[teiid-commits] teiid SVN: r4129 - in trunk: engine/src/main/java/org/teiid/dqp/service and 5 other directories.

Monday, 21 May 2012

Author: shawkins
Date: 2012-05-21 11:16:44 -0400 (Mon, 21 May 2012)
New Revision: 4129

Modified:
   trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
   trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java
   trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java
   trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
   trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
   trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
   trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java
Log:
TEIID-2055 forward merge with minor changes

Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java	2012-05-21
14:56:10 UTC (rev 4128)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java	2012-05-21
15:16:44 UTC (rev 4129)
@@ -103,13 +103,13 @@
 	}
 	
 	public static void setWorkContext(DQPWorkContext context) {
-		CONTEXTS.set(context);
+		if (context == null) {
+			CONTEXTS.remove();
+		} else {
+			CONTEXTS.set(context);
+		}
 	}
 
-	public static void releaseWorkContext() {
-		CONTEXTS.set(null);
-	}	
-	
 	private SessionMetadata session = new SessionMetadata();
     private String clientAddress;
     private String clientHostname;
@@ -236,29 +236,21 @@
 	
 	public void runInContext(final Runnable runnable) {
 		DQPWorkContext previous = DQPWorkContext.getWorkContext();
-		boolean associated = attachDQPWorkContext();
+		DQPWorkContext.setWorkContext(this);
+		Object previousSecurityContext = null;
+		if (securityHelper != null) {
+			previousSecurityContext =
securityHelper.associateSecurityContext(this.getSecurityContext());			
+		}
 		try {
 			runnable.run();
 		} finally {
-			if (associated) {
-				securityHelper.clearSecurityContext();			
+			if (securityHelper != null) {
+				securityHelper.associateSecurityContext(previousSecurityContext);			
 			}
-			DQPWorkContext.releaseWorkContext();
-			if (previous != null) {
-				previous.attachDQPWorkContext();
-			}
+			DQPWorkContext.setWorkContext(previous);
 		}
 	}
 
-	private boolean attachDQPWorkContext() {
-		DQPWorkContext.setWorkContext(this);
-		boolean associated = false;
-		if (securityHelper != null && this.getSubject() != null) {
-			associated = securityHelper.associateSecurityContext(this.getSecurityContext());			
-		}
-		return associated;
-	}
-
 	public HashMap<String, DataPolicy> getAllowedDataPolicies() {
 		if (this.policies == null) {
 	    	this.policies = new HashMap<String, DataPolicy>();

Modified: trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java
===================================================================

--- trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java	2012-05-21
14:56:10 UTC (rev 4128)
+++ trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java	2012-05-21
15:16:44 UTC (rev 4129)
@@ -25,7 +25,6 @@
 import java.util.Collection;
 import java.util.Properties;
 
-import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
@@ -34,6 +33,7 @@
 import org.teiid.dqp.internal.process.DQPCore;
 import org.teiid.net.socket.AuthenticationType;
 import org.teiid.security.Credentials;
+import org.teiid.security.SecurityHelper;
 
 
 /**
@@ -148,9 +148,5 @@
 	
 	String getGssSecurityDomain();
 	
-	boolean associateSubjectInContext(String securityDomain, Subject subject); 
-	
-	Subject getSubjectInContext(String securityDomain);
-
-	public void clearSubjectInContext();
+	SecurityHelper getSecurityHelper();
 }

Modified: trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java	2012-05-21 14:56:10
UTC (rev 4128)
+++ trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java	2012-05-21 15:16:44
UTC (rev 4129)
@@ -28,7 +28,7 @@
 
 public interface SecurityHelper {
 	
-	boolean associateSecurityContext(Object context);
+	Object associateSecurityContext(Object context);
 	
 	void clearSecurityContext();
 	

Modified:
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
===================================================================
---
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java	2012-05-21
14:56:10 UTC (rev 4128)
+++
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java	2012-05-21
15:16:44 UTC (rev 4129)
@@ -22,29 +22,25 @@
 
 package org.teiid.dqp.internal.process;
 
+import static org.junit.Assert.*;
+
+import java.security.Principal;
 import java.util.Map;
 
+import javax.security.auth.Subject;
+
+import org.junit.Test;
 import org.mockito.Mockito;
 import org.teiid.adminapi.DataPolicy;
 import org.teiid.adminapi.impl.DataPolicyMetadata;
 import org.teiid.adminapi.impl.SessionMetadata;
 import org.teiid.adminapi.impl.VDBMetaData;
 import org.teiid.core.util.UnitTestUtil;
+import org.teiid.security.SecurityHelper;
 
