[teiid-commits] teiid SVN: r4126 - in branches/7.7.x: engine/src/main/java/org/teiid/dqp/service and 5 other directories.

teiid-commits at lists.jboss.org teiid-commits at lists.jboss.org
Mon May 21 09:14:33 EDT 2012


Author: rareddy
Date: 2012-05-21 09:14:32 -0400 (Mon, 21 May 2012)
New Revision: 4126

Modified:
   branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
   branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java
   branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java
   branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
   branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
   branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
   branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java
Log:
TEIID-2055: Restore the previous security context on the thread explicitly after the task is finished.

Modified: branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java
===================================================================
--- branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java	2012-05-20 13:12:16 UTC (rev 4125)
+++ branches/7.7.x/engine/src/main/java/org/teiid/dqp/internal/process/DQPWorkContext.java	2012-05-21 13:14:32 UTC (rev 4126)
@@ -227,12 +227,13 @@
 	
 	public void runInContext(final Runnable runnable) {
 		DQPWorkContext previous = DQPWorkContext.getWorkContext();
+		Object previousSC = getSecurityContextOnThread();
 		boolean associated = attachDQPWorkContext();
 		try {
 			runnable.run();
 		} finally {
 			if (associated) {
-				securityHelper.clearSecurityContext(this.getSecurityDomain());			
+				securityHelper.clearSecurityContext(previousSC);			
 			}
 			DQPWorkContext.releaseWorkContext();
 			if (previous != null) {
@@ -241,11 +242,18 @@
 		}
 	}
 
+	private Object getSecurityContextOnThread() {
+		if (securityHelper != null) {
+			return securityHelper.getSecurityContextOnThread();			
+		}
+		return null;		
+	}
+	
 	private boolean attachDQPWorkContext() {
 		DQPWorkContext.setWorkContext(this);
 		boolean associated = false;
 		if (securityHelper != null && this.getSubject() != null) {
-			associated = securityHelper.associateSecurityContext(this.getSecurityDomain(), this.getSecurityContext());			
+			associated = securityHelper.associateSecurityContext(this.getSecurityContext());			
 		}
 		return associated;
 	}

Modified: branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java
===================================================================
--- branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java	2012-05-20 13:12:16 UTC (rev 4125)
+++ branches/7.7.x/engine/src/main/java/org/teiid/dqp/service/SessionService.java	2012-05-21 13:14:32 UTC (rev 4126)
@@ -152,5 +152,7 @@
 	
 	Subject getSubjectInContext(String securityDomain);
 
-	public void clearSubjectInContext();
+	public void clearSubjectInContext(Object prevSecurityContext);
+	
+	Object getSecurityContextOnThread();
 }

Modified: branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java
===================================================================
--- branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java	2012-05-20 13:12:16 UTC (rev 4125)
+++ branches/7.7.x/engine/src/main/java/org/teiid/security/SecurityHelper.java	2012-05-21 13:14:32 UTC (rev 4126)
@@ -28,10 +28,12 @@
 
 public interface SecurityHelper {
 	
-	boolean associateSecurityContext(String securityDomain, Object context);
+	boolean associateSecurityContext(Object context);
 	
-	void clearSecurityContext(String securityDomain);
+	void clearSecurityContext(Object prevContext);
 	
+	Object getSecurityContextOnThread();
+	
 	Object getSecurityContext(String securityDomain);
 	
 	Object createSecurityContext(String securityDomain, Principal p, Object credentials, Subject subject);

Modified: branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java
===================================================================
--- branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java	2012-05-20 13:12:16 UTC (rev 4125)
+++ branches/7.7.x/engine/src/test/java/org/teiid/dqp/internal/process/TestDQPWorkContext.java	2012-05-21 13:14:32 UTC (rev 4126)
@@ -22,14 +22,18 @@
 
 package org.teiid.dqp.internal.process;
 
+import java.security.Principal;
 import java.util.Map;
 
+import javax.security.auth.Subject;
+
 import org.mockito.Mockito;
 import org.teiid.adminapi.DataPolicy;
 import org.teiid.adminapi.impl.DataPolicyMetadata;
 import org.teiid.adminapi.impl.SessionMetadata;
 import org.teiid.adminapi.impl.VDBMetaData;
 import org.teiid.core.util.UnitTestUtil;
+import org.teiid.security.SecurityHelper;
 
 import junit.framework.TestCase;
 
