TEIID-3079: removing the dependency on security-domain service from t…

…ransport service. At authentication time security-domain is looked up, and if it is not available then authentication will fail
teiid · Sep 3, 2014 · 1f5dd4e · 1f5dd4e
1 parent 49ddaa6
commit 1f5dd4e
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 41 deletions.
diff --git a/jboss-integration/src/main/java/org/teiid/jboss/JBossSessionService.java b/jboss-integration/src/main/java/org/teiid/jboss/JBossSessionService.java
@@ -22,14 +22,16 @@
 package org.teiid.jboss;
 
 import java.security.Principal;
-import java.util.Map;
 
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginException;
 
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSException;
 import org.jboss.as.security.plugins.SecurityDomainContext;
+import org.jboss.as.server.CurrentServiceContainer;
+import org.jboss.msc.service.ServiceController;
+import org.jboss.msc.service.ServiceName;
 import org.jboss.security.AuthenticationManager;
 import org.jboss.security.SecurityContext;
 import org.jboss.security.SimplePrincipal;
@@ -44,13 +46,7 @@
 import org.teiid.services.TeiidLoginContext;
 
 public class JBossSessionService extends SessionServiceImpl {
-
-	private Map<String, SecurityDomainContext> securityDomainMap;
 
-	public JBossSessionService(Map<String, SecurityDomainContext> securityDomainMap) {
-		this.securityDomainMap = securityDomainMap;
-	}
-
 	@Override
 	protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, String domain)
 			throws LoginException {
@@ -59,7 +55,7 @@ protected TeiidLoginContext authenticate(String userName, Credentials credential
         // If username specifies a domain (user@domain) only that domain is authenticated against.
         // If username specifies no domain, then all domains are tried in order.
     		// this is the configured login for teiid
-    	SecurityDomainContext securityDomainContext = securityDomainMap.get(domain);
+    	SecurityDomainContext securityDomainContext = getSecurityDomain(domain);
     	if (securityDomainContext != null) {
     		AuthenticationManager authManager = securityDomainContext.getAuthenticationManager();
     		if (authManager != null) {
@@ -81,7 +77,7 @@ protected TeiidLoginContext authenticate(String userName, Credentials credential
 	@Override
 	public GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException {
 
-		SecurityDomainContext securityDomainContext = securityDomainMap.get(securityDomain);
+		SecurityDomainContext securityDomainContext = getSecurityDomain(securityDomain);
 		if (securityDomainContext != null) {
 			AuthenticationManager authManager = securityDomainContext.getAuthenticationManager();
 
@@ -141,4 +137,15 @@ private GSSResult buildGSSResult(NegotiationContext context, String securityDoma
 		}
 		throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50103, securityDomain));
 	} 	
+
+	public SecurityDomainContext getSecurityDomain(String securityDomain) {
+		if (securityDomain != null && !securityDomain.isEmpty()) {
+			ServiceName name = ServiceName.JBOSS.append("security", "security-domain", securityDomain); //$NON-NLS-1$ //$NON-NLS-2$
+			ServiceController<SecurityDomainContext> controller = (ServiceController<SecurityDomainContext>) CurrentServiceContainer.getServiceContainer().getService(name);
+			if (controller != null) {
+				return controller.getService().getValue();
+			}
+		}
+		return null;
+	}
 }
diff --git a/jboss-integration/src/main/java/org/teiid/jboss/TransportAdd.java b/jboss-integration/src/main/java/org/teiid/jboss/TransportAdd.java
@@ -22,26 +22,54 @@
 package org.teiid.jboss;
 
