Author: shawkins Date: 2011-04-04 22:39:40 -0400 (Mon, 04 Apr 2011) New Revision: 3060 Added: trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPCore.java trunk/engine/src/main/java/org/teiid/dqp/internal/process/Request.java trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestPreparedStatement.java trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java trunk/engine/src/test/java/org/teiid/query/processor/TestProcessor.java Log: TEIID-1327 created an AuthorizationValidator interface Added: trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java =================================================================== --- trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java (rev 0) +++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java 2011-04-05 02:39:40 UTC (rev 3060) @@ -0,0 +1,39 @@ +/* + * JBoss, Home of Professional Open Source. + * See the COPYRIGHT.txt file distributed with this work for information + * regarding copyright ownership. Some portions may be licensed + * to Red Hat, Inc. under one or more contributor license agreements. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA. + */ + +package org.teiid.dqp.internal.process; + +import org.teiid.api.exception.query.QueryValidatorException; +import org.teiid.core.TeiidComponentException; +import org.teiid.query.metadata.QueryMetadataInterface; +import org.teiid.query.sql.lang.Command; + +/** + * Defines a validator that checks for proper authorization. + */ +public interface AuthorizationValidator { + + void validate(Command command, QueryMetadataInterface metadata, + DQPWorkContext workContext) throws QueryValidatorException, TeiidComponentException; + + boolean hasRole(String roleName, DQPWorkContext workContext); +} Property changes on: trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java ___________________________________________________________________ Added: svn:mime-type + text/plain Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java =================================================================== --- trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java 2011-04-04 22:35:34 UTC (rev 3059) +++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java 2011-04-05 02:39:40 UTC (rev 3060) @@ -54,6 +54,8 @@ private CacheConfiguration resultsetCacheConfig; private int maxODBCLobSizeAllowed = 5*1024*1024; // 5 MB private int userRequestSourceConcurrency = DEFAULT_USER_REQUEST_SOURCE_CONCURRENCY; + + private AuthorizationValidator authorizationValidator; @ManagementProperty(description="Max active plans (default 20). Increase this value, and max threads, on highly concurrent systems - but ensure that the underlying pools can handle the increased load without timeouts.") public int getMaxActivePlans() { @@ -209,4 +211,13 @@ public void setMaxODBCLobSizeAllowed(int lobSize) { this.maxODBCLobSizeAllowed = lobSize; } + + public AuthorizationValidator getAuthorizationValidator() { + return authorizationValidator; + } + + public void setAuthorizationValidator( + AuthorizationValidator authorizationValidator) { + this.authorizationValidator = authorizationValidator; + } } Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPCore.java =================================================================== --- trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPCore.java 2011-04-04 22:35:34 UTC (rev 3059) +++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPCore.java 2011-04-05 02:39:40 UTC (rev 3060) @@ -191,6 +191,8 @@ private CacheFactory cacheFactory; private SessionAwareCache<CachedResults> matTables; + + private AuthorizationValidator authorizationValidator; /** * perform a full shutdown and wait for 10 seconds for all threads to finish @@ -319,9 +321,9 @@ ClientState state = this.getClientState(workContext.getSessionId(), true); request.initialize(requestMsg, bufferManager, dataTierMgr, transactionService, state.sessionTables, - workContext, this.config.getUseDataRoles(), this.prepPlanCache); + workContext, this.prepPlanCache); request.setResultSetCacheEnabled(this.rsCache != null); - request.setAllowCreateTemporaryTablesByDefault(this.config.isAllowCreateTemporaryTablesByDefault()); + request.setAuthorizationValidator(this.authorizationValidator); request.setUserRequestConcurrency(this.getUserRequestSourceConcurrency()); ResultsFuture<ResultsMessage> resultsFuture = new ResultsFuture<ResultsMessage>(); RequestWorkItem workItem = new RequestWorkItem(this, requestMsg, request, resultsFuture.getResultsReceiver(), requestID, workContext); @@ -666,7 +668,10 @@ public void start(DQPConfiguration config) { this.config = config; - + this.authorizationValidator = config.getAuthorizationValidator(); + if (this.authorizationValidator == null) { + this.authorizationValidator = new DataRoleAuthorizationValidator(config.getUseDataRoles(), config.isAllowCreateTemporaryTablesByDefault()); + } this.chunkSize = config.getLobChunkSizeInKB() * 1024; //get buffer manager Added: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java =================================================================== --- trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java (rev 0) +++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java 2011-04-05 02:39:40 UTC (rev 3060) @@ -0,0 +1,61 @@ +/* + * JBoss, Home of Professional Open Source. + * See the COPYRIGHT.txt file distributed with this work for information + * regarding copyright ownership. Some portions may be licensed + * to Red Hat, Inc. under one or more contributor license agreements. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA. + */ + +package org.teiid.dqp.internal.process; + +import org.teiid.api.exception.query.QueryValidatorException; +import org.teiid.core.TeiidComponentException; +import org.teiid.query.metadata.QueryMetadataInterface; +import org.teiid.query.sql.lang.Command; + +/** + * The default Teiid authorization validator + */ +public class DataRoleAuthorizationValidator implements AuthorizationValidator { + + private boolean useEntitlements; + private boolean allowCreateTemporaryTablesByDefault; + + public DataRoleAuthorizationValidator(boolean useEntitlements, + boolean allowCreateTemporaryTablesByDefault) { + this.useEntitlements = useEntitlements; + this.allowCreateTemporaryTablesByDefault = allowCreateTemporaryTablesByDefault; + } + + @Override + public void validate(Command command, QueryMetadataInterface metadata, DQPWorkContext workContext) throws QueryValidatorException, TeiidComponentException { + if (useEntitlements && !workContext.getVDB().getDataPolicies().isEmpty()) { + AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(workContext.getAllowedDataPolicies(), workContext.getUserName()); + visitor.setAllowCreateTemporaryTablesDefault(allowCreateTemporaryTablesByDefault); + Request.validateWithVisitor(visitor, metadata, command); + } + } + + @Override + public boolean hasRole(String roleName, DQPWorkContext workContext) { + if (!useEntitlements) { + return true; + } + return workContext.getAllowedDataPolicies().containsKey(roleName); + } + +} Property changes on: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DataRoleAuthorizationValidator.java ___________________________________________________________________ Added: svn:mime-type + text/plain Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/Request.java =================================================================== --- trunk/engine/src/main/java/org/teiid/dqp/internal/process/Request.java 2011-04-04 22:35:34 UTC (rev 3059) +++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/Request.java 2011-04-05 02:39:40 UTC (rev 3060) @@ -130,12 +130,11 @@ protected Command userCommand; protected boolean returnsUpdateCount; - protected boolean useEntitlements; private TempTableStore globalTables; private SessionAwareCache<PreparedPlan> planCache; private boolean resultSetCacheEnabled = true; - private boolean allowCreateTemporaryTablesByDefault; private int userRequestConcurrency; + private AuthorizationValidator authorizationValidator; void initialize(RequestMessage requestMsg, BufferManager bufferManager, @@ -143,7 +142,6 @@ TransactionService transactionService, TempTableStore tempTableStore, DQPWorkContext workContext, - boolean useEntitlements, SessionAwareCache<PreparedPlan> planCache) { this.requestMsg = requestMsg; @@ -157,7 +155,6 @@ this.workContext = workContext; this.requestId = workContext.getRequestID(this.requestMsg.getExecutionId()); this.connectorManagerRepo = workContext.getVDB().getAttachment(ConnectorManagerRepository.class); - this.useEntitlements = useEntitlements && !workContext.getVDB().getDataPolicies().isEmpty(); this.planCache = planCache; } @@ -171,11 +168,11 @@ this.resultSetCacheEnabled = resultSetCacheEnabled; } - public void setAllowCreateTemporaryTablesByDefault( - boolean allowCreateTemporaryTablesByDefault) { - this.allowCreateTemporaryTablesByDefault = allowCreateTemporaryTablesByDefault; + public void setAuthorizationValidator( + AuthorizationValidator authorizationValidator) { + this.authorizationValidator = authorizationValidator; } - + /** * if the metadata has not been supplied via setMetadata, this method will create the appropriate state * @@ -250,13 +247,10 @@ context.setSecurityFunctionEvaluator(new SecurityFunctionEvaluator() { @Override