-import junit.framework.TestCase;
 
+public class TestDQPWorkContext {
 
-public class TestDQPWorkContext extends TestCase {
-
-	/**
-	 * Constructor for TestRequestMessage.
-	 * 
-	 * @param name
-	 */
-	public TestDQPWorkContext(String name) {
-		super(name);
-	}
-
 	public static DQPWorkContext example() {
 		DQPWorkContext message = new DQPWorkContext();
 		message.getSession().setVDBName("vdbName"); //$NON-NLS-1$
@@ -55,7 +51,7 @@
 		return message;
 	}
 
-	public void testSerialize() throws Exception {
+	@Test public void testSerialize() throws Exception {
 		DQPWorkContext copy = UnitTestUtil.helpSerialize(example());
 
 		assertEquals("5", copy.getSessionId()); //$NON-NLS-1$
@@ -64,9 +60,8 @@
 		assertEquals(1, copy.getVdbVersion());
 		assertEquals("querybuilder", copy.getAppName()); //$NON-NLS-1$
 	}
-
 	
-	public void testClearPolicies() {
+	@Test public void testClearPolicies() {
 		DQPWorkContext message = new DQPWorkContext();
 		message.setSession(Mockito.mock(SessionMetadata.class));
 		Mockito.stub(message.getSession().getVdb()).toReturn(new VDBMetaData());
@@ -80,7 +75,7 @@
 		assertTrue(map.isEmpty());
 	}
 	
-	public void testAnyAuthenticated() {
+	@Test public void testAnyAuthenticated() {
 		DQPWorkContext message = new DQPWorkContext();
 		message.setSession(Mockito.mock(SessionMetadata.class));
 		VDBMetaData vdb = new VDBMetaData();
@@ -92,4 +87,62 @@
 		Map<String, DataPolicy> map = message.getAllowedDataPolicies();
 		assertEquals(1, map.size());
 	}
+	
+	@Test public void testRestoreSecurityContext() {
+		final SecurityHelper sc = new SecurityHelper() {
+			Object mycontext = null;
+			
+			@Override
+			public boolean sameSubject(String securityDomain, Object context,	Subject subject) {
+				return mycontext == context;
+			}
+			@Override
+			public Subject getSubjectInContext(String securityDomain) {
+				return null;
+			}
+			@Override
+			public Object getSecurityContext(String securityDomain) {
+				return this.mycontext;
+			}
+			@Override
+			public Object createSecurityContext(String securityDomain, Principal p,Object
credentials, Subject subject) {
+				return securityDomain+"SC"; //$NON-NLS-1$ 
+			}
+			@Override
+			public void clearSecurityContext() {
+				this.mycontext = null;
+			}
+			@Override
+			public Object associateSecurityContext(Object context) {
+				Object old = mycontext;
+				this.mycontext = context;
+				return old;
+			}
+		};	
+		Object previousSC = sc.createSecurityContext("test", null, null, null);
//$NON-NLS-1$
+		sc.associateSecurityContext(previousSC);
+		
+		DQPWorkContext message = new DQPWorkContext() {
+		    public Subject getSubject() {
+		    	return new Subject();
+		    }			
+		};
+		message.setSecurityHelper(sc);
+		message.setSession(Mockito.mock(SessionMetadata.class));
+		final String currentSC = "teiid-security-context"; //$NON-NLS-1$
+		Mockito.stub(message.getSession().getSecurityContext()).toReturn(currentSC);
+		
+		Runnable r = new Runnable() {
+			@Override
+			public void run() {
+				assertEquals(currentSC, sc.getSecurityContext(null));
+			}
+		};
+		
+		message.runInContext(r);
+		
+		assertEquals(previousSC, sc.getSecurityContext(null));
+	}	
+	
+	
 }

Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
---
trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java	2012-05-21
14:56:10 UTC (rev 4128)
+++
trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java	2012-05-21
15:16:44 UTC (rev 4129)
@@ -36,13 +36,12 @@
 	private static final long serialVersionUID = 3598997061994110254L;
 
 	@Override
-	public boolean associateSecurityContext(Object newContext) {
+	public Object associateSecurityContext(Object newContext) {
 		SecurityContext context = SecurityActions.getSecurityContext();
-		if (context == null || (newContext != null && newContext != context)) {
+		if (newContext != context) {
 			SecurityActions.setSecurityContext((SecurityContext)newContext);
-			return true;
 		}
-		return false;
+		return context;
 	}
 
