diff --git a/jboss-integration/src/main/java/org/teiid/jboss/JBossSessionService.java b/jboss-integration/src/main/java/org/teiid/jboss/JBossSessionService.java index 1604fb797b..74bb93d32f 100644 --- a/jboss-integration/src/main/java/org/teiid/jboss/JBossSessionService.java +++ b/jboss-integration/src/main/java/org/teiid/jboss/JBossSessionService.java @@ -41,14 +41,15 @@ import org.teiid.dqp.service.GSSResult; import org.teiid.logging.LogConstants; import org.teiid.logging.LogManager; +import org.teiid.runtime.AuthenticationHandler; import org.teiid.security.Credentials; import org.teiid.services.SessionServiceImpl; import org.teiid.services.TeiidLoginContext; -public class JBossSessionService extends SessionServiceImpl { +public class JBossSessionService extends SessionServiceImpl implements AuthenticationHandler { @Override - protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, String domain) + public TeiidLoginContext authenticate(String domain, String userName, Credentials credentials, String applicationName) throws LoginException { final String baseUsername = getBaseUsername(userName); diff --git a/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java b/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java index 1da6641ff0..426f3269d5 100644 --- a/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java +++ b/jboss-integration/src/main/java/org/teiid/jboss/TransportService.java @@ -60,14 +60,7 @@ import org.teiid.net.ConnectionException; import org.teiid.net.socket.AuthenticationType; import org.teiid.services.SessionServiceImpl; -import org.teiid.transport.ClientServiceRegistry; -import org.teiid.transport.ClientServiceRegistryImpl; -import org.teiid.transport.LocalServerConnection; -import org.teiid.transport.LogonImpl; -import org.teiid.transport.ODBCSocketListener; -import org.teiid.transport.SocketConfiguration; -import org.teiid.transport.SocketListener; -import org.teiid.transport.WireProtocol; +import org.teiid.transport.*; public class TransportService extends ClientServiceRegistryImpl implements Service { private transient LogonImpl logon; @@ -115,7 +108,8 @@ public void start(StartContext context) throws StartException { this.setVDBRepository(this.getVdbRepository()); this.sessionService = new JBossSessionService(); if (this.authenticationDomain != null) { - this.sessionService.setSecurityDomain(this.authenticationDomain); + this.sessionService.setSecurityDomain(this.authenticationDomain); + this.sessionService.setAuthenticationHandler((JBossSessionService)this.sessionService); } this.sessionService.setSessionExpirationTimeLimit(this.sessionExpirationTimeLimit); this.sessionService.setSessionMaxLimit(this.sessionMaxLimit); diff --git a/jboss-integration/src/test/java/org/teiid/jboss/TestJBossSessionServiceImpl.java b/jboss-integration/src/test/java/org/teiid/jboss/TestJBossSessionServiceImpl.java index 4341d3685c..ce1900a89d 100644 --- a/jboss-integration/src/test/java/org/teiid/jboss/TestJBossSessionServiceImpl.java +++ b/jboss-integration/src/test/java/org/teiid/jboss/TestJBossSessionServiceImpl.java @@ -94,7 +94,8 @@ public Subject getActiveSubject() { Mockito.stub(securityContext.getAuthenticationManager()).toReturn(authManager); JBossSessionService jss = new JBossSessionService() { - public SecurityDomainContext getSecurityDomain(String securityDomain) { + @Override + public SecurityDomainContext getSecurityDomain(String securityDomain) { if (securityDomain.equals("testFile")) { return securityContext; } @@ -104,7 +105,7 @@ public SecurityDomainContext getSecurityDomain(String securityDomain) { jss.setSecurityHelper(ms); jss.setSecurityDomain(domains); - TeiidLoginContext c = jss.authenticate("user1", credentials, null, domains); //$NON-NLS-1$ //$NON-NLS-2$ + TeiidLoginContext c = jss.authenticate(domains, "user1", credentials, null); //$NON-NLS-1$ assertEquals("user1@testFile", c.getUserName()); //$NON-NLS-1$ } @@ -118,7 +119,7 @@ public void testPassThrough() throws Exception { jss.setSecurityHelper(ms); jss.setSecurityDomain(domain); - TeiidLoginContext c = jss.passThroughLogin("user1", domain); //$NON-NLS-1$ //$NON-NLS-2$ + TeiidLoginContext c = jss.passThroughLogin("user1", domain); //$NON-NLS-1$ assertEquals("alreadylogged@passthrough", c.getUserName()); //$NON-NLS-1$ } @@ -142,13 +143,15 @@ protected VDBMetaData getActiveVDB(String vdbName, String vdbVersion) throws