (query.getProjectedQuery().getDerivedColumns().get(0)
.getExpression() instanceof AggregateFunction) {
+ if (results == null) {
+ return null;
+ }
result = Arrays.asList(results.getSize());
results = null;
Copied: trunk/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml
(from rev 2311,
branches/7.0.x/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml)
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml
(rev 0)
+++
trunk/documentation/admin-guide/src/main/docbook/en-US/content/performance.xml 2010-06-28
16:55:37 UTC (rev 2313)
@@ -0,0 +1,28 @@
+<!--
+TODO: incorporate a performance chapter.
+
+The information about document materialization belongs in the reference though. And is
not completely correct
+w.r.t. the use of document projection.
+
+ <para>Your application can use a statement object to execute queries that
return XML documents.
+ The query must specify a valid document in VDB, or should have used SQL XML
functions
+ to create a XMl document.</para>
+ <sect3>
+ <title>XML Streaming</title>
+ <para>XML documents are streamed from Teiid Server to the Teiid JDBC
API.
+ Normally, the document never materializes in the server memory, avoiding
potential
+ out-of-memory issues and improving the first response time for large
documents.
+ When using style sheets, or XQuery, the whole document
+ must be materialized on the server. Therefore memory issues may occur for
large documents.
+ A result document can be obtained from the JDBC resultset using
<code>getSQLXML</code> method.
+ </para>
+ <para>The document is broken into pieces when being created and
streamed.
+ The maximum size of each piece in the stream can be configured with the
+ <code>"lobChunkSizeInKB"</code> system property on the
Server. The default value is 100 KB.
+ At any given time, this is the maximum amount of memory that can be held by a
particular
+ XML query against the system. In heavily loaded or memory-constrained
scenarios,
+ this value can decrease the amount of memory used. As a side effect,
streaming will occur in smaller pieces, reducing initial document response time while
+ increasing full response time (as this is less efficient).</para>
+ </sect3>
+
+ -->
\ No newline at end of file
Modified: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2010-06-28
16:47:59 UTC (rev 2312)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2010-06-28
16:55:37 UTC (rev 2313)
@@ -3,7 +3,7 @@
<chapter id="custom_security">
<title>Teiid Security</title>
<para>The Teiid system provides a range of built-in and extensible security
features to enable the
- secure access of data. </para>
+ secure access of data.</para>
<sect1>
<title>Authentication</title>
<para>JDBC clients may use simple passwords to authenticate a user.</para>
@@ -11,6 +11,13 @@
identity of the user can be discerned by the password credential alone. In
any case it is up to the configured security domain to determine whether a user can
be
authenticated.</para>
+
+ <note><para>By default, access to Teiid is NOT secure. The default login
modules are only
+ backed by file based authentication, which has a well known user
+ name and password.
+ The same is true for making connections to the Admin Console application.
+ We DO NOT recommend leaving the default security profile as defined when you
+ are exposing sensitive data.</para></note>
</sect1>
<sect1>
<title>Authorization</title>
@@ -59,6 +66,14 @@
Details of the failed attempt including invalid users, which
domains were consulted, etc. will be in the server log with appropriate
levels of severity.</para>
+ <note>
+ <para>The security-domain defined for the JDBC connection and Admin
connections are separate.
+ The default name of JDBC connection's security-domain is
"teiid-security". The default name for Admin connection
+ is "jmx-console". For the Admin connection's security domain,
the user is allowed
+ to change which LoginModule that "jmx-console" pointing to, however
should not change the name of the domain, as this name is
+ shared between the "admin-console" application.</para>
+ </note>
+
<sect2>
<title>Built-in LoginModules</title>
<para>JBossAS provides several LoginModules for common authentication needs,
such as authenticating from text files or LDAP.</para>
@@ -71,12 +86,52 @@
If you want use a your own Custom Login module, check out the Developer's
Guide for instructions.
</para>
</sect2>
+
</sect1>
- <note>
- <para>The security-domain defined for the JDBC connection and Admin
connections are separate.
