TEIID-3380: adding interface to implement the Authentication services…

… in the Teiid engine, will helpful in the embedded scenarios Conflicts: runtime/src/main/java/org/teiid/runtime/EmbeddedConfiguration.java runtime/src/main/java/org/teiid/runtime/EmbeddedServer.java
teiid · Nov 24, 2015 · 530881b · 530881b
1 parent d22fb58
commit 530881b
Show file tree

Hide file tree

Showing 9 changed files with 119 additions and 75 deletions.
diff --git a/jboss-integration/src/main/java/org/teiid/jboss/JBossSessionService.java b/jboss-integration/src/main/java/org/teiid/jboss/JBossSessionService.java
@@ -41,16 +41,18 @@
 import org.jboss.security.negotiation.spnego.KerberosMessage;
 import org.teiid.logging.LogConstants;
 import org.teiid.logging.LogManager;
+import org.teiid.runtime.AuthenticationHandler;
 import org.teiid.security.Credentials;
 import org.teiid.security.GSSResult;
 import org.teiid.services.SessionServiceImpl;
 import org.teiid.services.TeiidLoginContext;
 
-public class JBossSessionService extends SessionServiceImpl {
+public class JBossSessionService extends SessionServiceImpl implements AuthenticationHandler {
+
 	private AtomicLong count = new AtomicLong(0);
 
 	@Override
-	protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, String domain)
+	public TeiidLoginContext authenticate(String domain, String userName, Credentials credentials, String applicationName)
 			throws LoginException {
         final String baseUsername = getBaseUsername(userName);
 

diff --git a/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java b/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java
@@ -60,14 +60,7 @@
 import org.teiid.net.ConnectionException;
 import org.teiid.net.socket.AuthenticationType;
 import org.teiid.services.SessionServiceImpl;
-import org.teiid.transport.ClientServiceRegistry;
-import org.teiid.transport.ClientServiceRegistryImpl;
-import org.teiid.transport.LocalServerConnection;
-import org.teiid.transport.LogonImpl;
-import org.teiid.transport.ODBCSocketListener;
-import org.teiid.transport.SocketConfiguration;
-import org.teiid.transport.SocketListener;
-import org.teiid.transport.WireProtocol;
+import org.teiid.transport.*;
 
 public class TransportService extends ClientServiceRegistryImpl implements Service<ClientServiceRegistry> {
 	private transient LogonImpl logon;
@@ -115,7 +108,8 @@ public void start(StartContext context) throws StartException {
 		this.setVDBRepository(this.getVdbRepository());
 		this.sessionService = new JBossSessionService();
 		if (this.authenticationDomain != null) {
-			this.sessionService.setSecurityDomain(this.authenticationDomain);			
+			this.sessionService.setSecurityDomain(this.authenticationDomain);	
+			this.sessionService.setAuthenticationHandler((JBossSessionService)this.sessionService);
 		}
 		this.sessionService.setSessionExpirationTimeLimit(this.sessionExpirationTimeLimit);
 		this.sessionService.setSessionMaxLimit(this.sessionMaxLimit);

diff --git a/jboss-integration/src/test/java/org/teiid/jboss/TestJBossSessionServiceImpl.java b/jboss-integration/src/test/java/org/teiid/jboss/TestJBossSessionServiceImpl.java
@@ -98,7 +98,8 @@ public void logout(java.security.Principal p,javax.security.auth.Subject s) {
         Mockito.stub(securityContext.getAuthenticationManager()).toReturn(authManager);
 
         JBossSessionService jss = new JBossSessionService() {
-        	public SecurityDomainContext getSecurityDomain(String securityDomain) {
+        	@Override
+            public SecurityDomainContext getSecurityDomain(String securityDomain) {
         		if (securityDomain.equals("testFile")) {
         			return securityContext;
         		}
@@ -108,7 +109,7 @@ public SecurityDomainContext getSecurityDomain(String securityDomain) {
         jss.setSecurityHelper(ms);
         jss.setSecurityDomain(domains);
 
