Examples with LogonException org.teiid.client.security.LogonException used on opensource projects

Example 1 with LogonException

use of org.teiid.client.security.LogonException in project teiid by teiid.

the class TestSocketRemoting method testMethodInvocation.

@Test
public void testMethodInvocation() throws Exception {
    ClientServiceRegistryImpl csr = new ClientServiceRegistryImpl() {

        @Override
        public ClassLoader getCallerClassloader() {
            return getClass().getClassLoader();
        }
    };
    csr.registerClientService(ILogon.class, new ILogon() {

        public ResultsFuture<?> logoff() throws InvalidSessionException {
            ResultsFuture<?> result = new ResultsFuture<Void>();
            // $NON-NLS-1$
            result.getResultsReceiver().exceptionOccurred(new TeiidComponentException("some exception"));
            return result;
        }

        public LogonResult logon(Properties connectionProperties) throws LogonException, TeiidComponentException {
            return new LogonResult();
        }

        // tests asynch where we don't care about the result
        public ResultsFuture<?> ping() throws InvalidSessionException, TeiidComponentException {
            return null;
        }

        @Override
        public ResultsFuture<?> ping(Collection<String> sessions) throws TeiidComponentException, CommunicationException {
            return null;
        }

        @Override
        public void assertIdentity(SessionToken sessionId) throws InvalidSessionException, TeiidComponentException {
        }

        @Override
        public LogonResult neogitiateGssLogin(Properties connectionProperties, byte[] serviceToken, boolean createSession) throws LogonException {
            return null;
        }
    }, // $NON-NLS-1$
    "foo");
    // $NON-NLS-1$
    csr.registerClientService(FakeService.class, new FakeServiceImpl(), "foo");
    final FakeClientServerInstance serverInstance = new FakeClientServerInstance(csr);
    SocketServerConnection connection = createFakeConnection(serverInstance);
    ILogon logon = connection.getService(ILogon.class);
    Future<?> result = logon.ping();
    assertNull(result.get(0, TimeUnit.MILLISECONDS));
    result = logon.logoff();
    try {
        result.get(0, TimeUnit.MICROSECONDS);
        // $NON-NLS-1$
        fail("exception expected");
    } catch (ExecutionException e) {
        assertTrue(e.getCause() instanceof TeiidComponentException);
    }
    FakeService service = connection.getService(FakeService.class);
    Future<Integer> asynchInteger = service.asynchResult();
    assertEquals(new Integer(5), asynchInteger.get(0, TimeUnit.MILLISECONDS));
    try {
        service.exceptionMethod();
        // $NON-NLS-1$
        fail("exception expected");
    } catch (TeiidProcessingException e) {
    }
    DQP dqp = connection.getService(DQP.class);
    try {
        ResultsFuture<?> future = dqp.begin();
        future.get();
        // $NON-NLS-1$
        fail("exception expected");
    } catch (Exception e) {
        // $NON-NLS-1$
        assertTrue(e.getMessage().indexOf("Component not found:") != -1);
    }
}

Example 2 with LogonException

use of org.teiid.client.security.LogonException in project teiid by teiid.

the class GssAction method authenticate.