- The default name of JDBC connection's security-domain is
"teiid-security". The default name for Admin connection
- is "jmx-console". For the Admin connection's security domain,
the user is allowed
- to change which LoginModule that "jmx-console" pointing to, however
should not change the name of the domain, as this name is
- shared between the "admin-console" application.</para>
- </note>
+
+ <sect1 id="connfigure_server">
+ <title>Configuring SSL</title>
+ <para>The Teiid's configuration file
+
<code><jboss-install>/server/<profile>/deploy/teiid/teiid-jboss-beans.xml</code>,
+ contains the properties to configure SSL.</para>
+ <itemizedlist>
+ <para>There are two separate connection profiles:</para>
+ <listitem><para>JDBC Connection - The
<code>JdbcSslConfiguration</code> bean configuration defines
this.</para></listitem>
+ <listitem><para>Admin Connection - The
<code>AdminSslConfiguration</code> bean configuration defines
this.</para></listitem>
+ </itemizedlist>
+ <example><title>Example Configuration</title>
+ <programlisting><![CDATA[<bean name="JdbcSslConfiguration"
class="org.teiid.transport.SSLConfiguration">
+ <property name="sslEnabled">false</property>
+ <property name="keystoreFilename">cert.keystore</property>
+ <property name="keystorePassword">passwd</property>
+ <property name="keystoreType">JKS</property>
+ <property name="sslProtocol">SSLv3</property>
+ <property name="keymanagementAlgorithm">false</property>
+ <property name="truststoreFilename">cert.truststore</property>
+ <property name="truststorePassword">passwd</property>
+ <!-- 1-way, 2-way, anonymous -->
+ <property name="authenticationMode">1-way</property>
+ <property name="clientEncryptionEnabled">true</property>
+</bean>]]></programlisting>
+</example>
+ <orderedlist>
+ <title>Properties</title>
+ <listitem><para>sslEnabled - true|false, SSL usage either turned
ON or OFF </para></listitem>
+ <listitem><para>sslProtocol- Type of SSL protocol to be used.
Default is SSLv3</para></listitem>
+ <listitem><para>keystoreType - Keystore type created by the
keytool. Default "JKS" is used.</para></listitem>
+ <listitem><para>authenticationMode - anonymous|1-way|2-way, Type
of SSL mode, see
+ above about different <link linkend="ssl_modes">SSL
modes</link> available.</para></listitem>
+ <listitem><para>keymanagementAlgorithm - Type of key algorithm
used. Default
+ is based upon the VM, e.g. "SunX509"</para></listitem>
+ <listitem><para>keystoreFilename - The file name of the keystore,
which contains the
+ private key of the Server. This must be available in the classpath of Teiid
Server</para></listitem>
+ <listitem><para>keystorePassword - password for the
keystore.</para></listitem>
+ <listitem><para>truststoreFilename - if
"authenticationMode" is chosen
+ as "2-way", then this property must be provided. This is the
truststore that contains the
+ public key for the client. Depending upon how you created the keystore and
truststores,
+ this may be same file as defined under "keystoreFilename"
property.</para></listitem>
+ <listitem><para>truststorePassword - password for the truststore.
