Author: shawkins
Date: 2010-08-27 14:51:58 -0400 (Fri, 27 Aug 2010)
New Revision: 2496
Modified:
branches/7.1.x/client/src/main/java/org/teiid/adminapi/DataPolicy.java
branches/7.1.x/client/src/main/java/org/teiid/adminapi/impl/DataPolicyMetadata.java
branches/7.1.x/client/src/main/resources/vdb-deployer.xsd
branches/7.1.x/documentation/reference/src/main/docbook/en-US/content/dataroles.xml
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/Request.java
branches/7.1.x/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java
branches/7.1.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPCore.java
Log:
TEIID-1231 update to change the functioning of visibility.
Modified: branches/7.1.x/client/src/main/java/org/teiid/adminapi/DataPolicy.java
===================================================================
--- branches/7.1.x/client/src/main/java/org/teiid/adminapi/DataPolicy.java 2010-08-26
19:18:29 UTC (rev 2495)
+++ branches/7.1.x/client/src/main/java/org/teiid/adminapi/DataPolicy.java 2010-08-27
18:51:58 UTC (rev 2496)
@@ -51,6 +51,7 @@
*/
List<String> getMappedRoleNames();
+ boolean isAnyAuthenticated();
interface DataPermission {
/**
Modified:
branches/7.1.x/client/src/main/java/org/teiid/adminapi/impl/DataPolicyMetadata.java
===================================================================
---
branches/7.1.x/client/src/main/java/org/teiid/adminapi/impl/DataPolicyMetadata.java 2010-08-26
19:18:29 UTC (rev 2495)
+++
branches/7.1.x/client/src/main/java/org/teiid/adminapi/impl/DataPolicyMetadata.java 2010-08-27
18:51:58 UTC (rev 2496)
@@ -52,6 +52,8 @@
protected String name;
@XmlElement(name = "description")
protected String description;
+ @XmlAttribute(name = "any-authenticated")
+ protected boolean anyAuthenticated;
@XmlElement(name = "permission")
protected PermissionMap permissions = new PermissionMap(new
KeyBuilder<PermissionMetaData>() {
@@ -251,4 +253,15 @@
return sb.toString();
}
}
+
+
+ @Override
+ @ManagementProperty(description="Indicates if the role is mapped to any
authenticated user.")
+ public boolean isAnyAuthenticated() {
+ return false;
+ }
+
+ public void setAnyAuthenticated(boolean anyAuthenticated) {
+ this.anyAuthenticated = anyAuthenticated;
+ }
}
Modified: branches/7.1.x/client/src/main/resources/vdb-deployer.xsd
===================================================================
--- branches/7.1.x/client/src/main/resources/vdb-deployer.xsd 2010-08-26 19:18:29 UTC (rev
2495)
+++ branches/7.1.x/client/src/main/resources/vdb-deployer.xsd 2010-08-27 18:51:58 UTC (rev
2496)
@@ -98,6 +98,7 @@
<xs:element name="mapped-role-name"
type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="name" type="xs:string"
use="required"/>
+ <xs:attribute name="any-authenticated"
type="xs:boolean"/>
</xs:complexType>
</xs:element>
<xs:element name="entry" minOccurs="0"
maxOccurs="unbounded">
Modified:
branches/7.1.x/documentation/reference/src/main/docbook/en-US/content/dataroles.xml
===================================================================
---
branches/7.1.x/documentation/reference/src/main/docbook/en-US/content/dataroles.xml 2010-08-26
19:18:29 UTC (rev 2495)
+++
branches/7.1.x/documentation/reference/src/main/docbook/en-US/content/dataroles.xml 2010-08-27
18:51:58 UTC (rev 2496)
@@ -5,7 +5,7 @@
]>
<chapter id="dataroles">
<title>Data Roles</title>
- <para>Data roles, also called entitlements, are sets of permissions that are
defined
+ <para>Data roles, also called entitlements, are sets of permissions defined
per VDB that dictate data access (create, read, update, delete). The use of data
roles can be disabled system wide with the property in
&jboss-beans; file in bean configuration section of
<code>RuntimeEngineDeployer</code> with property
<code>useDataRoles</code>.</para>
@@ -26,14 +26,16 @@
Thus it is possible to set very general permissions at high-level resource path names
and to override only as necessary at more specific resource paths.