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
-import static org.teiid.jboss.TeiidConstants.*;
+import static org.teiid.jboss.TeiidConstants.AUTHENTICATION_KRB5_DOMAIN_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.AUTHENTICATION_MAX_SESSIONS_ALLOWED_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.AUTHENTICATION_SECURITY_DOMAIN_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.AUTHENTICATION_SESSION_EXPIRATION_TIME_LIMIT_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.AUTHENTICATION_TYPE_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.PG_MAX_LOB_SIZE_ALLOWED_ELEMENT;
+import static org.teiid.jboss.TeiidConstants.SSL_AUTH_MODE_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_ENABLED_CIPHER_SUITES_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_KETSTORE_ALIAS_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_KETSTORE_KEY_PASSWORD_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_KETSTORE_NAME_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_KETSTORE_PASSWORD_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_KETSTORE_TYPE_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_KEY_MANAGEMENT_ALG_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_MODE_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_SSL_PROTOCOL_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_TRUSTSTORE_NAME_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.SSL_TRUSTSTORE_PASSWORD_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.TRANSPORT_IN_BUFFER_SIZE_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.TRANSPORT_MAX_SOCKET_THREADS_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.TRANSPORT_OUT_BUFFER_SIZE_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.TRANSPORT_PROTOCOL_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.TRANSPORT_SOCKET_BINDING_ATTRIBUTE;
+import static org.teiid.jboss.TeiidConstants.asInt;
+import static org.teiid.jboss.TeiidConstants.asLong;
+import static org.teiid.jboss.TeiidConstants.asString;
+import static org.teiid.jboss.TeiidConstants.isDefined;
 
 import java.util.List;
 
 import javax.naming.InitialContext;
 
-import org.jboss.as.controller.*;
+import org.jboss.as.controller.AbstractAddStepHandler;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.ServiceVerificationHandler;
+import org.jboss.as.controller.SimpleAttributeDefinition;
 import org.jboss.as.naming.ManagedReferenceFactory;
 import org.jboss.as.naming.ServiceBasedNamingStore;
 import org.jboss.as.naming.deployment.ContextNames;
 import org.jboss.as.naming.service.BinderService;
 import org.jboss.as.network.SocketBinding;
-import org.jboss.as.security.plugins.SecurityDomainContext;
 import org.jboss.dmr.ModelNode;
-import org.jboss.msc.inject.ConcurrentMapInjector;
 import org.jboss.msc.service.ServiceBuilder;
 import org.jboss.msc.service.ServiceController;
 import org.jboss.msc.service.ServiceName;
 import org.jboss.msc.service.ServiceTarget;
-import org.jboss.msc.service.ServiceBuilder.DependencyType;
 import org.teiid.common.buffer.BufferManager;
 import org.teiid.deployers.VDBRepository;
 import org.teiid.dqp.internal.process.DQPCore;
@@ -152,17 +180,6 @@ protected void performRuntime(final OperationContext context, final ModelNode op
     	transportBuilder.addDependency(TeiidServiceNames.BUFFER_MGR, BufferManager.class, transport.getBufferManagerInjector());
     	transportBuilder.addDependency(TeiidServiceNames.VDB_REPO, VDBRepository.class, transport.getVdbRepositoryInjector());
     	transportBuilder.addDependency(TeiidServiceNames.ENGINE, DQPCore.class, transport.getDqpInjector());
-
-    	ServiceName scParent = ServiceName.JBOSS.append("security", "security-domain"); //$NON-NLS-1$ //$NON-NLS-2$
-    	List<ServiceName> names = context.getServiceRegistry(false).getServiceNames();
-
-    	// add security domains as dependencies
-        for (ServiceName name:names) {
-    		if (scParent.isParentOf(name)) {
-	        	LogManager.logDetail(LogConstants.CTX_SECURITY, IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50011, name.getSimpleName(), transportName));
-	        	transportBuilder.addDependency(DependencyType.OPTIONAL, name, SecurityDomainContext.class, new ConcurrentMapInjector<String,SecurityDomainContext>(transport.securityDomains, name.getSimpleName()));
-    		}
-        }
 
         transportBuilder.setInitialMode(ServiceController.Mode.ACTIVE);
         newControllers.add(transportBuilder.install());

diff --git a/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java b/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java
@@ -29,11 +29,8 @@
 import java.util.Collection;
 import java.util.List;
 import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
 
