Author: shawkins Date: 2012-05-09 10:36:12 -0400 (Wed, 09 May 2012) New Revision: 4077 Added: branches/7.7.x/client/src/main/java/org/teiid/client/security/Secure.java Modified: branches/7.7.x/build/kits/jboss-container/teiid-releasenotes.html branches/7.7.x/client/src/main/java/org/teiid/client/DQP.java branches/7.7.x/client/src/main/java/org/teiid/client/security/ILogon.java branches/7.7.x/client/src/main/java/org/teiid/jdbc/ConnectionImpl.java branches/7.7.x/client/src/main/java/org/teiid/jdbc/JDBCURL.java branches/7.7.x/client/src/main/java/org/teiid/jdbc/StatementImpl.java branches/7.7.x/client/src/main/java/org/teiid/jdbc/TeiidDataSource.java branches/7.7.x/client/src/main/java/org/teiid/net/TeiidURL.java branches/7.7.x/client/src/main/java/org/teiid/net/socket/SocketServerConnection.java branches/7.7.x/client/src/main/java/org/teiid/net/socket/SocketServerInstanceImpl.java branches/7.7.x/client/src/test/java/org/teiid/jdbc/TestStatement.java branches/7.7.x/client/src/test/java/org/teiid/jdbc/TestTeiidDriver.java branches/7.7.x/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-connection.xml branches/7.7.x/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-extensions.xml Log: TEIID-2006 back port of set payload and encrypt requests Modified: branches/7.7.x/build/kits/jboss-container/teiid-releasenotes.html =================================================================== --- branches/7.7.x/build/kits/jboss-container/teiid-releasenotes.html 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/build/kits/jboss-container/teiid-releasenotes.html 2012-05-09 14:36:12 UTC (rev 4077) @@ -33,6 +33,8 @@ <LI><B>Padded String Comparison</B> - the system property org.teiid.padSpace can be set to effectively right pad strings to the same length for comparison. <LI><B>Copy LOBs</B> - added the copyLobs property to indicate that lob values should be copied by the engine rather than being held by reference. <LI><B>Enhanced parse/format pushdown</B> - added more built-in support and extension points for parse/format function pushdown. Added parse/format timestamp handling for SQLServer, Sybase, Oracle, and PostgreSQL. + <LI><B>SET PAYLOAD statement</B> - SET PAYLOAD can be used to set a name value pair on a session scoped payload that will be sent with requests. + <LI><B>ENCRYPT REQUESTS</B> - encryptRequests may be used as a connection/datasource property when not using SSL to indicate that request messgaes and any associated payload should be encrypted. </UL> <h2><a name="Compatibility">Compatibility Issues</a></h2> Modified: branches/7.7.x/client/src/main/java/org/teiid/client/DQP.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/client/DQP.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/client/DQP.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -26,6 +26,7 @@ import org.teiid.client.lob.LobChunk; import org.teiid.client.metadata.MetadataResult; +import org.teiid.client.security.Secure; import org.teiid.client.util.ResultsFuture; import org.teiid.client.xa.XATransactionException; import org.teiid.client.xa.XidImpl; @@ -35,6 +36,7 @@ public interface DQP { + @Secure(optional=true) ResultsFuture<ResultsMessage> executeRequest(long reqID, RequestMessage message) throws TeiidProcessingException, TeiidComponentException; ResultsFuture<ResultsMessage> processCursorRequest(long reqID, int batchFirst, int fetchSize) throws TeiidProcessingException; Modified: branches/7.7.x/client/src/main/java/org/teiid/client/security/ILogon.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/client/security/ILogon.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/client/security/ILogon.