-        TeiidLoginContext c = jss.authenticate("user1", credentials, null, domains); //$NON-NLS-1$ //$NON-NLS-2$
+        TeiidLoginContext c = jss.authenticate(domains, "user1", credentials, null); //$NON-NLS-1$ 
         assertEquals("user1@testFile", c.getUserName()); //$NON-NLS-1$
     }
 
@@ -122,7 +123,7 @@ public void testPassThrough() throws Exception {
         jss.setSecurityHelper(ms);
         jss.setSecurityDomain(domain);
 
-        TeiidLoginContext c = jss.passThroughLogin("user1", domain); //$NON-NLS-1$ //$NON-NLS-2$
+        TeiidLoginContext c = jss.passThroughLogin("user1", domain); //$NON-NLS-1$ 
 
         assertEquals("alreadylogged@passthrough", c.getUserName()); //$NON-NLS-1$
     }
@@ -146,13 +147,15 @@ protected VDBMetaData getActiveVDB(String vdbName, String vdbVersion)
         			throws SessionServiceException {
         		return Mockito.mock(VDBMetaData.class);
         	}
-        	public SecurityDomainContext getSecurityDomain(String securityDomain) {
+        	@Override
+            public SecurityDomainContext getSecurityDomain(String securityDomain) {
         		if (securityDomain.equals("somedomain")) {
         			return securityContext;
         		}
         		return null;
         	}        	
         };
+        jss.setAuthenticationHandler(jss);
         jss.setSecurityHelper(buildSecurityHelper());
 		jss.setSecurityDomain("somedomain");
 

diff --git a/runtime/src/main/java/org/teiid/runtime/AuthenticationHandler.java b/runtime/src/main/java/org/teiid/runtime/AuthenticationHandler.java
@@ -0,0 +1,36 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * See the COPYRIGHT.txt file distributed with this work for information
+ * regarding copyright ownership.  Some portions may be licensed
+ * to Red Hat, Inc. under one or more contributor license agreements.
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA.
+ */
+package org.teiid.runtime;
+
+import javax.security.auth.login.LoginException;
+
+import org.teiid.security.GSSResult;
+import org.teiid.security.Credentials;
+import org.teiid.services.TeiidLoginContext;
+
+public interface AuthenticationHandler {
+
+    TeiidLoginContext authenticate(String securityDomain, String userName, Credentials credentials, String applicationName)
+            throws LoginException;
+
+    GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException;
+}
diff --git a/runtime/src/main/java/org/teiid/runtime/EmbeddedConfiguration.java b/runtime/src/main/java/org/teiid/runtime/EmbeddedConfiguration.java
@@ -39,11 +39,7 @@
 import org.teiid.cache.CacheFactory;
 import org.teiid.cache.infinispan.InfinispanCacheFactory;
 import org.teiid.core.TeiidRuntimeException;
-import org.teiid.dqp.internal.process.DQPConfiguration;
-import org.teiid.dqp.internal.process.DataRolePolicyDecider;
-import org.teiid.dqp.internal.process.DefaultAuthorizationValidator;
-import org.teiid.dqp.internal.process.TeiidExecutor;
-import org.teiid.dqp.internal.process.ThreadReuseExecutor;
+import org.teiid.dqp.internal.process.*;
 import org.teiid.query.ObjectReplicator;
 import org.teiid.replication.jgroups.ChannelFactory;
 import org.teiid.replication.jgroups.JGroupsObjectReplicator;
@@ -86,6 +82,7 @@ void stop() {
 	private SecurityHelper securityHelper;
 	private String securityDomain;
 	private TransactionManager transactionManager;
+	private AuthenticationHandler authenticationHandler;
 	private ObjectReplicator objectReplicator;
 	private WorkManager workManager;
 	private boolean useDisk = true;
@@ -250,4 +247,12 @@ public int getMaxODBCLobSizeAllowed() {
 	public void setMaxODBCLobSizeAllowed(int lobSize) {
 		this.maxODBCLobSizeAllowed = lobSize;
 	}	
+
+    public AuthenticationHandler getAuthenticationHandler() {
+        return authenticationHandler;
+    }
+
+    public void setAuthenticationHandler(AuthenticationHandler authenticationHandler) {
+        this.authenticationHandler = authenticationHandler;
+    }	
 }
diff --git a/runtime/src/main/java/org/teiid/runtime/EmbeddedServer.java b/runtime/src/main/java/org/teiid/runtime/EmbeddedServer.java
@@ -42,6 +42,7 @@
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Properties;
+import java.sql.Timestamp;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.atomic.AtomicInteger;
 