@@ -92,4 +96,65 @@
 		Map<String, DataPolicy> map = message.getAllowedDataPolicies();
 		assertEquals(1, map.size());
 	}
+	
+	public void testRestoreSecurityContext() {
+		final SecurityHelper sc = new SecurityHelper() {
+			Object mycontext = null;
+			
+			@Override
+			public boolean sameSubject(String securityDomain, Object context,	Subject subject) {
+				return mycontext == context;
+			}
+			@Override
+			public Subject getSubjectInContext(String securityDomain) {
+				return null;
+			}
+			@Override
+			public Object getSecurityContextOnThread() {
+				return this.mycontext;
+			}
+			@Override
+			public Object getSecurityContext(String securityDomain) {
+				return this.mycontext;
+			}
+			@Override
+			public Object createSecurityContext(String securityDomain, Principal p,Object credentials, Subject subject) {
+				return securityDomain+"SC"; //$NON-NLS-1$ 
+			}
+			@Override
+			public void clearSecurityContext(Object prevContext) {
+				this.mycontext = prevContext;
+			}
+			@Override
+			public boolean associateSecurityContext(Object context) {
+				this.mycontext = context;
+				return true;
+			}
+		};	
+		Object previousSC = sc.createSecurityContext("test", null, null, null); //$NON-NLS-1$
+		sc.associateSecurityContext(previousSC);
+		
+		DQPWorkContext message = new DQPWorkContext() {
+		    public Subject getSubject() {
+		    	return new Subject();
+		    }			
+		};
+		message.setSecurityHelper(sc);
+		message.setSession(Mockito.mock(SessionMetadata.class));
+		final String currentSC = "teiid-security-context"; //$NON-NLS-1$
+		Mockito.stub(message.getSession().getSecurityContext()).toReturn(currentSC);
+		
+		Runnable r = new Runnable() {
+			@Override
+			public void run() {
+				assertEquals(currentSC, sc.getSecurityContextOnThread());
+			}
+		};
+		
+		message.runInContext(r);
+		
+		assertEquals(previousSC, sc.getSecurityContextOnThread());
+	}	
+	
+	
 }

Modified: branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java
===================================================================
--- branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java	2012-05-20 13:12:16 UTC (rev 4125)
+++ branches/7.7.x/jboss-integration/src/main/java/org/teiid/jboss/JBossSecurityHelper.java	2012-05-21 13:14:32 UTC (rev 4126)
@@ -36,7 +36,7 @@
 	private static final long serialVersionUID = 3598997061994110254L;
 
 	@Override
-	public boolean associateSecurityContext(String securityDomain, Object newContext) {
+	public boolean associateSecurityContext(Object newContext) {
 		SecurityContext context = SecurityActions.getSecurityContext();
 		if (context == null || (newContext != null && newContext != context)) {
 			SecurityActions.setSecurityContext((SecurityContext)newContext);
@@ -46,11 +46,19 @@
 	}
 
 	@Override
-	public void clearSecurityContext(String context) {
+	public void clearSecurityContext(Object prevContext) {
 		SecurityActions.clearSecurityContext();
+		if (prevContext != null) {
+			SecurityActions.setSecurityContext((SecurityContext)prevContext);
+		}
 	}
 	
 	@Override
+	public Object getSecurityContextOnThread() {
+		return SecurityActions.getSecurityContext();
+	}
+	
+	@Override
 	public Object getSecurityContext(String securityDomain) {
 		SecurityContext sc = SecurityActions.getSecurityContext();
 		if (sc != null && sc.getSecurityDomain().equals(securityDomain)) {

Modified: branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
===================================================================
--- branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java	2012-05-20 13:12:16 UTC (rev 4125)
+++ branches/7.7.x/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java	2012-05-21 13:14:32 UTC (rev 4126)
@@ -430,7 +430,7 @@
 			principal = p;
 			break;
     	}
-    	return this.securityHelper.associateSecurityContext(securityDomain, this.securityHelper.createSecurityContext(securityDomain, principal, null, subject));		
+    	return this.securityHelper.associateSecurityContext(this.securityHelper.createSecurityContext(securityDomain, principal, null, subject));		
 	}
 	
 	@Override
@@ -438,6 +438,11 @@
 		return this.securityHelper.getSubjectInContext(securityDomain);
 	}
 	
+	@Override
+	public Object getSecurityContextOnThread() {
+		return this.securityHelper.getSecurityContextOnThread();
+	}
+	
 	public void setGssSecurityDomain(String domain) {
 		this.gssSecurityDomain = domain;
 	}
@@ -448,7 +453,7 @@
 	}
 
 	@Override
-	public void clearSubjectInContext() {
-		this.securityHelper.clearSecurityContext(null);
+	public void clearSubjectInContext(Object previousSC) {
+		this.securityHelper.clearSecurityContext(previousSC);
 	}	
 }

Modified: branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java
===================================================================
--- branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java	2012-05-20 13:12:16 UTC (rev 4125)
+++ branches/7.7.x/runtime/src/main/java/org/teiid/transport/LogonImpl.java	2012-05-21 13:14:32 UTC (rev 4126)
@@ -160,6 +160,7 @@
         String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
         String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);		
 		boolean assosiated = false;
+		Object previousSC = null;
 		try {
 			String securityDomain = service.getGssSecurityDomain();
 			if (securityDomain == null) {
@@ -175,6 +176,7 @@
 			}
 			
 			if (result.context.isEstablished()) {
+				previousSC = service.getSecurityContextOnThread();
 				assosiated = service.associateSubjectInContext(securityDomain, subject);
 			}
 			
@@ -192,7 +194,7 @@
 			throw new LogonException(e, RuntimePlugin.Util.getString("krb5_login_failed")); //$NON-NLS-1$
 		} finally {
 			if (assosiated) {
-				this.service.clearSubjectInContext();
+				this.service.clearSubjectInContext(previousSC);
 			}
 		}
 	}



More information about the teiid-commits mailing list