</para>
- <para>Permission grants are only needed for resources that are visible.
- All non-visible, typically physical, models in a VDB are automatically
- inaccessible by user level requests. Permissions are also only applied
- to the columns and tables in the user query - not to every resource
- accessed transitively through views and procedures.
+ <para>Permission grants are only needed for resources that a role needs access
to.
+ Permissions are also only applied to the columns/tables/procedures in the user query -
not to every resource
+ accessed transitively through view and procedure definitions.
It is important therefore to ensure that permission grants are applied
- consistently across visible models that access the same resources.
+ consistently across models that access the same resources.
</para>
+
+ <warning><para>Unlike previous versions of Teiid, non-visible models are
accessible by user queries.
+ To restrict user access at a model level, at least one data role should be created to
enable data role checking.
+ In turn that role can be mapped to any authenticated user and should not grant
permissions to models that should be inaccessable.</para></warning>
<orderedlist>
<para>To process a <emphasis>SELECT</emphasis> statement or a
stored procedure execution, the user account requires the following access
rights:</para>
@@ -66,6 +68,16 @@
</orderedlist>
</section>
+
+ <section>
+ <title>Role Mapping</title>
+ <para>Each Teiid data role can be mapped to any number of container roles or
any authenticated user.
+ You may control role membership through whatever system the Teiid security domain
login modules are associated with.
+ The kit includes example files for use with the UsersRolesLoginModule - see
teiid-security-roles.properties.</para>
+ <para>It is possible for a user to have any number of container roles, which
in turn imply a subset of Teiid data roles.
+ Each applicable Teiid data role contributes cumulatively to the permissions of the
user.
+ No one role supercedes or negates the permissions of the other data
roles.</para>
+ </section>
<section>
<title>XML Definition</title>
Modified:
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java
===================================================================
---
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java 2010-08-26
19:18:29 UTC (rev 2495)
+++
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java 2010-08-27
18:51:58 UTC (rev 2496)
@@ -36,8 +36,6 @@
import org.teiid.adminapi.DataPolicy;
import org.teiid.adminapi.impl.DataPolicyMetadata;
-import org.teiid.adminapi.impl.ModelMetaData;
-import org.teiid.adminapi.impl.VDBMetaData;
import org.teiid.api.exception.query.QueryMetadataException;
import org.teiid.core.TeiidComponentException;
import org.teiid.core.TeiidProcessingException;
@@ -75,32 +73,16 @@
STORED_PROCEDURE;
}
- private VDBMetaData vdb;
private HashMap<String, DataPolicy> allowedPolicies;
private String userName;
- private boolean useEntitlements;
- public AuthorizationValidationVisitor(VDBMetaData vdb, boolean useEntitlements,
HashMap<String, DataPolicy> policies, String user) {
- this.vdb = vdb;
+ public AuthorizationValidationVisitor(HashMap<String, DataPolicy> policies,
String user) {
this.allowedPolicies = policies;
this.userName = user;
- this.useEntitlements = useEntitlements;
}
// ############### Visitor methods for language objects ##################
- @Override
- public void visit(GroupSymbol obj) {
- try {
- Object modelID = getMetadata().getModelID(obj.getMetadataID());
- this.validateModelVisibility(modelID, obj);
- } catch(QueryMetadataException e) {
- handleException(e, obj);
- } catch(TeiidComponentException e) {
- handleException(e, obj);
- }
- }
-
public void visit(Delete obj) {
validateEntitlements(obj);
}
@@ -118,7 +100,6 @@
}
public void visit(StoredProcedure obj) {
- this.validateModelVisibility(obj.getModelID(), obj.getGroup());
validateEntitlements(obj);
}
@@ -126,7 +107,6 @@
if (FunctionLibrary.LOOKUP.equalsIgnoreCase(obj.getName())) {
try {
ResolverUtil.ResolvedLookup lookup = ResolverUtil.resolveLookup(obj,
this.getMetadata());
-
validateModelVisibility(getMetadata().getModelID(lookup.getGroup().getMetadataID()),
lookup.getGroup());
List<Symbol> symbols = new LinkedList<Symbol>();
symbols.add(lookup.getGroup());
symbols.add(lookup.getKeyElement());
@@ -289,30 +269,10 @@
}
- protected void validateModelVisibility(Object modelID, GroupSymbol group) {
- if(modelID instanceof TempMetadataID){
- return;
- }
- try {
- String modelName = getMetadata().getFullName(modelID);
- ModelMetaData model = vdb.getModel(modelName);
- if(!model.isVisible()) {
- handleValidationError(DQPPlugin.Util.getString("ERR.018.005.0088",
getMetadata().getFullName(group.getMetadataID()))); //$NON-NLS-1$
- }
- } catch (TeiidComponentException e) {
- handleException(e, group);
- }
- }
-
-
/**
* Out of resources specified, return the subset for which the specified not have
authorization to access.