@@ -79,13 +80,7 @@
 import org.teiid.dqp.service.BufferService;
 import org.teiid.events.EventDistributor;
 import org.teiid.events.EventDistributorFactory;
-import org.teiid.jdbc.CallableStatementImpl;
-import org.teiid.jdbc.ConnectionImpl;
-import org.teiid.jdbc.EmbeddedProfile;
-import org.teiid.jdbc.PreparedStatementImpl;
-import org.teiid.jdbc.TeiidDriver;
-import org.teiid.jdbc.TeiidPreparedStatement;
-import org.teiid.jdbc.TeiidSQLException;
+import org.teiid.jdbc.*;
 import org.teiid.logging.LogConstants;
 import org.teiid.logging.LogManager;
 import org.teiid.logging.MessageLevel;
@@ -352,6 +347,10 @@ public Object invoke(Object proxy, Method method, Object[] args)
 		} else {
 			this.sessionService.setSecurityDomain("teiid-security"); //$NON-NLS-1$
 		}
+
+		if (config.getAuthenticationHandler() != null) {
+		    this.sessionService.setAuthenticationHandler(config.getAuthenticationHandler());
+		}
 
 		this.sessionService.setVDBRepository(repo);
 		this.bufferService.setUseDisk(config.isUseDisk());

diff --git a/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java b/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java
@@ -31,11 +31,7 @@
 import java.util.regex.Pattern;
 
 import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.callback.*;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
@@ -57,6 +53,7 @@
 import org.teiid.net.ServerConnection;
 import org.teiid.net.TeiidURL;
 import org.teiid.net.socket.AuthenticationType;
+import org.teiid.runtime.AuthenticationHandler;
 import org.teiid.runtime.RuntimePlugin;
 import org.teiid.security.Credentials;
 import org.teiid.security.GSSResult;
@@ -91,6 +88,7 @@ public class SessionServiceImpl implements SessionService {
     private Map<String, SessionMetadata> sessionCache = new ConcurrentHashMap<String, SessionMetadata>();
     private Timer sessionMonitor = new Timer("SessionMonitor", true); //$NON-NLS-1$    
     private List<String> securityDomainNames;
+    private AuthenticationHandler authenticationHandler = new PassThroughHandler();
 
     public void setSecurityDomain(String domainName) {
     	if (domainName == null) {
@@ -168,7 +166,7 @@ public SessionMetadata createSession(String vdbName,
         	if (onlyAllowPassthrough || authType.equals(AuthenticationType.GSS)) {
                 membership = passThroughLogin(userName, securityDomain);
         	} else {
-	        	membership = authenticate(userName, credentials, applicationName, securityDomain);
+	        	membership = this.authenticationHandler.authenticate(securityDomain, userName, credentials, applicationName);
         	}
 	        userName = membership.getUserName();
 	        securityDomain = membership.getSecurityDomain();
@@ -225,20 +223,6 @@ private String getUserName(Subject subject, String userName) {
 		return getBaseUsername(userName);
 	}
 
-	/**
-	 * 
-	 * @param userName
-	 * @param credentials
-	 * @param applicationName
-	 * @param domains
-	 * @return
-	 * @throws LoginException
-	 */
-	protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, String securityDomain)
-			throws LoginException {
-		return passThroughLogin(userName, securityDomain);
-	}
-
 	protected VDBMetaData getActiveVDB(String vdbName, String vdbVersion) throws SessionServiceException {
 		VDBMetaData vdb = null;
 
