TEIID-2763: adding kerberosServicePrincipleName as user name if one i…

…s not provided for security authentication for teiid layer
teiid · Feb 4, 2014 · 763349f · 763349f
1 parent dd08b81
commit 763349f
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 0 deletions.
diff --git a/jboss-integration/src/main/java/org/teiid/jboss/SimpleLoginModule.java b/jboss-integration/src/main/java/org/teiid/jboss/SimpleLoginModule.java
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.teiid.jboss;
+
+import java.security.acl.Group;
+
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
+
+/**
+ * A simple server login module to creates subject with passed in name and null
+ * password
+ */
+public class SimpleLoginModule extends UsernamePasswordLoginModule {
+
+	@Override
+	protected boolean validatePassword(String inputPassword, String expectedPassword) {
+		return true;
+	}
+
+	@Override
+	protected String getUsersPassword() throws LoginException {
+		return null;
+	}
+
+	@Override
+	protected Group[] getRoleSets() throws LoginException {
+		SimpleGroup roles = new SimpleGroup("Roles"); //$NON-NLS-1$
+		Group[] roleSets = { roles };
+		return roleSets;
+	}
+}
diff --git a/runtime/src/main/java/org/teiid/transport/LogonImpl.java b/runtime/src/main/java/org/teiid/transport/LogonImpl.java
@@ -88,6 +88,15 @@ private LogonResult logon(Properties connProps, byte[] krb5ServiceTicket) throws
         String applicationName = connProps.getProperty(TeiidURL.CONNECTION.APP_NAME);
         // user may be null if using trustedToken to log on
         String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME, CoreConstants.DEFAULT_ANON_USERNAME);
+
+        // if a user is not speified on the URL for the role information then by default
+        // use krb5 user name. Note that security-domain need not challenge for credential 
+        // in this case as krb5 auth is already occurred. This is just role association
+        String krb5User = connProps.getProperty("kerberosServicePrincipleName"); //$NON-NLS-1$
+        if (krb5ServiceTicket != null &&  krb5User != null) {
+        	user = krb5User;
+        }
+
         // password may be null if using trustedToken to log on
         String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
 		Credentials credential = null;