 import org.jboss.as.network.SocketBinding;
-import org.jboss.as.security.plugins.SecurityDomainContext;
 import org.jboss.modules.Module;
 import org.jboss.msc.service.Service;
 import org.jboss.msc.service.StartContext;
@@ -75,7 +72,6 @@
 public class TransportService extends ClientServiceRegistryImpl implements Service<ClientServiceRegistry> {
 	private transient LogonImpl logon;
 	private SocketConfiguration socketConfig;
-	final ConcurrentMap<String, SecurityDomainContext> securityDomains = new ConcurrentHashMap<String, SecurityDomainContext>();
 	private String authenticationDomain;	
 	private long sessionMaxLimit;
 	private long sessionExpirationTimeLimit;
@@ -117,7 +113,7 @@ public ClassLoader getCallerClassloader() {
 	public void start(StartContext context) throws StartException {
 		this.setSecurityHelper(new JBossSecurityHelper());
 		this.setVDBRepository(this.getVdbRepository());
-		this.sessionService = new JBossSessionService(this.securityDomains);
+		this.sessionService = new JBossSessionService();
 		if (this.authenticationDomain != null) {
 			this.sessionService.setSecurityDomain(this.authenticationDomain);			
 		}

diff --git a/jboss-integration/src/test/java/org/teiid/jboss/TestJBossSessionServiceImpl.java b/jboss-integration/src/test/java/org/teiid/jboss/TestJBossSessionServiceImpl.java
@@ -24,7 +24,6 @@
 
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Properties;
@@ -70,8 +69,7 @@ public void testAuthenticate() throws Exception {
     	SecurityHelper ms = buildSecurityHelper();
 
         String domains = "testFile";
-        Map<String, SecurityDomainContext> securityDomainMap = new HashMap<String, SecurityDomainContext>();
-        SecurityDomainContext securityContext = Mockito.mock(SecurityDomainContext.class);
+        final SecurityDomainContext securityContext = Mockito.mock(SecurityDomainContext.class);
         AuthenticationManager authManager = new AuthenticationManager() {
 			public String getSecurityDomain() {
 				return null;
@@ -94,9 +92,15 @@ public Subject getActiveSubject() {
 		};
 
         Mockito.stub(securityContext.getAuthenticationManager()).toReturn(authManager);
-        securityDomainMap.put("testFile", securityContext); //$NON-NLS-1$
 
-        JBossSessionService jss = new JBossSessionService(securityDomainMap);
+        JBossSessionService jss = new JBossSessionService() {
+        	public SecurityDomainContext getSecurityDomain(String securityDomain) {
+        		if (securityDomain.equals("testFile")) {
+        			return securityContext;
+        		}
+        		return null;
+        	}
+        };
         jss.setSecurityHelper(ms);
         jss.setSecurityDomain(domains);
 
@@ -109,9 +113,8 @@ public void testPassThrough() throws Exception {
     	SecurityHelper ms = buildSecurityHelper();
 
         String domain = "passthrough";
-        Map<String, SecurityDomainContext> securityDomainMap = new HashMap<String, SecurityDomainContext>();
 
-        JBossSessionService jss = new JBossSessionService(securityDomainMap);
+        JBossSessionService jss = new JBossSessionService();
         jss.setSecurityHelper(ms);
         jss.setSecurityDomain(domain);
 
@@ -126,21 +129,25 @@ public void validateSession(boolean securityEnabled) throws Exception {
 		final ArrayList<String> domains = new ArrayList<String>();
 		domains.add("somedomain");				
 
-		Map<String, SecurityDomainContext> securityDomainMap = new HashMap<String, SecurityDomainContext>();
-        SecurityDomainContext securityContext = Mockito.mock(SecurityDomainContext.class);
+        final SecurityDomainContext securityContext = Mockito.mock(SecurityDomainContext.class);
 
         AuthenticationManager authManager = Mockito.mock(AuthenticationManager.class);
         Mockito.stub(authManager.isValid(new SimplePrincipal("steve"), "pass1", new Subject())).toReturn(true);
 
         Mockito.stub(securityContext.getAuthenticationManager()).toReturn(authManager);
-        securityDomainMap.put("somedomain", securityContext); //$NON-NLS-1$
 
-        JBossSessionService jss = new JBossSessionService(securityDomainMap) {
+        JBossSessionService jss = new JBossSessionService() {
         	@Override
         	protected VDBMetaData getActiveVDB(String vdbName, String vdbVersion)
         			throws SessionServiceException {
         		return Mockito.mock(VDBMetaData.class);
         	}
+        	public SecurityDomainContext getSecurityDomain(String securityDomain) {
+        		if (securityDomain.equals("somedomain")) {
+        			return securityContext;
+        		}
+        		return null;
+        	}        	
         };
         jss.setSecurityHelper(buildSecurityHelper());
 		jss.setSecurityDomain("somedomain");