teiid SVN: r4136 - in branches/7.7.x: engine/src/main/java/org/teiid/dqp/service and 5 other directories.
12:18 p.m.
Author: rareddy
Date: 2012-05-23 13:18:52 -0400 (Wed, 23 May 2012)
New Revision: 4136
Modified:
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/ThreadReuseExecutor.java
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java
branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java
branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java
Log:
TEIID-2055: Pulling in the code enhancements from trunk made by SteveH and also pulling in
the ThreadReuseExecutor cleaning up of the context
Modified:
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
===================================================================
---
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-22
14:55:50 UTC (rev 4135)
+++
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-23
17:18:52 UTC (rev 4136)
@@ -96,11 +96,11 @@
}
public static void setWorkContext(DQPWorkContext context) {
- CONTEXTS.set(context);
- }
-
- public static void releaseWorkContext() {
- CONTEXTS.set(null);
+ if (context == null) {
+ CONTEXTS.remove();
+ } else {
+ CONTEXTS.set(context);
+ }
}
private SessionMetadata session = new SessionMetadata();
@@ -134,6 +134,10 @@
public void setSecurityHelper(SecurityHelper securityHelper) {
this.securityHelper = securityHelper;
}
+
+ public SecurityHelper getSecurityHelper() {
+ return securityHelper;
+ }
/**
* @return
@@ -227,37 +231,21 @@
public void runInContext(final Runnable runnable) {
DQPWorkContext previous = DQPWorkContext.getWorkContext();
- Object previousSC = getSecurityContextOnThread();
- boolean associated = attachDQPWorkContext();
+ DQPWorkContext.setWorkContext(this);
+ Object previousSecurityContext = null;
+ if (securityHelper != null) {
+ previousSecurityContext =
securityHelper.associateSecurityContext(this.getSecurityContext());
+ }
try {
runnable.run();
} finally {
- if (associated) {
- securityHelper.clearSecurityContext(previousSC);
+ if (securityHelper != null) {
+ securityHelper.associateSecurityContext(previousSecurityContext);
}
- DQPWorkContext.releaseWorkContext();
- if (previous != null) {
- previous.attachDQPWorkContext();
- }
+ DQPWorkContext.setWorkContext(previous);
}
}
- private Object getSecurityContextOnThread() {
- if (securityHelper != null) {
- return securityHelper.getSecurityContextOnThread();
- }
- return null;
- }
-
- private boolean attachDQPWorkContext() {
- DQPWorkContext.setWorkContext(this);
- boolean associated = false;
- if (securityHelper != null && this.getSubject() != null) {
- associated = securityHelper.associateSecurityContext(this.getSecurityContext());
- }
- return associated;
- }
-
public HashMap<String, DataPolicy> getAllowedDataPolicies() {
if (this.policies == null) {
this.policies = new HashMap<String, DataPolicy>();
Modified:
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/ThreadReuseExecutor.java
===================================================================
---
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/ThreadReuseExecutor.java 2012-05-22
14:55:50 UTC (rev 4135)
+++
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/ThreadReuseExecutor.java 2012-05-23
17:18:52 UTC (rev 4136)
@@ -115,6 +115,10 @@
@Override
public void run() {
+ if (workContext.getSecurityHelper() != null) {
+ //if using the inheritable thread local security or if unassocation has been sloppy,
there may a security context associated
+ workContext.getSecurityHelper().clearSecurityContext();
+ }
workContext.runInContext(r);
}
Modified: branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java
===================================================================
---
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-22
14:55:50 UTC (rev 4135)
+++
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-23
17:18:52 UTC (rev 4136)
@@ -25,7 +25,6 @@
import java.util.Collection;
import java.util.Properties;
-import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -34,6 +33,7 @@
import org.teiid.dqp.internal.process.DQPCore;
import org.teiid.net.socket.AuthenticationType;
import org.teiid.security.Credentials;
+import org.teiid.security.SecurityHelper;
/**
@@ -148,11 +148,5 @@
String getGssSecurityDomain();
- boolean associateSubjectInContext(String securityDomain, Subject subject);
-
- Subject getSubjectInContext(String securityDomain);
-
- public void clearSubjectInContext(Object prevSecurityContext);
-
- Object getSecurityContextOnThread();
+ SecurityHelper getSecurityHelper();
}
Modified: branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java
===================================================================
--- branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-22
14:55:50 UTC (rev 4135)
+++ branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-23
17:18:52 UTC (rev 4136)
@@ -28,12 +28,10 @@
public interface SecurityHelper {
- boolean associateSecurityContext(Object context);
+ Object associateSecurityContext(Object context);
- void clearSecurityContext(Object prevContext);
+ void clearSecurityContext();
- Object getSecurityContextOnThread();
-
Object getSecurityContext(String securityDomain);
Object createSecurityContext(String securityDomain, Principal p, Object credentials,
Subject subject);
Modified:
branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
===================================================================
---
branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java 2012-05-22
14:55:50 UTC (rev 4135)
+++
branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java 2012-05-23
17:18:52 UTC (rev 4136)
@@ -110,10 +110,6 @@
return null;
}
@Override
- public Object getSecurityContextOnThread() {
- return this.mycontext;
- }
- @Override
public Object getSecurityContext(String securityDomain) {
return this.mycontext;
}
@@ -122,13 +118,14 @@
return securityDomain+"SC"; //$NON-NLS-1$
}
@Override
- public void clearSecurityContext(Object prevContext) {
- this.mycontext = prevContext;