SessionServiceException { return Mockito.mock(VDBMetaData.class); } - public SecurityDomainContext getSecurityDomain(String securityDomain) { + @Override + public SecurityDomainContext getSecurityDomain(String securityDomain) { if (securityDomain.equals("somedomain")) { return securityContext; } return null; } }; + jss.setAuthenticationHandler(jss); jss.setSecurityHelper(buildSecurityHelper()); jss.setSecurityDomain("somedomain"); diff --git a/runtime/src/main/java/org/teiid/runtime/AuthenticationHandler.java b/runtime/src/main/java/org/teiid/runtime/AuthenticationHandler.java new file mode 100644 index 0000000000..91ee2962a2 --- /dev/null +++ b/runtime/src/main/java/org/teiid/runtime/AuthenticationHandler.java @@ -0,0 +1,36 @@ +/* + * JBoss, Home of Professional Open Source. + * See the COPYRIGHT.txt file distributed with this work for information + * regarding copyright ownership. Some portions may be licensed + * to Red Hat, Inc. under one or more contributor license agreements. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA. + */ +package org.teiid.runtime; + +import javax.security.auth.login.LoginException; + +import org.teiid.dqp.service.GSSResult; +import org.teiid.security.Credentials; +import org.teiid.services.TeiidLoginContext; + +public interface AuthenticationHandler { + + TeiidLoginContext authenticate(String securityDomain, String userName, Credentials credentials, String applicationName) + throws LoginException; + + GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException; +} diff --git a/runtime/src/main/java/org/teiid/runtime/EmbeddedConfiguration.java b/runtime/src/main/java/org/teiid/runtime/EmbeddedConfiguration.java index 8b3ad3ee50..6a62fc0139 100644 --- a/runtime/src/main/java/org/teiid/runtime/EmbeddedConfiguration.java +++ b/runtime/src/main/java/org/teiid/runtime/EmbeddedConfiguration.java @@ -39,11 +39,7 @@ import org.teiid.cache.CacheFactory; import org.teiid.cache.infinispan.InfinispanCacheFactory; import org.teiid.core.TeiidRuntimeException; -import org.teiid.dqp.internal.process.DQPConfiguration; -import org.teiid.dqp.internal.process.DataRolePolicyDecider; -import org.teiid.dqp.internal.process.DefaultAuthorizationValidator; -import org.teiid.dqp.internal.process.TeiidExecutor; -import org.teiid.dqp.internal.process.ThreadReuseExecutor; +import org.teiid.dqp.internal.process.*; import org.teiid.query.ObjectReplicator; import org.teiid.replication.jgroups.ChannelFactory; import org.teiid.replication.jgroups.JGroupsObjectReplicator; @@ -87,6 +83,7 @@ void stop() { private SecurityHelper securityHelper; private String securityDomain; private TransactionManager transactionManager; + private AuthenticationHandler authenticationHandler; private ObjectReplicator objectReplicator; private WorkManager workManager; private boolean useDisk = true; @@ -263,5 +260,13 @@ public void setMaxAsyncThreads(int maxAsyncThreads) { public TeiidExecutor getAsynchWorkExecutor() { return new ThreadReuseExecutor("Asynchronus Workers", getMaxAsyncThreads()); //$NON-NLS-1$ + } + + public AuthenticationHandler getAuthenticationHandler() { + return authenticationHandler; + } + + public void setAuthenticationHandler(AuthenticationHandler authenticationHandler) { + this.authenticationHandler = authenticationHandler; } } diff --git a/runtime/src/main/java/org/teiid/runtime/EmbeddedServer.java b/runtime/src/main/java/org/teiid/runtime/EmbeddedServer.java index cd6b711ec5..8964c90de6 100644 --- a/runtime/src/main/java/org/teiid/runtime/EmbeddedServer.java +++ b/runtime/src/main/java/org/teiid/runtime/EmbeddedServer.java @@ -37,15 +37,7 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Timestamp; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Timer; -import java.util.TreeMap; +import java.util.*; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.Executor; import java.util.concurrent.atomic.AtomicInteger; @@ -68,34 +60,17 @@ import org.teiid.core.TeiidException; import org.teiid.core.TeiidRuntimeException; import org.teiid.core.util.ObjectConverterUtil; -import org.teiid.deployers.CompositeGlobalTableStore; -import org.teiid.deployers.CompositeVDB; -import org.teiid.deployers.ContainerLifeCycleListener; -import org.teiid.deployers.UDFMetaData; -import org.teiid.deployers.VDBLifeCycleListener; -import org.teiid.deployers.VDBRepository; -import org.teiid.deployers.VirtualDatabaseException; +import org.teiid.deployers.