@Test
  public void testRestoreSecurityContext() {
    final SecurityHelper sc =
        new SecurityHelper() {
          Object mycontext = null;

          @Override
          public Object getSecurityContext() {
            return this.mycontext;
          }

          @Override
          public void clearSecurityContext() {
            this.mycontext = null;
          }

          @Override
          public Object associateSecurityContext(Object context) {
            Object old = mycontext;
            this.mycontext = context;
            return old;
          }

          @Override
          public Subject getSubjectInContext(Object context) {
            return null;
          }

          @Override
          public Subject getSubjectInContext(String securityDomain) {
            return null;
          }

          @Override
          public Object authenticate(
              String securityDomain,
              String baseUserName,
              Credentials credentials,
              String applicationName)
              throws LoginException {
            return null;
          }

          @Override
          public GSSResult negotiateGssLogin(String securityDomain, byte[] serviceTicket)
              throws LoginException {
            return null;
          }
        };
    Object previousSC = "testSC";
    sc.associateSecurityContext(previousSC);

    DQPWorkContext message =
        new DQPWorkContext() {
          @Override
          public Subject getSubject() {
            return new Subject();
          }
        };
    message.setSecurityHelper(sc);
    message.setSession(Mockito.mock(SessionMetadata.class));
    final String currentSC = "teiid-security-context"; // $NON-NLS-1$
    Mockito.stub(message.getSession().getSecurityContext()).toReturn(currentSC);

    Runnable r =
        new Runnable() {
          @Override
          public void run() {
            assertEquals(currentSC, sc.getSecurityContext());
          }
        };

    message.runInContext(r);

    assertEquals(previousSC, sc.getSecurityContext());
  }
Exemple #2
0
  @Override
  public LogonResult neogitiateGssLogin(
      Properties connProps, byte[] serviceTicket, boolean createSession) throws LogonException {

    if (!AuthenticationType.GSS.equals(service.getAuthenticationType())) {
      throw new LogonException(
          RuntimePlugin.Event.TEIID40055,
          RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, "Kerberos")); // $NON-NLS-1$
    }

    String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
    String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
    Object previous = null;
    boolean associated = false;
    try {
      String securityDomain = service.getGssSecurityDomain();
      if (securityDomain == null) {
        throw new LogonException(
            RuntimePlugin.Event.TEIID40059, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40059));
      }
      // If this KRB5 and using keytab, user and password callback handler never gets called
      LoginContext ctx = service.createLoginContext(securityDomain, user, password);
      ctx.login();
      Subject subject = ctx.getSubject();
      GSSResult result = Subject.doAs(subject, new GssAction(serviceTicket));
      if (result == null) {
        throw new LogonException(
            RuntimePlugin.Event.TEIID40014, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
      }

      if (result.context.isEstablished()) {
        Principal principal = null;
        for (Principal p : subject.getPrincipals()) {
          principal = p;
          break;
        }
        SecurityHelper securityHelper = service.getSecurityHelper();
        Object securityContext =
            securityHelper.createSecurityContext(securityDomain, principal, null, subject);
        previous = securityHelper.associateSecurityContext(securityContext);
        associated = true;
      }

      if (!result.context.isEstablished() || !createSession) {
        LogonResult logonResult =
            new LogonResult(
                new SessionToken(0, "temp"),
                "internal",
                0,
                "internal"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
        logonResult.addProperty(ILogon.KRB5TOKEN, result.serviceTicket);
        logonResult.addProperty(
            ILogon.KRB5_ESTABLISHED, new Boolean(result.context.isEstablished()));
        return logonResult;
      }

      LogManager.logDetail(
          LogConstants.CTX_SECURITY, "Kerberos context established"); // $NON-NLS-1$
      // connProps.setProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, "true");
      // //$NON-NLS-1$
      LogonResult loginInResult = logon(connProps, result.serviceTicket);
      return loginInResult;
    } catch (LoginException e) {
      throw new LogonException(
          RuntimePlugin.Event.TEIID40014, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
    } finally {
      if (associated) {
        service.getSecurityHelper().associateSecurityContext(previous);
      }
    }
  }