*/
public Set<String> getInaccessibleResources(DataPolicy.PermissionType action,
Set<String> resources, Context context) {
- if (!this.useEntitlements) {
- return Collections.emptySet();
- }
-
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING,
MessageLevel.DETAIL)) {
// Audit - request
AuditMessage msg = new AuditMessage(context.name(),
"getInaccessibleResources-request", this.userName, resources.toArray(new
String[resources.size()])); //$NON-NLS-1$
Modified:
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
===================================================================
---
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2010-08-26
19:18:29 UTC (rev 2495)
+++
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2010-08-27
18:51:58 UTC (rev 2496)
@@ -203,9 +203,7 @@
}
// get data roles from the VDB
- List<DataPolicy> policies = getVDB().getDataPolicies();
-
- for (DataPolicy policy : policies) {
+ for (DataPolicy policy : getVDB().getDataPolicies()) {
if (matchesPrincipal(userRoles, policy)) {
this.policies.put(policy.getName(), policy);
}
@@ -215,9 +213,14 @@
}
private boolean matchesPrincipal(Set<String> userRoles, DataPolicy policy) {
+ if (policy.isAnyAuthenticated()) {
+ return true;
+ }
List<String> roles = policy.getMappedRoleNames();
for (String role:roles) {
- return userRoles.contains(role);
+ if (userRoles.contains(role)) {
+ return true;
+ }
}
return false;
}
Modified: branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/Request.java
===================================================================
---
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/Request.java 2010-08-26
19:18:29 UTC (rev 2495)
+++
branches/7.1.x/engine/src/main/java/org/teiid/dqp/internal/process/Request.java 2010-08-27
18:51:58 UTC (rev 2496)
@@ -461,8 +461,10 @@
}
protected void validateAccess(Command command) throws QueryValidatorException,
TeiidComponentException {
- AuthorizationValidationVisitor visitor = new
AuthorizationValidationVisitor(this.workContext.getVDB(), this.useEntitlements,
this.workContext.getAllowedDataPolicies(), this.workContext.getUserName());
- validateWithVisitor(visitor, this.metadata, command);
+ if (useEntitlements) {
+ AuthorizationValidationVisitor visitor = new
AuthorizationValidationVisitor(this.workContext.getAllowedDataPolicies(),
this.workContext.getUserName());
+ validateWithVisitor(visitor, this.metadata, command);
+ }
}
}
Modified:
branches/7.1.x/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java
===================================================================
---
branches/7.1.x/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java 2010-08-26
19:18:29 UTC (rev 2495)
+++
branches/7.1.x/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java 2010-08-27
18:51:58 UTC (rev 2496)
@@ -22,14 +22,16 @@
package org.teiid.dqp.internal.process;
+import static org.junit.Assert.*;
+
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
-import junit.framework.TestCase;
-
+import org.junit.Ignore;
+import org.junit.Test;
import org.teiid.adminapi.DataPolicy;
import org.teiid.adminapi.DataPolicy.PermissionType;
import org.teiid.adminapi.impl.DataPolicyMetadata;
@@ -39,8 +41,6 @@
import org.teiid.api.exception.query.QueryResolverException;
import org.teiid.api.exception.query.QueryValidatorException;
import org.teiid.core.TeiidComponentException;
-import org.teiid.dqp.internal.process.AuthorizationValidationVisitor;
-import org.teiid.dqp.internal.process.Request;
import org.teiid.query.metadata.QueryMetadataInterface;
import org.teiid.query.parser.QueryParser;
import org.teiid.query.resolver.QueryResolver;
@@ -52,18 +52,10 @@
import org.teiid.query.validator.ValidatorReport;
-public class TestAuthorizationValidationVisitor extends TestCase {
+public class TestAuthorizationValidationVisitor {
public static final String CONN_ID = "connID"; //$NON-NLS-1$
- /**
- * Constructor for TestAuthorizationValidationVisitor.