*; import org.teiid.dqp.internal.datamgr.ConnectorManager; import org.teiid.dqp.internal.datamgr.ConnectorManagerRepository; import org.teiid.dqp.internal.datamgr.ConnectorManagerRepository.ConnectorManagerException; import org.teiid.dqp.internal.datamgr.ConnectorManagerRepository.ExecutionFactoryProvider; -import org.teiid.dqp.internal.process.CachedResults; -import org.teiid.dqp.internal.process.DQPCore; -import org.teiid.dqp.internal.process.PreparedPlan; -import org.teiid.dqp.internal.process.SessionAwareCache; -import org.teiid.dqp.internal.process.TeiidExecutor; -import org.teiid.dqp.internal.process.TransactionServerImpl; +import org.teiid.dqp.internal.process.*; import org.teiid.dqp.service.BufferService; import org.teiid.dqp.service.SessionServiceException; import org.teiid.events.EventDistributor; import org.teiid.events.EventDistributorFactory; -import org.teiid.jdbc.CallableStatementImpl; -import org.teiid.jdbc.ConnectionImpl; -import org.teiid.jdbc.EmbeddedProfile; -import org.teiid.jdbc.PreparedStatementImpl; -import org.teiid.jdbc.TeiidDriver; -import org.teiid.jdbc.TeiidPreparedStatement; -import org.teiid.jdbc.TeiidSQLException; +import org.teiid.jdbc.*; import org.teiid.logging.LogConstants; import org.teiid.logging.LogManager; import org.teiid.logging.MessageLevel; @@ -366,6 +341,10 @@ public Object invoke(Object proxy, Method method, Object[] args) } else { this.sessionService.setSecurityDomain("teiid-security"); //$NON-NLS-1$ } + + if (config.getAuthenticationHandler() != null) { + this.sessionService.setAuthenticationHandler(config.getAuthenticationHandler()); + } this.sessionService.setVDBRepository(repo); this.bufferService.setUseDisk(config.isUseDisk()); diff --git a/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java b/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java index 4d2f2c763c..434121c7c2 100644 --- a/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java +++ b/runtime/src/main/java/org/teiid/services/SessionServiceImpl.java @@ -31,11 +31,7 @@ import java.util.regex.Pattern; import javax.security.auth.Subject; -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.callback.*; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; @@ -58,6 +54,7 @@ import org.teiid.net.ServerConnection; import org.teiid.net.TeiidURL; import org.teiid.net.socket.AuthenticationType; +import org.teiid.runtime.AuthenticationHandler; import org.teiid.runtime.RuntimePlugin; import org.teiid.security.Credentials; import org.teiid.security.SecurityHelper; @@ -91,6 +88,7 @@ public class SessionServiceImpl implements SessionService { private Map sessionCache = new ConcurrentHashMap(); private Timer sessionMonitor = null; private List securityDomainNames; + private AuthenticationHandler authenticationHandler = new PassThroughHandler(); public void setSecurityDomain(String domainName) { if (domainName == null) { @@ -168,7 +166,7 @@ public SessionMetadata createSession(String vdbName, if (onlyAllowPassthrough || authType.equals(AuthenticationType.GSS)) { membership = passThroughLogin(userName, securityDomain); } else { - membership = authenticate(userName, credentials, applicationName, securityDomain); + membership = this.authenticationHandler.authenticate(securityDomain, userName, credentials, applicationName); } userName = membership.getUserName(); securityDomain = membership.getSecurityDomain(); @@ -225,20 +223,6 @@ private String getUserName(Subject subject, String userName) { return getBaseUsername(userName); } - /** - * - * @param userName - * @param credentials - * @param applicationName - * @param domains - * @return - * @throws LoginException - */ - protected TeiidLoginContext authenticate(String userName, Credentials credentials, String applicationName, String securityDomain) - throws LoginException { - return passThroughLogin(userName, securityDomain); - } - protected VDBMetaData getActiveVDB(String vdbName, String vdbVersion) throws SessionServiceException { VDBMetaData vdb = null; @@ -545,16 +529,26 @@ public GSSResult neogitiateGssLogin(String user, String vdbName, if (securityDomain == null ) { throw new LogonException(RuntimePlugin.Event.TEIID40059, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40059)); } - return neogitiateGssLogin(securityDomain, serviceTicket); + return this.authenticationHandler.neogitiateGssLogin(securityDomain, serviceTicket); } public AuthenticationType