public static LogonResult authenticate(ILogon logon, Properties props) throws LogonException, TeiidComponentException, CommunicationException {
    if (logger.isLoggable(Level.FINE)) {
        // $NON-NLS-1$
        logger.fine("GSS Authentication Request");
    }
    Object result = null;
    StringBuilder errors = new StringBuilder();
    String jaasApplicationName = props.getProperty(TeiidURL.CONNECTION.JAAS_NAME);
    // $NON-NLS-1$
    String nl = System.getProperty("line.separator");
    if (jaasApplicationName == null) {
        // $NON-NLS-1$
        jaasApplicationName = "Teiid";
    }
    String kerberosPrincipalName = props.getProperty(TeiidURL.CONNECTION.KERBEROS_SERVICE_PRINCIPLE_NAME);
    if (kerberosPrincipalName == null) {
        try {
            TeiidURL url = new TeiidURL(props.getProperty(TeiidURL.CONNECTION.SERVER_URL));
            // $NON-NLS-1$
            kerberosPrincipalName = "TEIID/" + url.getHostInfo().get(0).getHostName();
        } catch (Exception e) {
        // Ignore exception
        }
        if (kerberosPrincipalName == null) {
            // $NON-NLS-1$
            errors.append(JDBCPlugin.Util.getString("client_prop_missing", TeiidURL.CONNECTION.KERBEROS_SERVICE_PRINCIPLE_NAME));
            errors.append(nl);
        }
    }
    // $NON-NLS-1$
    String krb5 = System.getProperty("java.security.krb5.conf");
    // $NON-NLS-1$
    String realm = System.getProperty("java.security.krb5.realm");
    // $NON-NLS-1$
    String kdc = System.getProperty("java.security.krb5.kdc");
    if (krb5 == null && realm == null && kdc == null) {
        // $NON-NLS-1$
        errors.append(JDBCPlugin.Util.getString("no_gss_selection"));
        errors.append(nl);
    } else if (krb5 != null && (realm != null || kdc != null)) {
        // $NON-NLS-1$
        errors.append(JDBCPlugin.Util.getString("ambigious_gss_selection"));
        errors.append(nl);
    } else if ((realm != null && kdc == null) || (realm == null && kdc != null)) {
        // krb5 is null here..
        if (realm == null) {
            // $NON-NLS-1$ //$NON-NLS-2$
            errors.append(JDBCPlugin.Util.getString("system_prop_missing", "java.security.krb5.realm"));
            errors.append(nl);
        }
        if (kdc == null) {
            // $NON-NLS-1$ //$NON-NLS-2$
            errors.append(JDBCPlugin.Util.getString("system_prop_missing", "java.security.krb5.kdc"));
            errors.append(nl);
        }
    }
    // $NON-NLS-1$
    String config = System.getProperty("java.security.auth.login.config");
    if (config == null) {
        // $NON-NLS-1$ //$NON-NLS-2$
        errors.append(JDBCPlugin.Util.getString("system_prop_missing", "java.security.auth.login.config"));
        errors.append(nl);
    }
    try {
        String user = props.getProperty(TeiidURL.CONNECTION.USER_NAME);
        String password = props.getProperty(TeiidURL.CONNECTION.PASSWORD);
        boolean performAuthentication = true;
        GSSCredential gssCredential = null;
        Subject sub = Subject.getSubject(AccessController.getContext());
        if (sub != null) {
            Set<GSSCredential> gssCreds = sub.getPrivateCredentials(GSSCredential.class);
            if (gssCreds != null && gssCreds.size() > 0) {
                gssCredential = gssCreds.iterator().next();
                performAuthentication = false;
                if (logger.isLoggable(Level.FINE)) {
                    // $NON-NLS-1$
                    logger.fine("GSS Authentication using delegated credential");
                }
            } else {
                if (logger.isLoggable(Level.FINE)) {
                    // $NON-NLS-1$
                    logger.fine("No delegation credential found in the subject");
                }
            }
        }
        if (performAuthentication) {
            if (errors.length() > 0) {
                throw new LogonException(JDBCPlugin.Event.TEIID20005, errors.toString());
            }
            LoginContext lc = new LoginContext(jaasApplicationName, new GSSCallbackHandler(user, password));
            lc.login();
            sub = lc.getSubject();
        }
        PrivilegedAction action = new GssAction(logon, kerberosPrincipalName, props, user, gssCredential);
        result = Subject.doAs(sub, action);
    } catch (Exception e) {
        throw new LogonException(JDBCPlugin.Event.TEIID20005, e, JDBCPlugin.Util.gs(JDBCPlugin.Event.TEIID20005));
    }
    if (result instanceof LogonException) {
        throw (LogonException) result;
    } else if (result instanceof TeiidComponentException) {
        throw (TeiidComponentException) result;
    } else if (result instanceof CommunicationException) {
        throw (CommunicationException) result;
    } else if (result instanceof Exception) {
        throw new LogonException(JDBCPlugin.Event.TEIID20005, (Exception) result, JDBCPlugin.Util.gs(JDBCPlugin.Event.TEIID20005));
    }
    return (LogonResult) result;
}

Example 3 with LogonException

use of org.teiid.client.security.LogonException in project teiid by teiid.

the class SessionServiceImpl method getAuthenticationType.