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -37,9 +37,11 @@ static final String KRB5TOKEN = "KRB5TOKEN"; //$NON-NLS-1$ static final String KRB5_ESTABLISHED = "KRB5_CONTEXT_ESTABLISHED"; //$NON-NLS-1$ + @Secure LogonResult logon(Properties connectionProperties) throws LogonException, TeiidComponentException, CommunicationException; + @Secure LogonResult neogitiateGssLogin(Properties connectionProperties, byte[] serviceToken, boolean createSession) throws LogonException; /** @@ -60,5 +62,6 @@ */ ResultsFuture<?> logoff() throws InvalidSessionException, TeiidComponentException; + @Secure void assertIdentity(SessionToken sessionId) throws InvalidSessionException, TeiidComponentException, CommunicationException; } Added: branches/7.7.x/client/src/main/java/org/teiid/client/security/Secure.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/client/security/Secure.java (rev 0) +++ branches/7.7.x/client/src/main/java/org/teiid/client/security/Secure.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -0,0 +1,40 @@ +/* + * JBoss, Home of Professional Open Source. + * See the COPYRIGHT.txt file distributed with this work for information + * regarding copyright ownership. Some portions may be licensed + * to Red Hat, Inc. under one or more contributor license agreements. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA. + */ + +package org.teiid.client.security; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Inherited; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +(a)Target({ElementType.METHOD}) +(a)Retention(RetentionPolicy.RUNTIME) +@Inherited +@Documented +public @interface Secure { + + boolean optional() default false; + +} Property changes on: branches/7.7.x/client/src/main/java/org/teiid/client/security/Secure.java ___________________________________________________________________ Added: svn:mime-type + text/plain Modified: branches/7.7.x/client/src/main/java/org/teiid/jdbc/ConnectionImpl.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/jdbc/ConnectionImpl.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/jdbc/ConnectionImpl.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -99,7 +99,8 @@ private String debugLog; // the last query annotations private Collection<Annotation> annotations; - private Properties connectionProps; + private Properties connectionProps; + private Properties payload; public ConnectionImpl(ServerConnection serverConn, Properties info, String url) { this.connectionProps = info; @@ -828,6 +829,7 @@ } public void recycleConnection() { + this.payload = null; try { //close all open statements this.closeStatements(); @@ -1005,6 +1007,14 @@ setPassword(oldPassword); } } + } + + public Properties getPayload() { + return payload; + } + + public void setPayload(Properties payload) { + this.payload = payload; } } Modified: branches/7.7.x/client/src/main/java/org/teiid/jdbc/JDBCURL.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/jdbc/JDBCURL.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/jdbc/JDBCURL.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -75,7 +75,8 @@ TeiidURL.CONNECTION.DISCOVERY_STRATEGY, TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, TeiidURL.CONNECTION.JAAS_NAME, - TeiidURL.CONNECTION.KERBEROS_SERVICE_PRINCIPLE_NAME)); + TeiidURL.CONNECTION.KERBEROS_SERVICE_PRINCIPLE_NAME, + TeiidURL.CONNECTION.ENCRYPT_REQUESTS)); props.addAll(EXECUTION_PROPERTIES); return Collections.unmodifiableSet(props); } Modified: branches/7.7.x/client/src/main/java/org/teiid/jdbc/StatementImpl.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/jdbc/StatementImpl.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/jdbc/StatementImpl.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -155,8 +155,8 @@ protected Map outParamIndexMap = new HashMap(); private static Pattern TRANSACTION_STATEMENT = Pattern.compile("\\s*(commit|rollback|(start\\s+transaction))\\s*;?", Pattern.CASE_INSENSITIVE); //$NON-NLS-1$ - private static Pattern SET_STATEMENT = Pattern.compile("\\s*set\\s+((?:session authorization)|(?:\\w+))\\s+(?:([a-zA-Z](?:\\w|_)*)|((?:'[^']*')+));?", Pattern.CASE_INSENSITIVE); //$NON-NLS-1$ - private static Pattern SHOW_STATEMENT = Pattern.compile("\\s*show\\s+(\\w*);?", Pattern.CASE_INSENSITIVE); //$NON-NLS-1$ + private static Pattern SET_STATEMENT = Pattern.compile("\\s*set(?:\\s+(payload))?