Author: rareddy
Date: 2012-05-09 11:08:03 -0400 (Wed, 09 May 2012)
New Revision: 4079
Modified:
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/deployers/RuntimeEngineDeployer.java
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java
Log:
TEIID-2037: Fixing the propagation of the security context from DQPWorkContext on to the
executing thread and clearing it at the end of the thread run.
Modified: branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java
===================================================================
---
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-09
15:08:01 UTC (rev 4078)
+++
branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java 2012-05-09
15:08:03 UTC (rev 4079)
@@ -151,4 +151,6 @@
void associateSubjectInContext(String securityDomain, Subject subject);
Subject getSubjectInContext(String securityDomain);
+
+ public void clearSubjectInContext();
}
Modified:
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
---
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-09
15:08:01 UTC (rev 4078)
+++
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java 2012-05-09
15:08:03 UTC (rev 4079)
@@ -38,7 +38,7 @@
@Override
public boolean associateSecurityContext(String securityDomain, Object newContext) {
SecurityContext context = SecurityActions.getSecurityContext();
- if (context == null || (!context.getSecurityDomain().equals(securityDomain) &&
newContext != null)) {
+ if (context == null || (newContext != null && newContext != context)) {
SecurityActions.setSecurityContext((SecurityContext)newContext);
return true;
}
@@ -46,11 +46,8 @@
}
@Override
- public void clearSecurityContext(String securityDomain) {
- SecurityContext sc = SecurityActions.getSecurityContext();
- if (sc != null && sc.getSecurityDomain().equals(securityDomain)) {
- SecurityActions.clearSecurityContext();
- }
+ public void clearSecurityContext(String context) {
+ SecurityActions.clearSecurityContext();
}
@Override
@@ -64,8 +61,7 @@
@Override
public Object createSecurityContext(String securityDomain, Principal p, Object
credentials, Subject subject) {
- SecurityActions.pushSecurityContext(p, credentials, subject, securityDomain);
- return getSecurityContext(securityDomain);
+ return SecurityActions.createSecurityContext(p, credentials, subject, securityDomain);
}
@Override
Modified:
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java
===================================================================
---
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java 2012-05-09
15:08:01 UTC (rev 4078)
+++
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/SecurityActions.java 2012-05-09
15:08:03 UTC (rev 4079)
@@ -68,18 +68,17 @@
});
}
- static void pushSecurityContext(final Principal p, final Object cred, final Subject
subject, final String securityDomain)
+ static SecurityContext createSecurityContext(final Principal p, final Object cred,
final Subject subject, final String securityDomain)
{
- AccessController.doPrivileged(new PrivilegedAction<Object>() {
- public Object run() {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() {
+ public SecurityContext run() {
SecurityContext sc;
try {
sc = SecurityContextFactory.createSecurityContext(p, cred, subject,
securityDomain);
} catch (Exception e) {
throw new RuntimeException(e);
}
- setSecurityContext(sc);
- return null;
+ return sc;
}
});
}
Modified:
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/deployers/RuntimeEngineDeployer.java
===================================================================
---
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/deployers/RuntimeEngineDeployer.java 2012-05-09
15:08:01 UTC (rev 4078)
+++
branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/deployers/RuntimeEngineDeployer.java 2012-05-09
15:08:03 UTC (rev 4079)
@@ -235,6 +235,7 @@
jdbcCsr.setAuthenticationType(this.sessionService.getAuthType());
jdbcCsr.registerClientService(ILogon.class, logon, LogConstants.CTX_SECURITY);
jdbcCsr.registerClientService(DQP.class, dqpProxy, LogConstants.CTX_DQP);
+ jdbcCsr.setSecurityHelper(getSecurityHelper());
if (this.jdbcSocketConfiguration.getEnabled()) {
this.jdbcSocket = new SocketListener(this.jdbcSocketConfiguration, jdbcCsr,
this.dqpCore.getBufferManager(), offset);
@@ -247,6 +248,7 @@
adminCsr.setAuthenticationType(this.sessionService.getAuthType());
adminCsr.registerClientService(ILogon.class, logon, LogConstants.CTX_SECURITY);
adminCsr.registerClientService(Admin.class, adminProxy,
LogConstants.CTX_ADMIN_API);
+ adminCsr.setSecurityHelper(getSecurityHelper());
if (this.adminSocketConfiguration.getEnabled()) {
this.adminSocket = new SocketListener(this.adminSocketConfiguration, adminCsr,
this.dqpCore.getBufferManager(), offset);
Modified: branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
---
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-09
15:08:01 UTC (rev 4078)
+++
branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java 2012-05-09
15:08:03 UTC (rev 4079)
@@ -445,5 +445,10 @@
@Override
public String getGssSecurityDomain(){
return this.gssSecurityDomain;
+ }
+
+ @Override
+ public void clearSubjectInContext() {
+ this.securityHelper.clearSecurityContext(null);
}
}
Modified: branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java
===================================================================
--- branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-09
15:08:01 UTC (rev 4078)
+++ branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java 2012-05-09
15:08:03 UTC (rev 4079)
@@ -187,7 +187,9 @@
LogManager.logDetail(LogConstants.CTX_SECURITY, "Kerberos context
established"); //$NON-NLS-1$
//connProps.setProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION,
"true"); //$NON-NLS-1$
- return logon(connProps, result.serviceTicket);
+ LogonResult loginInResult = logon(connProps, result.serviceTicket);
+ service.clearSubjectInContext();
+ return loginInResult;
} catch (LoginException e) {
throw new LogonException(e,
RuntimePlugin.Util.getString("krb5_login_failed")); //$NON-NLS-1$
}