- * @param name
- */
- public TestAuthorizationValidationVisitor(String name) {
- super(name);
- }
-
PermissionMetaData addResource(PermissionType type, boolean flag, String resource) {
PermissionMetaData p = new PermissionMetaData();
p.setResourceName(resource);
@@ -164,7 +156,7 @@
HashMap<String, DataPolicy> policies = new HashMap<String,
DataPolicy>();
policies.put(policy.getName(), policy);
- AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(vdb,
true, policies, "test"); //$NON-NLS-1$
+ AuthorizationValidationVisitor visitor = new
AuthorizationValidationVisitor(policies, "test"); //$NON-NLS-1$
ValidatorReport report = Validator.validate(command, metadata, visitor);
if(report.hasItems()) {
ValidatorFailure firstFailure = (ValidatorFailure)
report.getItems().iterator().next();
@@ -184,116 +176,118 @@
}
}
- public void testEverythingAccessible() throws Exception {
+ @Test public void testEverythingAccessible() throws Exception {
helpTest(exampleAuthSvc1(), "SELECT e1 FROM pm1.g1",
FakeMetadataFactory.example1Cached(), new String[] {}, FakeMetadataFactory.example1VDB());
//$NON-NLS-1$
}
- public void testEverythingAccessible1() throws Exception {
+ @Test public void testEverythingAccessible1() throws Exception {
helpTest(exampleAuthSvc1(), "SELECT e1 FROM (select e1 from pm1.g1) x",
FakeMetadataFactory.example1Cached(), new String[] {}, FakeMetadataFactory.example1VDB());
//$NON-NLS-1$
}
- public void testEverythingAccessible2() throws Exception {
+ @Test public void testEverythingAccessible2() throws Exception {
helpTest(exampleAuthSvc1(), "SELECT lookup('pm1.g1', 'e1',
'e1', '1'), e1 FROM (select e1 from pm1.g1) x",
FakeMetadataFactory.example1Cached(), new String[] {}, FakeMetadataFactory.example1VDB());
//$NON-NLS-1$
}
- public void testInaccesibleElement() throws Exception {
+ @Test public void testInaccesibleElement() throws Exception {
helpTest(exampleAuthSvc1(), "SELECT e2 FROM pm1.g1",
FakeMetadataFactory.example1Cached(), new String[] {"pm1.g1.e2"},
FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testInaccesibleElement2() throws Exception {
+ @Test public void testInaccesibleElement2() throws Exception {
helpTest(exampleAuthSvc1(), "SELECT lookup('pm1.g1', 'e1',
'e2', '1')", FakeMetadataFactory.example1Cached(), new String[]
{"pm1.g1.e2"}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testInaccesibleGroup() throws Exception {
+ @Test public void testInaccesibleGroup() throws Exception {
helpTest(exampleAuthSvc1(), "SELECT e1 FROM pm1.g2",
FakeMetadataFactory.example1Cached(), new String[] {"pm1.g2",
"pm1.g2.e1"}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
//$NON-NLS-3$
}
- public void testInsert() throws Exception {
+ @Test public void testInsert() throws Exception {
helpTest(exampleAuthSvc1(), "INSERT INTO pm1.g1 (e1, e2, e3, e4) VALUES
('x', 5, {b'true'}, 1.0)", FakeMetadataFactory.example1Cached(), new
String[] {}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$
}
- public void testInsertInaccessible() throws Exception {
+ @Test public void testInsertInaccessible() throws Exception {
helpTest(exampleAuthSvc1(), "INSERT INTO pm1.g2 (e1, e2, e3, e4) VALUES
('x', 5, {b'true'}, 1.0)", FakeMetadataFactory.example1Cached(), new
String[] {"pm1.g2.e1"}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$
//$NON-NLS-2$
}
- public void testUpdate() throws Exception {
+ @Test public void testUpdate() throws Exception {