\\s+((?:session authorization)|(?:[a-zA-Z]\\w*))\\s+(?:([a-zA-Z]\\w*)|((?:'[^']*')+));?", Pattern.CASE_INSENSITIVE); //$NON-NLS-1$ + private static Pattern SHOW_STATEMENT = Pattern.compile("\\s*show\\s+([a-zA-Z]\\w*);?", Pattern.CASE_INSENSITIVE); //$NON-NLS-1$ /** * Factory Constructor * @param driverConnection @@ -407,14 +407,22 @@ if (resultsMode == ResultsMode.RESULTSET) { throw new TeiidSQLException(JDBCPlugin.Util.getString("StatementImpl.set_result_set")); //$NON-NLS-1$ } - String key = match.group(1); - String value = match.group(2); + String key = match.group(2); + String value = match.group(3); if (value == null) { - value = match.group(3); + value = match.group(4); value = StringUtil.replaceAll(value, "''", "'"); //$NON-NLS-1$ //$NON-NLS-2$ value = value.substring(1, value.length() - 1); } - if ("SESSION AUTHORIZATION".equalsIgnoreCase(key)) { //$NON-NLS-1$ + if (match.group(1) != null) { + //payload case + Properties p = this.getMMConnection().getPayload(); + if (p == null) { + p = new Properties(); + this.getMMConnection().setPayload(p); + } + p.setProperty(key, value); + } else if ("SESSION AUTHORIZATION".equalsIgnoreCase(key)) { //$NON-NLS-1$ this.getMMConnection().changeUser(value, this.getMMConnection().getPassword()); } else if (key.equalsIgnoreCase(TeiidURL.CONNECTION.PASSWORD)) { this.getMMConnection().setPassword(value); @@ -565,7 +573,11 @@ this.getConnection().beginLocalTxnIfNeeded(); this.currentRequestID = this.driverConnection.nextRequestID(); // Create a request message - reqMsg.setExecutionPayload(this.payload); + if (this.payload != null) { + reqMsg.setExecutionPayload(this.payload); + } else { + reqMsg.setExecutionPayload(this.getMMConnection().getPayload()); + } reqMsg.setCursorType(this.resultSetType); reqMsg.setFetchSize(this.fetchSize); reqMsg.setRowLimit(this.maxRows); Modified: branches/7.7.x/client/src/main/java/org/teiid/jdbc/TeiidDataSource.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/jdbc/TeiidDataSource.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/jdbc/TeiidDataSource.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -107,6 +107,10 @@ * Name of Kerberos KDC service principle name */ private String kerberosServicePrincipleName; + /** + * If not using ssl determines whether requests with the associated command payload should be encrypted + */ + private boolean encryptRequests; public TeiidDataSource() { } @@ -517,5 +521,17 @@ public void setKerberosServicePrincipleName(String kerberosServerName) { this.kerberosServicePrincipleName = kerberosServerName; } + + public void setEncryptRequests(boolean encryptRequests) { + this.encryptRequests = encryptRequests; + } + + public boolean isEncryptRequests() { + return encryptRequests; + } + + public boolean getEncryptRequests() { + return encryptRequests; + } } Modified: branches/7.7.x/client/src/main/java/org/teiid/net/TeiidURL.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/net/TeiidURL.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/net/TeiidURL.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -86,6 +86,8 @@ public static final String JAAS_NAME = "jaasName"; //$NON-NLS-1$ public static final String KERBEROS_SERVICE_PRINCIPLE_NAME = "kerberosServicePrincipleName"; //$NON-NLS-1$; + + public static final String ENCRYPT_REQUESTS = "encryptRequests"; //$NON-NLS-1$; } public static final String DOT_DELIMITER = "."; //$NON-NLS-1$ Modified: branches/7.7.x/client/src/main/java/org/teiid/net/socket/SocketServerConnection.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/net/socket/SocketServerConnection.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/net/socket/SocketServerConnection.