Author: shawkins
Date: 2012-05-09 11:34:45 -0400 (Wed, 09 May 2012)
New Revision: 4081
Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java
trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java
trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java
Log:
TEIID-2037 applying changes forward.
Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-09
15:09:08 UTC (rev 4080)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java 2012-05-09
15:34:45 UTC (rev 4081)
@@ -241,7 +241,7 @@
runnable.run();
} finally {
if (associated) {
- securityHelper.clearSecurityContext(this.getSecurityDomain());
+ securityHelper.clearSecurityContext();
}
DQPWorkContext.releaseWorkContext();
if (previous != null) {
@@ -254,7 +254,7 @@
DQPWorkContext.setWorkContext(this);
boolean associated = false;
if (securityHelper != null && this.getSubject() != null) {
- associated = securityHelper.associateSecurityContext(this.getSecurityDomain(),
this.getSecurityContext());
+ associated = securityHelper.associateSecurityContext(this.getSecurityContext());
}
return associated;
}
Modified: trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-09
15:09:08 UTC (rev 4080)
+++ trunk/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-09
15:34:45 UTC (rev 4081)
@@ -148,7 +148,9 @@
String getGssSecurityDomain();
- void associateSubjectInContext(String securityDomain, Subject subject);
+ boolean associateSubjectInContext(String securityDomain, Subject subject);
Subject getSubjectInContext(String securityDomain);
+
+ public void clearSubjectInContext();
}
Modified: trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-09 15:09:08
UTC (rev 4080)
+++ trunk/engine/src/main/java/org/teiid/security/SecurityHelper.java 2012-05-09 15:34:45
UTC (rev 4081)
@@ -28,9 +28,9 @@
public interface SecurityHelper {
- boolean associateSecurityContext(String securityDomain, Object context);
+ boolean associateSecurityContext(Object context);
- void clearSecurityContext(String securityDomain);
+ void clearSecurityContext();
Object getSecurityContext(String securityDomain);
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
---
trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-09
15:09:08 UTC (rev 4080)
+++
trunk/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-09
15:34:45 UTC (rev 4081)
@@ -36,9 +36,9 @@
private static final long serialVersionUID = 3598997061994110254L;
@Override
- public boolean associateSecurityContext(String securityDomain, Object newContext) {
+ public boolean associateSecurityContext(Object newContext) {
SecurityContext context = SecurityActions.getSecurityContext();
- if (context == null || (!context.getSecurityDomain().equals(securityDomain) &&
newContext != null)) {
+ if (context == null || (newContext != null && newContext != context)) {
SecurityActions.setSecurityContext((SecurityContext)newContext);
return true;
}
@@ -46,11 +46,8 @@
}
@Override
- public void clearSecurityContext(String securityDomain) {
- SecurityContext sc = SecurityActions.getSecurityContext();
- if (sc != null && sc.getSecurityDomain().equals(securityDomain)) {
- SecurityActions.clearSecurityContext();
- }
+ public void clearSecurityContext() {
+ SecurityActions.clearSecurityContext();
}
@Override
@@ -64,8 +61,7 @@
@Override
public Object createSecurityContext(String securityDomain, Principal p, Object
credentials, Subject subject) {
- SecurityActions.pushSecurityContext(p, credentials, subject, securityDomain);
- return getSecurityContext(securityDomain);
+ return SecurityActions.createSecurityContext(p, credentials, subject, securityDomain);
}
@Override
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java 2012-05-09
15:09:08 UTC (rev 4080)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java 2012-05-09
15:34:45 UTC (rev 4081)
@@ -68,18 +68,17 @@
});
}
- static void pushSecurityContext(final Principal p, final Object cred, final Subject
subject, final String securityDomain)
+ static SecurityContext createSecurityContext(final Principal p, final Object cred,
final Subject subject, final String securityDomain)
{
- AccessController.doPrivileged(new PrivilegedAction<Object>() {
- public Object run() {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() {
+ public SecurityContext run() {
SecurityContext sc;
try {
sc = SecurityContextFactory.createSecurityContext(p, cred, subject,
securityDomain);
} catch (Exception e) {
throw new RuntimeException(e);
}
- setSecurityContext(sc);
- return null;
+ return sc;
}
});
}
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java 2012-05-09
15:09:08 UTC (rev 4080)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java 2012-05-09
15:34:45 UTC (rev 4081)
@@ -119,6 +119,7 @@
this.sessionService.setAuthenticationType(getAuthenticationType());
this.sessionService.setGssSecurityDomain(this.krb5Domain);
this.sessionService.start();
+ this.csr.setAuthenticationType(this.sessionService.getAuthenticationType());
// create the necessary services
this.logon = new LogonImpl(this.sessionService, "teiid-cluster");
//$NON-NLS-1$
Modified: trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-09
15:09:08 UTC (rev 4080)
+++ trunk/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-09
15:34:45 UTC (rev 4081)
@@ -388,13 +388,13 @@
}
@Override
- public void associateSubjectInContext(String securityDomain, Subject subject) {
+ public boolean associateSubjectInContext(String securityDomain, Subject subject) {
Principal principal = null;
for(Principal p:subject.getPrincipals()) {
principal = p;
break;
}
- this.securityHelper.associateSecurityContext(securityDomain,
this.securityHelper.createSecurityContext(securityDomain, principal, null, subject));
+ return
this.securityHelper.associateSecurityContext(this.securityHelper.createSecurityContext(securityDomain,
principal, null, subject));
}
@Override
@@ -409,6 +409,11 @@
@Override
public String getGssSecurityDomain(){
return this.gssSecurityDomain;
+ }
+
+ @Override
+ public void clearSubjectInContext() {
+ this.securityHelper.clearSecurityContext();
}
protected Collection<String> getDomainsForUser(List<String> domains,
String username) {
Modified: trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-09 15:09:08 UTC
(rev 4080)
+++ trunk/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-09 15:34:45 UTC
(rev 4081)
@@ -158,7 +158,7 @@
String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
-
+ boolean associated = false;
try {
String securityDomain = service.getGssSecurityDomain();
if (securityDomain == null) {
@@ -174,7 +174,7 @@
}
if (result.context.isEstablished()) {
- service.associateSubjectInContext(securityDomain, subject);
+ associated = service.associateSubjectInContext(securityDomain, subject);
}
if (!result.context.isEstablished() || !createSession) {
@@ -186,10 +186,15 @@
LogManager.logDetail(LogConstants.CTX_SECURITY, "Kerberos context
established"); //$NON-NLS-1$
//connProps.setProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION,
"true"); //$NON-NLS-1$
- return logon(connProps, result.serviceTicket);
+ LogonResult loginInResult = logon(connProps, result.serviceTicket);
+ return loginInResult;
} catch (LoginException e) {
throw new LogonException(RuntimePlugin.Event.TEIID40061, e,
RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40061));
- }
+ } finally {
+ if (associated) {
+ service.clearSubjectInContext();
+ }
+ }
}
private String updateDQPContext(SessionMetadata s) {