getDefaultAuthenticationType() { return defaultAuthenticationType; } - protected GSSResult neogitiateGssLogin(String securityDomain, - byte[] serviceTicket) throws LoginException { - // must be overridden in platform specific security domain - return null; - } + public void setAuthenticationHandler(AuthenticationHandler authenticationHandler) { + this.authenticationHandler = authenticationHandler; + } + + class PassThroughHandler implements AuthenticationHandler { + @Override + public TeiidLoginContext authenticate(String securityDomain, String userName, Credentials credentials, + String applicationName) throws LoginException { + return passThroughLogin(userName, securityDomain); + } + @Override + public GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException { + return null; + } + } } diff --git a/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java b/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java index 9ed78df49c..e7d7893493 100644 --- a/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java +++ b/runtime/src/test/java/org/teiid/services/TestSessionServiceImpl.java @@ -1,6 +1,7 @@ package org.teiid.services; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; import java.util.Properties; @@ -13,9 +14,11 @@ import org.teiid.adminapi.impl.SessionMetadata; import org.teiid.adminapi.impl.VDBMetaData; import org.teiid.deployers.VDBRepository; +import org.teiid.dqp.service.GSSResult; import org.teiid.dqp.service.SessionServiceException; import org.teiid.net.TeiidURL; import org.teiid.net.socket.AuthenticationType; +import org.teiid.runtime.AuthenticationHandler; import org.teiid.security.Credentials; @SuppressWarnings("nls") @@ -23,16 +26,18 @@ public class TestSessionServiceImpl { SessionServiceImpl ssi; @Before public void setup() { - ssi = new SessionServiceImpl() { - - @Override - protected TeiidLoginContext authenticate(String userName, - Credentials credentials, String applicationName, - String securityDomain) - throws LoginException { - return new TeiidLoginContext(userName, null, securityDomain, null); - } - }; + ssi = new SessionServiceImpl(); + ssi.setAuthenticationHandler(new AuthenticationHandler() { + @Override + public GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException { + return null; + } + @Override + public TeiidLoginContext authenticate(String securityDomain, String userName, Credentials credentials, + String applicationName) throws LoginException { + return new TeiidLoginContext(userName, null, securityDomain, null); + } + }); } @Test diff --git a/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java b/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java index 7167330db8..a337d46170 100644 --- a/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java +++ b/runtime/src/test/java/org/teiid/transport/TestLogonImpl.java @@ -23,7 +23,8 @@ package org.teiid.transport; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; import java.util.Properties; @@ -43,9 +44,11 @@ import org.teiid.core.util.Base64; import org.teiid.deployers.VDBRepository; import org.teiid.dqp.internal.process.DQPWorkContext; +import org.teiid.dqp.service.GSSResult; import org.teiid.dqp.service.SessionService; import org.teiid.net.TeiidURL; import org.teiid.net.socket.AuthenticationType; +import org.teiid.runtime.AuthenticationHandler; import org.teiid.security.Credentials; import org.teiid.security.SecurityHelper; import org.teiid.services.SessionServiceImpl; @@ -57,16 +60,18 @@ public class TestLogonImpl { @Before public void setup() { - ssi = new SessionServiceImpl() { - - @Override - protected TeiidLoginContext authenticate(String userName, - Credentials credentials, String applicationName, - String securityDomain) - throws LoginException { - return new TeiidLoginContext(userName, null, securityDomain, null); - } - }; + ssi = new SessionServiceImpl(); + ssi.setAuthenticationHandler(new AuthenticationHandler() { + @Override + public GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException { + return null; + } + @Override + public TeiidLoginContext authenticate(String securityDomain, String userName, Credentials credentials, + String applicationName) throws LoginException { + return new TeiidLoginContext(userName, null, securityDomain, null); + } + }); SecurityHelper sc = Mockito.mock(SecurityHelper.class); Mockito.stub(sc.getSubjectInContext("SC")).toReturn(new Subject());