+ public void clearSecurityContext() {
+ this.mycontext = null;
}
@Override
- public boolean associateSecurityContext(Object context) {
+ public Object associateSecurityContext(Object context) {
+ Object old = mycontext;
this.mycontext = context;
- return true;
+ return old;
}
};
Object previousSC = sc.createSecurityContext("test", null, null, null);
//$NON-NLS-1$
@@ -147,13 +144,13 @@
Runnable r = new Runnable() {
@Override
public void run() {
- assertEquals(currentSC, sc.getSecurityContextOnThread());
+ assertEquals(currentSC, sc.getSecurityContext(null));
}
};
message.runInContext(r);
- assertEquals(previousSC, sc.getSecurityContextOnThread());
+ assertEquals(previousSC, sc.getSecurityContext(null));
}
Modified:
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
---
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-22
14:55:50 UTC (rev 4135)
+++
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-23
17:18:52 UTC (rev 4136)
@@ -36,29 +36,20 @@
private static final long serialVersionUID = 3598997061994110254L;
@Override
- public boolean associateSecurityContext(Object newContext) {
+ public Object associateSecurityContext(Object newContext) {
SecurityContext context = SecurityActions.getSecurityContext();
- if (context == null || (newContext != null && newContext != context)) {
+ if (newContext != context) {
SecurityActions.setSecurityContext((SecurityContext)newContext);
- return true;
}
- return false;
+ return context;
}
@Override
- public void clearSecurityContext(Object prevContext) {
+ public void clearSecurityContext() {
SecurityActions.clearSecurityContext();
- if (prevContext != null) {
- SecurityActions.setSecurityContext((SecurityContext)prevContext);
- }
}
@Override
- public Object getSecurityContextOnThread() {
- return SecurityActions.getSecurityContext();
- }
-
- @Override
public Object getSecurityContext(String securityDomain) {
SecurityContext sc = SecurityActions.getSecurityContext();
if (sc != null && sc.getSecurityDomain().equals(securityDomain)) {
Modified: branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
---
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-22
14:55:50 UTC (rev 4135)
+++
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-23
17:18:52 UTC (rev 4136)
@@ -23,7 +23,6 @@
package org.teiid.services;
import java.io.IOException;
-import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -35,7 +34,6 @@
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
-import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
@@ -423,26 +421,6 @@
this.dqp = dqp;
}
- @Override
- public boolean associateSubjectInContext(String securityDomain, Subject subject) {
- Principal principal = null;
- for(Principal p:subject.getPrincipals()) {
- principal = p;
- break;
- }
- return
this.securityHelper.associateSecurityContext(this.securityHelper.createSecurityContext(securityDomain,
principal, null, subject));
- }
-
- @Override
- public Subject getSubjectInContext(String securityDomain) {
- return this.securityHelper.getSubjectInContext(securityDomain);
- }
-
- @Override
- public Object getSecurityContextOnThread() {
- return this.securityHelper.getSecurityContextOnThread();
- }
-
public void setGssSecurityDomain(String domain) {
this.gssSecurityDomain = domain;
}
@@ -451,9 +429,9 @@
public String getGssSecurityDomain(){
return this.gssSecurityDomain;
}
-
+
@Override
- public void clearSubjectInContext(Object previousSC) {
- this.securityHelper.clearSecurityContext(previousSC);
- }
+ public SecurityHelper getSecurityHelper() {
+ return securityHelper;
+ }
}
Modified: branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java
===================================================================
--- branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-22
14:55:50 UTC (rev 4135)
+++ branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-23
17:18:52 UTC (rev 4136)
@@ -22,6 +22,7 @@
package org.teiid.transport;
+import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Properties;
@@ -53,6 +54,7 @@
import org.teiid.net.socket.AuthenticationType;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
+import org.teiid.security.SecurityHelper;
public class LogonImpl implements ILogon {
@@ -67,7 +69,7 @@
public LogonResult logon(Properties connProps) throws LogonException,
TeiidComponentException, CommunicationException {
if (this.service.getGssSecurityDomain() != null &&
connProps.get(ILogon.KRB5TOKEN) != null) {
- Subject user = this.service.getSubjectInContext(this.service.getGssSecurityDomain());
+ Subject user =
this.service.getSecurityHelper().getSubjectInContext(this.service.getGssSecurityDomain());
if (user == null) {
throw new
LogonException(RuntimePlugin.Util.getString("krb5_user_not_found"));
//$NON-NLS-1$
}
@@ -160,7 +162,7 @@
String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
boolean assosiated = false;
- Object previousSC = null;
+ Object previous = null;
try {
String securityDomain = service.getGssSecurityDomain();
if (securityDomain == null) {
@@ -176,8 +178,16 @@
}
if (result.context.isEstablished()) {
- previousSC = service.getSecurityContextOnThread();
- assosiated = service.associateSubjectInContext(securityDomain, subject);
+ Principal principal = null;
+ for(Principal p:subject.getPrincipals()) {
+ principal = p;
+ break;
+ }
+ SecurityHelper securityHelper = service.getSecurityHelper();
+
+ Object securityContext = securityHelper.createSecurityContext(securityDomain,
principal, null, subject);
+ previous = securityHelper.associateSecurityContext(securityContext);
+ assosiated = true;
}
if (!result.context.isEstablished() || !createSession) {
@@ -194,7 +204,7 @@
throw new LogonException(e,
RuntimePlugin.Util.getString("krb5_login_failed")); //$NON-NLS-1$
} finally {
if (assosiated) {
- this.service.clearSubjectInContext(previousSC);
+ service.getSecurityHelper().associateSecurityContext(previous);
}
}
}
4620
days inactive
4620
days old
0 comments
1 participants
participants (1)
-
teiid-commits@lists.jboss.org