public boolean hasRole(String roleType, String roleName) throws TeiidComponentException { - if (!useEntitlements) { - return true; - } if (!DATA_ROLE.equalsIgnoreCase(roleType)) { return false; } - return workContext.getAllowedDataPolicies().containsKey(roleName); + return authorizationValidator.hasRole(roleName, workContext); } }); context.setTempTableStore(tempTableStore); @@ -472,11 +466,7 @@ } protected void validateAccess(Command command) throws QueryValidatorException, TeiidComponentException { - if (useEntitlements) { - AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(this.workContext.getAllowedDataPolicies(), this.workContext.getUserName()); - visitor.setAllowCreateTemporaryTablesDefault(this.allowCreateTemporaryTablesByDefault); - validateWithVisitor(visitor, this.metadata, command); - } + this.authorizationValidator.validate(command, metadata, workContext); } } Modified: trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestPreparedStatement.java =================================================================== --- trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestPreparedStatement.java 2011-04-04 22:35:34 UTC (rev 3059) +++ trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestPreparedStatement.java 2011-04-05 02:39:40 UTC (rev 3060) @@ -60,9 +60,6 @@ private static final int SESSION_ID = 6; - private static boolean DEBUG = false; - - static void helpTestProcessing(String preparedSql, List values, List[] expected, ProcessorDataManager dataManager, QueryMetadataInterface metadata, boolean callableStatement, VDBMetaData vdb) throws Exception { helpTestProcessing(preparedSql, values, expected, dataManager, metadata, callableStatement, false, vdb); } @@ -246,9 +243,9 @@ ConnectorManagerRepository repo = Mockito.mock(ConnectorManagerRepository.class); Mockito.stub(repo.getConnectorManager(Mockito.anyString())).toReturn(new AutoGenDataService()); - serverRequest.initialize(request, BufferManagerFactory.getStandaloneBufferManager(), null, new FakeTransactionService(), null, workContext, false, prepPlanCache); - + serverRequest.initialize(request, BufferManagerFactory.getStandaloneBufferManager(), null, new FakeTransactionService(), null, workContext, prepPlanCache); serverRequest.setMetadata(capFinder, metadata, null); + serverRequest.setAuthorizationValidator(new DataRoleAuthorizationValidator(false, true)); serverRequest.processRequest(); assertNotNull(serverRequest.processPlan); Modified: trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java =================================================================== --- trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java 2011-04-04 22:35:34 UTC (rev 3059) +++ trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestRequest.java 2011-04-05 02:39:40 UTC (rev 3060) @@ -70,7 +70,6 @@ public void testValidateEntitlement() throws Exception { QueryMetadataInterface metadata = FakeMetadataFactory.example1Cached(); - Request request = new Request(); Command command = QueryParser.getQueryParser().parseCommand(QUERY); QueryResolver.resolveCommand(command, metadata); @@ -78,8 +77,9 @@ RequestMessage message = new RequestMessage(); DQPWorkContext workContext = FakeMetadataFactory.buildWorkContext(metadata, FakeMetadataFactory.example1VDB()); - request.initialize(message, null, null,new FakeTransactionService(),null, workContext, false, null); + request.initialize(message, null, null,new FakeTransactionService(),null, workContext, null); request.initMetadata(); + request.setAuthorizationValidator(new DataRoleAuthorizationValidator(true, true)); request.validateAccess(command); } @@ -132,8 +132,8 @@ Mockito.stub(repo.getConnectorManager(Mockito.anyString())).toReturn(new AutoGenDataService()); request.initialize(message, Mockito.mock(BufferManager.class), - new FakeDataManager(), new FakeTransactionService(), null, workContext, false, null); - + new FakeDataManager(), new FakeTransactionService(), null, workContext, null); + request.setAuthorizationValidator(new DataRoleAuthorizationValidator(false, true)); request.processRequest(); return request; } Modified: trunk/engine/src/test/java/org/teiid/query/processor/TestProcessor.java =================================================================== --- trunk/engine/src/test/java/org/teiid/query/processor/TestProcessor.java 2011-04-04 22:35:34 UTC (rev 3059) +++ trunk/engine/src/test/java/org/teiid/query/processor/TestProcessor.java 2011-04-05 02:39:40 UTC (rev 3060) @@ -7650,5 +7650,5 @@ helpProcess(plan, dataManager, expected); } - private static final boolean DEBUG = true; + private static final boolean DEBUG = false; }