</para></listitem>
+ </orderedlist>
+
+ </sect1>
</chapter>
\ No newline at end of file
Property changes on: trunk/documentation/client-developers-guide
___________________________________________________________________
Name: svn:ignore
- target
.project
.settings
.classpath
+ target
.project
.settings
.classpath
Legal_Notice.html
Modified: trunk/documentation/reference/src/main/docbook/en-US/Reference.xml
===================================================================
--- trunk/documentation/reference/src/main/docbook/en-US/Reference.xml 2010-06-28 16:47:59
UTC (rev 2312)
+++ trunk/documentation/reference/src/main/docbook/en-US/Reference.xml 2010-06-28 16:55:37
UTC (rev 2313)
@@ -53,6 +53,7 @@
<xi:include href="content/scalar_functions.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/procedures.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/transaction_support.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="content/entitlements.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/system_schema.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/translators.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/federated_planning.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
Copied: trunk/documentation/reference/src/main/docbook/en-US/content/entitlements.xml
(from rev 2311,
branches/7.0.x/documentation/reference/src/main/docbook/en-US/content/entitlements.xml)
===================================================================
--- trunk/documentation/reference/src/main/docbook/en-US/content/entitlements.xml
(rev 0)
+++
trunk/documentation/reference/src/main/docbook/en-US/content/entitlements.xml 2010-06-28
16:55:37 UTC (rev 2313)
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % CustomDTD SYSTEM "../../../../../../docbook/custom.dtd">
+%CustomDTD;
+]>
+<chapter id="entitlements">
+ <title>Data Roles</title>
+ <para>Data roles, also called entitlements, are sets of permissions that are
defined
+ per VDB that dictate data access (create, read, update, delete). The use of data
roles is controlled system wide with the property in
+
<code><jboss-install>/server/<profile>/deploy/teiid/teiid-jboss-beans.xml</code>
file
+ in bean configuration section of <code>RuntimeEngineDeployer</code> with
property <code>useEntitlements</code>.</para>
+
+ <para>Once data roles are enabled, the access permissions defined in a VDB will
be enforced by the Teiid Server.</para>
+
+ <sect1>
+ <title>Permissions</title>
+ <orderedlist>
+ <para>To process a <code>SELECT</code> statement or a stored
procedure execution, the user account requires the following access rights:</para>
+ <listitem> <para><code>READ</code> - on the Table(s)
being accessed or the procedure being called.</para></listitem>
+ <listitem> <para><code>READ</code> - on every column
referenced.</para></listitem>
+ </orderedlist>
+
+ <orderedlist>
+ <para>To process an <code>INSERT</code> statement, the user
account requires the following access rights:</para>
+ <listitem> <para><code>CREATE</code> - on the Table
being inserted into.</para></listitem>
+ <listitem> <para><code>CREATE</code> - on every column
being inserted on that Table.</para></listitem>
+ </orderedlist>
+
+ <orderedlist>
+ <para>To process an <code>UPDATE</code> statement, the user
account requires the following access rights:</para>
+ <listitem> <para><code>UPDATE</code> - on the Table
being updated.</para></listitem>
+ <listitem> <para><code>UPDATE</code> - on every column
being updated on that Table.</para></listitem>
+ <listitem> <para><code>READ</code> - on every column
referenced in the criteria.</para></listitem>
+ </orderedlist>
+
+ <orderedlist>
+ <para>To process a <code>DELETE</code> statement, the user
account requires the following access rights:</para>
+ <listitem> <para><code>DELETE</code> - on the Table
being deleted.</para></listitem>
+ <listitem> <para><code>READ</code> - on every column
referenced in the criteria.</para></listitem>
+ </orderedlist>
+ </sect1>
+
+ <sect1>
+ <title>XML Definition</title>
+ <para>Data roles are defined inside the <code>vdb.xml</code> file
(inside the .vdb Zip archive under META-INF/vdb.xml) if you used Designer.
+ This example will show a sample "vdb.xml" file with few simple data
rules.</para>
+
+ <para>For example, if a VDB defines a table "TableA" in schema
"modelName" with columns (column1, column2) - note that the column types do not
matter. And we wish to define three roles "RoleA", "RoleB",
"RoleC" with following permissions:
+ <orderedlist>
+ <listitem><para>RoleA has privileges to read, write access to TableA, but
can not delete.</para></listitem>
+ <listitem><para>RoleB has no privileges that allow access to
TableA</para></listitem>
+ <listitem><para>RoleC has privileges that only allow read access to
TableA.column1</para></listitem>