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -49,6 +49,7 @@ import org.teiid.client.util.ResultsFuture; import org.teiid.core.TeiidComponentException; import org.teiid.core.TeiidException; +import org.teiid.core.util.PropertiesUtils; import org.teiid.gss.MakeGSS; import org.teiid.jdbc.JDBCPlugin; import org.teiid.net.CommunicationException; @@ -211,7 +212,7 @@ } public <T> T getService(Class<T> iface) { - return iface.cast(Proxy.newProxyInstance(this.getClass().getClassLoader(), new Class[] {iface}, new SocketServerInstanceImpl.RemoteInvocationHandler(iface) { + return iface.cast(Proxy.newProxyInstance(this.getClass().getClassLoader(), new Class[] {iface}, new SocketServerInstanceImpl.RemoteInvocationHandler(iface, PropertiesUtils.getBooleanProperty(connProps, TeiidURL.CONNECTION.ENCRYPT_REQUESTS, false)) { @Override protected SocketServerInstance getInstance() throws CommunicationException { if (failOver && System.currentTimeMillis() - lastPing > pingFailOverInterval) { Modified: branches/7.7.x/client/src/main/java/org/teiid/net/socket/SocketServerInstanceImpl.java =================================================================== --- branches/7.7.x/client/src/main/java/org/teiid/net/socket/SocketServerInstanceImpl.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/main/java/org/teiid/net/socket/SocketServerInstanceImpl.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -31,6 +31,7 @@ import java.lang.reflect.Proxy; import java.net.InetSocketAddress; import java.net.SocketTimeoutException; +import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Set; @@ -43,7 +44,7 @@ import java.util.logging.Level; import java.util.logging.Logger; -import org.teiid.client.security.ILogon; +import org.teiid.client.security.Secure; import org.teiid.client.util.ExceptionHolder; import org.teiid.client.util.ExceptionUtil; import org.teiid.client.util.ResultsFuture; @@ -77,6 +78,7 @@ private Cryptor cryptor; private String serverVersion; private AuthenticationType authType = AuthenticationType.CLEARTEXT; + private HashMap<Class<?>, Object> serviceMap = new HashMap<Class<?>, Object>(); private boolean hasReader; @@ -275,15 +277,19 @@ } } - @SuppressWarnings("unchecked") @Override - public <T> T getService(Class<T> iface) { - return (T)Proxy.newProxyInstance(this.getClass().getClassLoader(), new Class[] {iface}, new RemoteInvocationHandler(iface) { - @Override - protected SocketServerInstanceImpl getInstance() { - return SocketServerInstanceImpl.this; - } - }); + public synchronized <T> T getService(Class<T> iface) { + Object service = this.serviceMap.get(iface); + if (service == null) { + service = Proxy.newProxyInstance(this.getClass().getClassLoader(), new Class[] {iface}, new RemoteInvocationHandler(iface, false) { + @Override + protected SocketServerInstanceImpl getInstance() { + return SocketServerInstanceImpl.this; + } + }); + this.serviceMap.put(iface, service); + } + return iface.cast(service); } public long getSynchTimeout() { @@ -292,12 +298,12 @@ public static abstract class RemoteInvocationHandler implements InvocationHandler { - private boolean secure; private Class<?> targetClass; + private boolean secureOptional; - public RemoteInvocationHandler(Class<?> targetClass) { + public RemoteInvocationHandler(Class<?> targetClass, boolean secureOptional) { this.targetClass = targetClass; - this.secure = ILogon.class.isAssignableFrom(targetClass); + this.secureOptional = secureOptional; } @Override @@ -309,7 +315,8 @@ Message message = new Message(); message.setContents(new ServiceInvocationStruct(args, method.getName(), targetClass)); - if (secure) { + Secure secure = method.getAnnotation(Secure.class); + if (secure != null && (!secure.optional() || secureOptional)) { message.setContents(instance.getCryptor().sealObject(message.getContents())); } ResultsFuture<Object> results = new ResultsFuture<Object>() { Modified: branches/7.7.x/client/src/test/java/org/teiid/jdbc/TestStatement.java =================================================================== --- branches/7.7.x/client/src/test/java/org/teiid/jdbc/TestStatement.