Author: rareddy
Date: 2012-05-21 09:14:32 -0400 (Mon, 21 May 2012)
New Revision: 4126
Modified:
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java
branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java
branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java
Log:
TEIID-2055: Restore the previous security context on the thread explicitly after the task
is finished.
Modified:
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
===================================================================
---
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-20
13:12:16 UTC (rev 4125)
+++
branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-21
13:14:32 UTC (rev 4126)
@@ -227,12 +227,13 @@
public void runInContext(final Runnable runnable) {
DQPWorkContext previous = DQPWorkContext.getWorkContext();
+ Object previousSC = getSecurityContextOnThread();
boolean associated = attachDQPWorkContext();
try {
runnable.run();
} finally {
if (associated) {
- securityHelper.clearSecurityContext(this.getSecurityDomain());
+ securityHelper.clearSecurityContext(previousSC);
}
DQPWorkContext.releaseWorkContext();
if (previous != null) {
@@ -241,11 +242,18 @@
}
}
+ private Object getSecurityContextOnThread() {
+ if (securityHelper != null) {
+ return securityHelper.getSecurityContextOnThread();
+ }
+ return null;
+ }
+
private boolean attachDQPWorkContext() {
DQPWorkContext.setWorkContext(this);
boolean associated = false;
if (securityHelper != null && this.getSubject() != null) {
- associated = securityHelper.associateSecurityContext(this.getSecurityDomain(),
this.getSecurityContext());
+ associated = securityHelper.associateSecurityContext(this.getSecurityContext());
}
return associated;
}
Modified: branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java
===================================================================
---
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-20
13:12:16 UTC (rev 4125)
+++
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-21
13:14:32 UTC (rev 4126)
@@ -152,5 +152,7 @@
Subject getSubjectInContext(String securityDomain);
- public void clearSubjectInContext();
+ public void clearSubjectInContext(Object prevSecurityContext);
+
+ Object getSecurityContextOnThread();
}
Modified: branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java
===================================================================
--- branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-20
13:12:16 UTC (rev 4125)
+++ branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-21
13:14:32 UTC (rev 4126)
@@ -28,10 +28,12 @@
public interface SecurityHelper {
- boolean associateSecurityContext(String securityDomain, Object context);
+ boolean associateSecurityContext(Object context);
- void clearSecurityContext(String securityDomain);
+ void clearSecurityContext(Object prevContext);
+ Object getSecurityContextOnThread();
+
Object getSecurityContext(String securityDomain);
Object createSecurityContext(String securityDomain, Principal p, Object credentials,
Subject subject);
Modified:
branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
===================================================================
---
branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java 2012-05-20
13:12:16 UTC (rev 4125)
+++
branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java 2012-05-21
13:14:32 UTC (rev 4126)
@@ -22,14 +22,18 @@
package org.teiid.dqp.internal.process;
+import java.security.Principal;
import java.util.Map;
+import javax.security.auth.Subject;
+
import org.mockito.Mockito;
import org.teiid.adminapi.DataPolicy;
import org.teiid.adminapi.impl.DataPolicyMetadata;
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.adminapi.impl.VDBMetaData;
import org.teiid.core.util.UnitTestUtil;
+import org.teiid.security.SecurityHelper;
import junit.framework.TestCase;
@@ -92,4 +96,65 @@
Map<String, DataPolicy> map = message.getAllowedDataPolicies();
assertEquals(1, map.size());
}
+
+ public void testRestoreSecurityContext() {
+ final SecurityHelper sc = new SecurityHelper() {
+ Object mycontext = null;
+
+ @Override
+ public boolean sameSubject(String securityDomain, Object context, Subject subject) {
+ return mycontext == context;
+ }
+ @Override
+ public Subject getSubjectInContext(String securityDomain) {
+ return null;
+ }
+ @Override
+ public Object getSecurityContextOnThread() {
+ return this.mycontext;
+ }
+ @Override
+ public Object getSecurityContext(String securityDomain) {
+ return this.mycontext;