+ </orderedlist>
+ </para>
+ <example><title>vdb.xml defining RoleA, RoleB, and RoleC</title>
+ <programlisting><![CDATA[<?xml version="1.0"
encoding="UTF-8"?>
+<vdb name="sample" version="1">
+
+ <model name="modelName">
+ <source name="source-name" translator-name="oracle"
connection-jndi-name="java:myDS" />
+ </model>
+
+ <data-policy name="RoleA">
+ <description>Allow all, except Delete</description>
+
+ <permission>
+ <resource-name>modelName.TableA</resource-name>
+ <allow-create />
+ <allow-read />
+ <allow-update />
+ </permission>
+
+ <permission>
+ <resource-name>modelName.TableA.colum1</resource-name>
+ <allow-create />
+ <allow-read />
+ <allow-update />
+ </permission>
+
+ <permission>
+ <resource-name>modelName.TableA.column2</resource-name>
+ <allow-create />
+ <allow-read />
+ <allow-update />
+ </permission>
+
+ <mapped-role-name>role1</mapped-role-name>
+
+ </data-policy>
+
+ <data-policy name="RoleC">
+ <description>Allow read only</description>
+
+ <permission>
+ <resource-name>modelName.TableA</resource-name>
+ <allow-read />
+ </permission>
+
+ <permission>
+ <resource-name>modelName.TableA.colum1</resource-name>
+ <allow-read />
+ </permission>
+
+ <mapped-role-name>role2</mapped-role-name>
+ </data-policy>
+</vdb>]]></programlisting>
+</example>
+ <para>The above XML defined two data roles, "RoleA" which allows
everything except delete on the table, "RoleC" that
+ allows only read operation on the table. Since Teiid uses deny by default, there is no
explict data-policy entry needed for "RoleB". The "mapped-role-name"
defines the "role" to whom these policies are applicable. Each data-policy
+ must define a "role" to be enforced by the Teiid Server.</para>
+
+ <para>For assigning the roles to your users, in the JBoss AS,
+ check out the instructions for the selected Login Module. Check "Admin
Guide" for configuring Login Modules.</para>
+
+ <para>"vdb.xml" file is checked against the schema file
<code>vdb-deployer.xsd</code>, check the documents sections of the Teiid kit
+ to find a copy of the schema file.</para>
+
+ <note><para>Currently there is no GUI tooling support in the Designer or
any other management tool to create this data roles
+ permissions xml, however this is in our roadmap for future releases to
provide.</para></note>
+ </sect1>
+
+</chapter>
\ No newline at end of file
Modified: trunk/documentation/reference/src/main/docbook/en-US/content/system_schema.xml
===================================================================
---
trunk/documentation/reference/src/main/docbook/en-US/content/system_schema.xml 2010-06-28
16:47:59 UTC (rev 2312)
+++
trunk/documentation/reference/src/main/docbook/en-US/content/system_schema.xml 2010-06-28
16:55:37 UTC (rev 2313)
@@ -1518,7 +1518,7 @@
<para>getCharacterVDBResource</para>
</entry>
<entry>
- <para>(string resourcePath)/para>
+ <para>(string resourcePath)</para>
</entry>
<entry>
<para>A single column containing the resource as a clob.</para>
@@ -1551,7 +1551,7 @@
<para>getXMLSchemas</para>
</entry>
<entry>
- <para>string document</para>
+ <para>(string document)</para>
</entry>
<entry>
<para>A single column containing the schemas as clobs.</para>
Modified: trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml
===================================================================
---
trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml 2010-06-28
16:47:59 UTC (rev 2312)
+++
trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml 2010-06-28
16:55:37 UTC (rev 2313)
@@ -137,12 +137,9 @@
<para><emphasis>metamatrix</emphasis> - for use with MetaMatrix 5.5.0
or later.</para>
</listitem>
<listitem>
-<para><emphasis>mysql</emphasis> - for use with MySQL version
4.x.</para>
+<para><emphasis>mysql</emphasis>/<emphasis>mysql5</emphasis>
- for use with MySQL version 4.x and 5 or later respectively. <note>The MySQL
Translators expect the database or session to be using ANSI mode. If the database is not
using ANSI mode, an initialization query should be used on the pool to set ANSI mode:
<programlisting>set SESSION sql_mode =
'ANSI'</programlisting></note></para>
</listitem>
<listitem>
-<para><emphasis>mysql5</emphasis> - for use with MySQL version 5 or
later.</para>
-</listitem>
-<listitem>
<para><emphasis>oracle</emphasis> - for use with Oracle 9i or later.
Sequences may be used with the Oracle translator.
A sequence may be modeled as a table with a name in source of DUAL and columns with the
name in source set to <sequencesequence name>.[nextval|currentval].
You can use a sequence as the default value for insert columns by setting the column to
autoincrement and the name in source to <element
name>:SEQUENCE=<sequence name>.<sequence
value>.</para>
5291
days inactive
5291
days old
0 comments
1 participants
participants (1)
-
teiid-commits@lists.jboss.org