 	@Override

Modified: trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java	2012-05-21
14:56:10 UTC (rev 4128)
+++ trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java	2012-05-21
15:16:44 UTC (rev 4129)
@@ -24,7 +24,6 @@
 
 
 import java.io.IOException;
-import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -387,21 +386,7 @@
 		this.dqp = dqp;
 	}
 	
-	@Override
-	public boolean associateSubjectInContext(String securityDomain, Subject subject) {
-    	Principal principal = null;
-    	for(Principal p:subject.getPrincipals()) {
-			principal = p;
-			break;
-    	}
-    	return
this.securityHelper.associateSecurityContext(this.securityHelper.createSecurityContext(securityDomain,
principal, null, subject));		
-	}
 	
-	@Override
-	public Subject getSubjectInContext(String securityDomain) {
-		return this.securityHelper.getSubjectInContext(securityDomain);
-	}
-	
 	public void setGssSecurityDomain(String domain) {
 		this.gssSecurityDomain = domain;
 	}
@@ -410,12 +395,12 @@
 	public String getGssSecurityDomain(){
 		return this.gssSecurityDomain;
 	}
-
-	@Override
-	public void clearSubjectInContext() {
-		this.securityHelper.clearSecurityContext();
-	}	
 	
+	@Override
+	public SecurityHelper getSecurityHelper() {
+		return securityHelper;
+	}
+
     protected Collection<String> getDomainsForUser(List<String> domains,
String username) {
     	// If username is null, return all domains
         if (username == null) {

Modified: trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java	2012-05-21 14:56:10 UTC
(rev 4128)
+++ trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java	2012-05-21 15:16:44 UTC
(rev 4129)
@@ -22,6 +22,7 @@
 
 package org.teiid.transport;
 
+import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.Collection;
 import java.util.Properties;
@@ -53,6 +54,7 @@
 import org.teiid.net.socket.AuthenticationType;
 import org.teiid.runtime.RuntimePlugin;
 import org.teiid.security.Credentials;
+import org.teiid.security.SecurityHelper;
 
 
 public class LogonImpl implements ILogon {
@@ -67,7 +69,7 @@
 
 	public LogonResult logon(Properties connProps) throws LogonException,
TeiidComponentException, CommunicationException {
 		if (this.service.getGssSecurityDomain() != null &&
connProps.get(ILogon.KRB5TOKEN) != null) {
-			Subject user = this.service.getSubjectInContext(this.service.getGssSecurityDomain());
+			Subject user =
this.service.getSecurityHelper().getSubjectInContext(this.service.getGssSecurityDomain());
 			if (user == null) {
 				 throw new LogonException(RuntimePlugin.Event.TEIID40054,
RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40054));
 			}
@@ -80,7 +82,6 @@
 		return logon(connProps, null);
 	}
 	
-	
 	private LogonResult logon(Properties connProps, byte[] krb5ServiceTicket) throws
LogonException {
 		DQPWorkContext workContext = DQPWorkContext.getWorkContext();
 		String oldSessionId = workContext.getSessionId();
@@ -158,6 +159,7 @@
 		
         String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
         String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);		
+		Object previous = null;
 		boolean associated = false;
 		try {
 			String securityDomain = service.getGssSecurityDomain();
@@ -174,7 +176,15 @@
 			}
 			
 			if (result.context.isEstablished()) {
-				associated = service.associateSubjectInContext(securityDomain, subject);
+				Principal principal = null;
+		    	for(Principal p:subject.getPrincipals()) {
+					principal = p;
+					break;
+		    	}
+		    	SecurityHelper securityHelper = service.getSecurityHelper();
+		    	Object securityContext = securityHelper.createSecurityContext(securityDomain,
principal, null, subject);
+		    	previous = securityHelper.associateSecurityContext(securityContext);
+				associated = true;
 			}
 			
 			if (!result.context.isEstablished() || !createSession) {
@@ -192,7 +202,7 @@
 			 throw new LogonException(RuntimePlugin.Event.TEIID40061, e,
RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40061));
 		} finally {
 			if (associated) {
-				service.clearSubjectInContext();
+				service.getSecurityHelper().associateSecurityContext(previous);
 			}
 		}
 	}


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[teiid-commits] teiid SVN: r4129 - in trunk: engine/src/main/java/org/teiid/dqp/service and 5 other directories.