+ }
+ @Override
+ public Object createSecurityContext(String securityDomain, Principal p,Object
credentials, Subject subject) {
+ return securityDomain+"SC"; //$NON-NLS-1$
+ }
+ @Override
+ public void clearSecurityContext(Object prevContext) {
+ this.mycontext = prevContext;
+ }
+ @Override
+ public boolean associateSecurityContext(Object context) {
+ this.mycontext = context;
+ return true;
+ }
+ };
+ Object previousSC = sc.createSecurityContext("test", null, null, null);
//$NON-NLS-1$
+ sc.associateSecurityContext(previousSC);
+
+ DQPWorkContext message = new DQPWorkContext() {
+ public Subject getSubject() {
+ return new Subject();
+ }
+ };
+ message.setSecurityHelper(sc);
+ message.setSession(Mockito.mock(SessionMetadata.class));
+ final String currentSC = "teiid-security-context"; //$NON-NLS-1$
+ Mockito.stub(message.getSession().getSecurityContext()).toReturn(currentSC);
+
+ Runnable r = new Runnable() {
+ @Override
+ public void run() {
+ assertEquals(currentSC, sc.getSecurityContextOnThread());
+ }
+ };
+
+ message.runInContext(r);
+
+ assertEquals(previousSC, sc.getSecurityContextOnThread());
+ }
+
+
}
Modified:
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
---
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-20
13:12:16 UTC (rev 4125)
+++
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-21
13:14:32 UTC (rev 4126)
@@ -36,7 +36,7 @@
private static final long serialVersionUID = 3598997061994110254L;
@Override
- public boolean associateSecurityContext(String securityDomain, Object newContext) {
+ public boolean associateSecurityContext(Object newContext) {
SecurityContext context = SecurityActions.getSecurityContext();
if (context == null || (newContext != null && newContext != context)) {
SecurityActions.setSecurityContext((SecurityContext)newContext);
@@ -46,11 +46,19 @@
}
@Override
- public void clearSecurityContext(String context) {
+ public void clearSecurityContext(Object prevContext) {
SecurityActions.clearSecurityContext();
+ if (prevContext != null) {
+ SecurityActions.setSecurityContext((SecurityContext)prevContext);
+ }
}
@Override
+ public Object getSecurityContextOnThread() {
+ return SecurityActions.getSecurityContext();
+ }
+
+ @Override
public Object getSecurityContext(String securityDomain) {
SecurityContext sc = SecurityActions.getSecurityContext();
if (sc != null && sc.getSecurityDomain().equals(securityDomain)) {
Modified: branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
---
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-20
13:12:16 UTC (rev 4125)
+++
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-21
13:14:32 UTC (rev 4126)
@@ -430,7 +430,7 @@
principal = p;
break;
}
- return this.securityHelper.associateSecurityContext(securityDomain,
this.securityHelper.createSecurityContext(securityDomain, principal, null, subject));
+ return
this.securityHelper.associateSecurityContext(this.securityHelper.createSecurityContext(securityDomain,
principal, null, subject));
}
@Override
@@ -438,6 +438,11 @@
return this.securityHelper.getSubjectInContext(securityDomain);
}
+ @Override
+ public Object getSecurityContextOnThread() {
+ return this.securityHelper.getSecurityContextOnThread();
+ }
+
public void setGssSecurityDomain(String domain) {
this.gssSecurityDomain = domain;
}
@@ -448,7 +453,7 @@
}
@Override
- public void clearSubjectInContext() {
- this.securityHelper.clearSecurityContext(null);
+ public void clearSubjectInContext(Object previousSC) {
+ this.securityHelper.clearSecurityContext(previousSC);
}
}
Modified: branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java
===================================================================
--- branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-20
13:12:16 UTC (rev 4125)
+++ branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-21
13:14:32 UTC (rev 4126)
@@ -160,6 +160,7 @@
String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
boolean assosiated = false;
+ Object previousSC = null;
try {
String securityDomain = service.getGssSecurityDomain();
if (securityDomain == null) {
@@ -175,6 +176,7 @@
}
if (result.context.isEstablished()) {
+ previousSC = service.getSecurityContextOnThread();
assosiated = service.associateSubjectInContext(securityDomain, subject);
}
@@ -192,7 +194,7 @@
throw new LogonException(e,
RuntimePlugin.Util.getString("krb5_login_failed")); //$NON-NLS-1$
} finally {
if (assosiated) {
- this.service.clearSubjectInContext();
+ this.service.clearSubjectInContext(previousSC);
}
}
}