@Test
public void testRestoreSecurityContext() {
final SecurityHelper sc =
new SecurityHelper() {
Object mycontext = null;
@Override
public Object getSecurityContext() {
return this.mycontext;
}
@Override
public void clearSecurityContext() {
this.mycontext = null;
}
@Override
public Object associateSecurityContext(Object context) {
Object old = mycontext;
this.mycontext = context;
return old;
}
@Override
public Subject getSubjectInContext(Object context) {
return null;
}
@Override
public Subject getSubjectInContext(String securityDomain) {
return null;
}
@Override
public Object authenticate(
String securityDomain,
String baseUserName,
Credentials credentials,
String applicationName)
throws LoginException {
return null;
}
@Override
public GSSResult negotiateGssLogin(String securityDomain, byte[] serviceTicket)
throws LoginException {
return null;
}
};
Object previousSC = "testSC";
sc.associateSecurityContext(previousSC);
DQPWorkContext message =
new DQPWorkContext() {
@Override
public Subject getSubject() {
return new Subject();
}
};
message.setSecurityHelper(sc);
message.setSession(Mockito.mock(SessionMetadata.class));
final String currentSC = "teiid-security-context"; // $NON-NLS-1$
Mockito.stub(message.getSession().getSecurityContext()).toReturn(currentSC);
Runnable r =
new Runnable() {
@Override
public void run() {
assertEquals(currentSC, sc.getSecurityContext());
}
};
message.runInContext(r);
assertEquals(previousSC, sc.getSecurityContext());
}
@Override
public LogonResult neogitiateGssLogin(
Properties connProps, byte[] serviceTicket, boolean createSession) throws LogonException {
if (!AuthenticationType.GSS.equals(service.getAuthenticationType())) {
throw new LogonException(
RuntimePlugin.Event.TEIID40055,
RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, "Kerberos")); // $NON-NLS-1$
}
String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME);
String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
Object previous = null;
boolean associated = false;
try {
String securityDomain = service.getGssSecurityDomain();
if (securityDomain == null) {
throw new LogonException(
RuntimePlugin.Event.TEIID40059, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40059));
}
// If this KRB5 and using keytab, user and password callback handler never gets called
LoginContext ctx = service.createLoginContext(securityDomain, user, password);
ctx.login();
Subject subject = ctx.getSubject();
GSSResult result = Subject.doAs(subject, new GssAction(serviceTicket));
if (result == null) {
throw new LogonException(
RuntimePlugin.Event.TEIID40014, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
}
if (result.context.isEstablished()) {
Principal principal = null;
for (Principal p : subject.getPrincipals()) {
principal = p;
break;
}
SecurityHelper securityHelper = service.getSecurityHelper();
Object securityContext =
securityHelper.createSecurityContext(securityDomain, principal, null, subject);
previous = securityHelper.associateSecurityContext(securityContext);
associated = true;
}
if (!result.context.isEstablished() || !createSession) {
LogonResult logonResult =
new LogonResult(
new SessionToken(0, "temp"),
"internal",
0,
"internal"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
logonResult.addProperty(ILogon.KRB5TOKEN, result.serviceTicket);
logonResult.addProperty(
ILogon.KRB5_ESTABLISHED, new Boolean(result.context.isEstablished()));
return logonResult;
}
LogManager.logDetail(
LogConstants.CTX_SECURITY, "Kerberos context established"); // $NON-NLS-1$
// connProps.setProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, "true");
// //$NON-NLS-1$
LogonResult loginInResult = logon(connProps, result.serviceTicket);
return loginInResult;
} catch (LoginException e) {
throw new LogonException(
RuntimePlugin.Event.TEIID40014, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
} finally {
if (associated) {
service.getSecurityHelper().associateSecurityContext(previous);
}
}
}