@@ -542,16 +526,26 @@ public GSSResult neogitiateGssLogin(String user, String vdbName,
 		if (securityDomain == null ) {
 			 throw new LogonException(RuntimePlugin.Event.TEIID40059, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40059));
 		}
-		return neogitiateGssLogin(securityDomain, serviceTicket);
+		return this.authenticationHandler.neogitiateGssLogin(securityDomain, serviceTicket);
 	}
 
 	public AuthenticationType getDefaultAuthenticationType() {
 		return defaultAuthenticationType;
 	}
 
-	protected GSSResult neogitiateGssLogin(String securityDomain,
-			byte[] serviceTicket) throws LoginException {
-		// must be overridden in platform specific security domain
-		return null;
-	}
+    public void setAuthenticationHandler(AuthenticationHandler authenticationHandler) {
+        this.authenticationHandler = authenticationHandler;
+    }
+
+    class PassThroughHandler implements AuthenticationHandler {
+        @Override
+        public TeiidLoginContext authenticate(String securityDomain, String userName, Credentials credentials,
+                String applicationName) throws LoginException {
+            return passThroughLogin(userName, securityDomain);
+        }
+        @Override
+        public GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException {
+            return null;
+        }
+    }
 }
diff --git a/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java b/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java
@@ -1,6 +1,7 @@
 package org.teiid.services;
 
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
 
 import java.util.Properties;
 
@@ -16,23 +17,28 @@
 import org.teiid.dqp.service.SessionServiceException;
 import org.teiid.net.TeiidURL;
 import org.teiid.net.socket.AuthenticationType;
+import org.teiid.runtime.AuthenticationHandler;
 import org.teiid.security.Credentials;
+import org.teiid.security.GSSResult;
+
 
 @SuppressWarnings("nls")
 public class TestSessionServiceImpl {
 	SessionServiceImpl ssi;
 	@Before
 	public void setup() {
-		ssi = new SessionServiceImpl() {
-
-			@Override
-			protected TeiidLoginContext authenticate(String userName,
-					Credentials credentials, String applicationName,
-					String securityDomain)
-					throws LoginException {
-				return new TeiidLoginContext(userName, null, securityDomain, null);
-			}
-		};
+		ssi = new SessionServiceImpl();
+        ssi.setAuthenticationHandler(new AuthenticationHandler() {
+            @Override
+            public GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException {
+                return null;
+            }
+            @Override
+            public TeiidLoginContext authenticate(String securityDomain, String userName, Credentials credentials,
+                    String applicationName) throws LoginException {
+                return new TeiidLoginContext(userName, null, securityDomain, null);
+            }
+        });
 	}
 
 	@Test

diff --git a/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java b/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java
@@ -23,7 +23,8 @@
 
 package org.teiid.transport;
 
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
 
 import java.util.Properties;
 
@@ -46,7 +47,9 @@
 import org.teiid.dqp.service.SessionService;
 import org.teiid.net.TeiidURL;
 import org.teiid.net.socket.AuthenticationType;
+import org.teiid.runtime.AuthenticationHandler;
 import org.teiid.security.Credentials;
+import org.teiid.security.GSSResult;
 import org.teiid.security.SecurityHelper;
 import org.teiid.services.SessionServiceImpl;
 import org.teiid.services.TeiidLoginContext;
@@ -57,16 +60,18 @@ public class TestLogonImpl {
 
 	@Before
 	public void setup() {
-		ssi = new SessionServiceImpl() {
-
-			@Override
-			protected TeiidLoginContext authenticate(String userName,
-					Credentials credentials, String applicationName,
-					String securityDomain)
-					throws LoginException {
-				return new TeiidLoginContext(userName, null, securityDomain, null);
-			}			
-		};
+		ssi = new SessionServiceImpl();
+        ssi.setAuthenticationHandler(new AuthenticationHandler() {
+            @Override
+            public GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException {
+                return null;
+            }
+            @Override
+            public TeiidLoginContext authenticate(String securityDomain, String userName, Credentials credentials,
+                    String applicationName) throws LoginException {
+                return new TeiidLoginContext(userName, null, securityDomain, null);
+            }
+        });		
 
 		SecurityHelper sc = Mockito.mock(SecurityHelper.class);
 		Mockito.stub(sc.getSubjectInContext("SC")).toReturn(new Subject());