[teiid-issues] [JBoss JIRA] (TEIID-3380) Simplify Kerberos configuration with Embedded

Steven Hawkins (JIRA) issues at jboss.org
Fri Mar 20 10:45:20 EDT 2015 

    [ https://issues.jboss.org/browse/TEIID-3380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13052232#comment-13052232 ] 

Steven Hawkins commented on TEIID-3380:
---------------------------------------

I think we could go further to:

{code}
public abstract class SecurityHelper {
	
	public abstract Object associateSecurityContext(Object context);
	
	public abstract void clearSecurityContext();
	
	public abstract Object getSecurityContext();
	
	public abstract Subject getSubjectInContext(Object securityContext, String securityDomain);
	
	public abstract Object authenticate(String securityDomain, String userName, String baseUserName, Credentials credentials, String applicationName)
            throws LoginException;
    
	public abstract GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException;
    
	public boolean sameSubject(String securityDomain, Object context, Subject subject) {
...
{code}

Such that there are just 6 methods that need to be implemented.  Alternatively we could leave it as an interface and move the sameSubject method off.  Either way it can be rewritten to just use other methods already on the SecurityHelper.  Also we could just remove the use of the TeiidLoginContext and move the GSSResult into the org.teiid.security package.

Also we seem to have issues with the old \@domain login logic in that the login name that we pass to the full username in the Principle for authentication, when it should just the base username - and we should be escaping the username that is put in the session.

Let me know if you are ok with changes like this.

> Simplify Kerberos configuration with Embedded
> ---------------------------------------------
>
>                 Key: TEIID-3380
>                 URL: https://issues.jboss.org/browse/TEIID-3380
>             Project: Teiid
>          Issue Type: Quality Risk
>          Components: Embedded
>            Reporter: Steven Hawkins
>            Assignee: Ramesh Reddy
>             Fix For: 8.11
>
>
> The current code requires overriding the embedded server to install a custom session service.  It may be good to have some base level of functionality built-in and/or just delegated to the security helper.



--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

More information about the teiid-issues mailing list