helpTest(exampleAuthSvc1(), "UPDATE pm1.g1 SET e2 = 5",
FakeMetadataFactory.example1Cached(), new String[] {}, FakeMetadataFactory.example1VDB());
//$NON-NLS-1$
}
- public void testUpdateCriteriaInaccessibleForRead() throws Exception {
+ @Test public void testUpdateCriteriaInaccessibleForRead() throws Exception {
helpTest(exampleAuthSvc1(), "UPDATE pm1.g2 SET e2 = 5 WHERE e1 =
'x'", FakeMetadataFactory.example1Cached(), new String[]
{"pm1.g2.e1"}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testUpdateElementInaccessibleForUpdate() throws Exception {
+ @Test public void testUpdateElementInaccessibleForUpdate() throws Exception {
helpTest(exampleAuthSvc1(), "UPDATE pm1.g1 SET e1 = 5 WHERE e1 =
'x'", FakeMetadataFactory.example1Cached(), new String[]
{"pm1.g1.e1"}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testDelete() throws Exception {
+ @Test public void testDelete() throws Exception {
helpTest(exampleAuthSvc1(), "DELETE FROM pm1.g1",
FakeMetadataFactory.example1Cached(), new String[] {}, FakeMetadataFactory.example1VDB());
//$NON-NLS-1$
}
- public void testDeleteCriteriaInaccesibleForRead() throws Exception {
+ @Test public void testDeleteCriteriaInaccesibleForRead() throws Exception {
helpTest(exampleAuthSvc1(), "DELETE FROM pm1.g2 WHERE e1 =
'x'", FakeMetadataFactory.example1Cached(), new String[]
{"pm1.g2.e1"}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testDeleteInaccesibleGroup() throws Exception {
+ @Test public void testDeleteInaccesibleGroup() throws Exception {
helpTest(exampleAuthSvc1(), "DELETE FROM pm1.g3",
FakeMetadataFactory.example1Cached(), new String[] {"pm1.g3"},
FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testProc() throws Exception {
+ @Test public void testProc() throws Exception {
helpTest(exampleAuthSvc1(), "EXEC pm1.sq1()",
FakeMetadataFactory.example1Cached(), new String[] {}, FakeMetadataFactory.example1VDB());
//$NON-NLS-1$
}
- public void testProcInaccesible() throws Exception {
+ @Test public void testProcInaccesible() throws Exception {
helpTest(exampleAuthSvc1(), "EXEC pm1.sq2('xyz')",
FakeMetadataFactory.example1Cached(), new String[] {"pm1.sq2"},
FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testSelectIntoEverythingAccessible() throws Exception {
+ @Test public void testSelectIntoEverythingAccessible() throws Exception {
helpTest(exampleAuthSvc2(), "SELECT e1, e2, e3, e4 INTO pm1.g2 FROM
pm2.g1", FakeMetadataFactory.example1Cached(), new String[] {},
FakeMetadataFactory.example1VDB()); //$NON-NLS-1$
}
- public void testSelectIntoTarget_e1_NotAccessible() throws Exception {
+ @Test public void testSelectIntoTarget_e1_NotAccessible() throws Exception {
helpTest(exampleAuthSvc2(), "SELECT e1, e2, e3, e4 INTO pm2.g2 FROM
pm2.g1", FakeMetadataFactory.example1Cached(), new String[]
{"pm2.g2.e2","pm2.g2.e4","pm2.g2.e3"},
FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
//$NON-NLS-4$
}
- public void testSelectIntoTarget_e1e2_NotAccessible() throws Exception {
+ @Test public void testSelectIntoTarget_e1e2_NotAccessible() throws Exception {
helpTest(exampleAuthSvc2(), "SELECT e1, e2, e3, e4 INTO pm3.g2 FROM
pm2.g1", FakeMetadataFactory.example1Cached(), new String[] {"pm3.g2.e4",
"pm3.g2.e3"},FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
//$NON-NLS-3$
}
- public void testTempTableSelectInto() throws Exception {
+ @Test public void testTempTableSelectInto() throws Exception {