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/test/java/org/teiid/jdbc/TestStatement.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -71,6 +71,14 @@ assertEquals("b'ar", p.get("foo")); //$NON-NLS-1$ //$NON-NLS-2$ } + @Test public void testSetPayloadStatement() throws Exception { + ConnectionImpl conn = Mockito.mock(ConnectionImpl.class); + Properties p = new Properties(); + Mockito.stub(conn.getExecutionProperties()).toReturn(p); + StatementImpl statement = new StatementImpl(conn, ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_READ_ONLY); + assertFalse(statement.execute("set payload foo bar")); //$NON-NLS-1$ + } + @Test public void testSetAuthorizationStatement() throws Exception { ConnectionImpl conn = Mockito.mock(ConnectionImpl.class); Properties p = new Properties(); Modified: branches/7.7.x/client/src/test/java/org/teiid/jdbc/TestTeiidDriver.java =================================================================== --- branches/7.7.x/client/src/test/java/org/teiid/jdbc/TestTeiidDriver.java 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/client/src/test/java/org/teiid/jdbc/TestTeiidDriver.java 2012-05-09 14:36:12 UTC (rev 4077) @@ -138,7 +138,7 @@ @Test public void testGetPropertyInfo1() throws Exception { DriverPropertyInfo info[] = drv.getPropertyInfo("jdbc:teiid:vdb@mm://localhost:12345;applicationName=x", null); //$NON-NLS-1$ - assertEquals(23, info.length); + assertEquals(24, info.length); assertEquals(false, info[0].required); assertEquals("ApplicationName", info[0].name); //$NON-NLS-1$ assertEquals("x", info[0].value); //$NON-NLS-1$ Modified: branches/7.7.x/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-connection.xml =================================================================== --- branches/7.7.x/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-connection.xml 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-connection.xml 2012-05-09 14:36:12 UTC (rev 4077) @@ -280,7 +280,17 @@ See the Admin Guide for configuration required for GSS</para> </entry> </row> - + <row> + <entry> + <code>encryptRequests</code> + </entry> + <entry> + <code>boolean</code> + </entry> + <entry> + <para>Only applies to non-SSL socket connections. When "true" the request message and any associate payload will be encrypted using the connection cryptor. Default false.</para> + </entry> + </row> </tbody> </tgroup> </table> Modified: branches/7.7.x/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-extensions.xml =================================================================== --- branches/7.7.x/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-extensions.xml 2012-05-09 14:35:51 UTC (rev 4076) +++ branches/7.7.x/documentation/client-developers-guide/src/main/docbook/en-US/content/jdbc-extensions.xml 2012-05-09 14:36:12 UTC (rev 4077) @@ -193,7 +193,7 @@ <para>SET Syntax: </para> <listitem> - <para>SET (parameter|SESSION AUTHORIZATION) value + <para>SET [PAYLOAD] (parameter|SESSION AUTHORIZATION) value </para> </listitem> </itemizedlist> @@ -206,6 +206,9 @@ <listitem> <para>The value may be either a non-quoted identifier or a quoted string literal value.</para> </listitem> + <listitem> + <para>If payload is specified, e.g. "SET PAYLOAD x y", then a session scoped payload properties object will have the corresponding name value pair set. The payload object is not fully session scoped. It will be removed from the session when the XAConnection handle is closed / returned to the pool (assumes the use of TeiidDataSource). The session scoped payload is superseded by the usage of TeiidStatement.setPayload.</para> + </listitem> </itemizedlist> <para>The SET statement is most commonly used to control planning and execution.</para> <itemizedlist>