helpTest(exampleAuthSvc1(), "SELECT e1 INTO #temp FROM pm1.g1",
FakeMetadataFactory.example1Cached(), new String[] {}, FakeMetadataFactory.example1VDB());
//$NON-NLS-1$
}
- public void testTempTableSelectInto1() throws Exception {
+ @Test public void testTempTableSelectInto1() throws Exception {
helpTest(exampleAuthSvc1(), "SELECT e1, e2 INTO #temp FROM pm1.g1",
FakeMetadataFactory.example1Cached(), new String[] {"pm1.g1.e2"},
FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testTempTableInsert() throws Exception {
+ @Test public void testTempTableInsert() throws Exception {
helpTest(exampleAuthSvc2(), "insert into #temp (e1, e2, e3, e4) values
('1', '2', '3', '4')",
FakeMetadataFactory.example1Cached(), new String[] {}, FakeMetadataFactory.example1VDB());
//$NON-NLS-1$
}
- public void testXMLAccessible() throws Exception {
+ @Test public void testXMLAccessible() throws Exception {
helpTest(exampleAuthSvc2(), "select * from xmltest.doc1",
FakeMetadataFactory.example1Cached(), new String[] {"xmltest.doc1"},
FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
- public void testXMLInAccessible() throws Exception {
+ @Test public void testXMLInAccessible() throws Exception {
helpTest(exampleAuthSvc1(), "select * from xmltest.doc1",
FakeMetadataFactory.example1Cached(), new String[] {"xmltest.doc1"},
FakeMetadataFactory.example1VDB()); //$NON-NLS-1$ //$NON-NLS-2$
}
private void helpTestLookupVisibility(boolean visible) throws QueryParserException,
QueryValidatorException, TeiidComponentException {
VDBMetaData vdb = FakeMetadataFactory.example1VDB();
vdb.getModel("pm1").setVisible(visible); //$NON-NLS-1$
- AuthorizationValidationVisitor mvvv = new AuthorizationValidationVisitor(vdb, false,
new HashMap<String, DataPolicy>(), "test"); //$NON-NLS-1$
+ AuthorizationValidationVisitor mvvv = new AuthorizationValidationVisitor(new
HashMap<String, DataPolicy>(), "test"); //$NON-NLS-1$
String sql = "select lookup('pm1.g1', 'e1', 'e2',
1)"; //$NON-NLS-1$
Command command = QueryParser.getQueryParser().parseCommand(sql);
Request.validateWithVisitor(mvvv, FakeMetadataFactory.example1Cached(), command);
}
- public void testLookupVisibility() throws Exception {
+ @Ignore("visibility no longer ristricts access")
+ @Test public void testLookupVisibility() throws Exception {
helpTestLookupVisibility(true);
}
- public void testLookupVisibilityFails() throws Exception {
+ @Ignore("visibility no longer ristricts access")
+ @Test public void testLookupVisibilityFails() throws Exception {
try {
helpTestLookupVisibility(false);
fail("expected exception"); //$NON-NLS-1$
Modified:
branches/7.1.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPCore.java
===================================================================
---
branches/7.1.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPCore.java 2010-08-26
19:18:29 UTC (rev 2495)
+++
branches/7.1.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPCore.java 2010-08-27
18:51:58 UTC (rev 2496)
@@ -31,6 +31,7 @@
import org.junit.After;
import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Test;
import org.mockito.Mockito;
import org.teiid.api.exception.query.QueryResolverException;
@@ -172,6 +173,7 @@
}
}
+ @Ignore("visibility no longer ristricts access")
@Test public void testLookupVisibility() throws Exception {
helpTestVisibilityFails("select lookup('bqt3.smalla', 'intkey',
'stringkey', '?')"); //$NON-NLS-1$
}