@Override
public AuthenticationType getAuthenticationType(String vdbName, String version, String userName) throws LogonException {
    if (userName == null) {
        userName = CoreConstants.DEFAULT_ANON_USERNAME;
    }
    if (vdbName != null) {
        VDB vdb = null;
        try {
            vdb = getActiveVDB(vdbName, version);
        } catch (SessionServiceException e) {
            throw new LogonException(e);
        }
        if (vdb != null) {
            String gssPattern = vdb.getPropertyValue(GSS_PATTERN_PROPERTY);
            if (gssPattern != null && Pattern.matches(gssPattern, userName)) {
                return AuthenticationType.GSS;
            }
            String passwordPattern = vdb.getPropertyValue(PASSWORD_PATTERN_PROPERTY);
            if (passwordPattern != null && Pattern.matches(passwordPattern, userName)) {
                return AuthenticationType.USERPASSWORD;
            }
            String typeProperty = vdb.getPropertyValue(AUTHENTICATION_TYPE_PROPERTY);
            if (typeProperty != null) {
                return AuthenticationType.valueOf(typeProperty);
            }
        }
    }
    return this.defaultAuthenticationType;
}

Example 4 with LogonException

use of org.teiid.client.security.LogonException in project teiid by teiid.

the class LocalServerConnection method authenticate.

public synchronized void authenticate() throws ConnectionException, CommunicationException {
    Object previousSecurityContext = workContext.getSecurityHelper().associateSecurityContext(workContext.getSession().getSecurityContext());
    try {
        logoff();
    } finally {
        workContext.getSecurityHelper().associateSecurityContext(previousSecurityContext);
    }
    workContext.setSecurityContext(previousSecurityContext);
    try {
        this.result = this.getService(ILogon.class).logon(this.connectionProperties);
        AuthenticationType type = (AuthenticationType) this.result.getProperty(ILogon.AUTH_TYPE);
        if (type != null) {
            // server has issued an additional challenge
            if (type == AuthenticationType.GSS) {
                try {
                    this.result = MakeGSS.authenticate(this.getService(ILogon.class), this.connectionProperties);
                } catch (LogonException e) {
                    if (!passthrough) {
                        throw new LogonException(RuntimePlugin.Event.TEIID40150, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40150));
                    }
                    throw e;
                }
            } else {
                throw new LogonException(JDBCPlugin.Event.TEIID20034, JDBCPlugin.Util.gs(JDBCPlugin.Event.TEIID20034, type));
            }
        }
    } catch (LogonException e) {
        // to give to the user
        throw new ConnectionException(e);
    } catch (TeiidComponentException e) {
        if (e.getCause() instanceof CommunicationException) {
            throw (CommunicationException) e.getCause();
        }
        throw new CommunicationException(RuntimePlugin.Event.TEIID40069, e);
    }
}

Example 5 with LogonException

use of org.teiid.client.security.LogonException in project teiid by teiid.

the class LogonImpl method logon.

private LogonResult logon(Properties connProps, byte[] krb5ServiceTicket, AuthenticationType authType, String user) throws LogonException {
    String vdbName = connProps.getProperty(BaseDataSource.VDB_NAME);
    String vdbVersion = connProps.getProperty(BaseDataSource.VDB_VERSION);
    String applicationName = connProps.getProperty(TeiidURL.CONNECTION.APP_NAME);
    String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
    Credentials credential = null;
    if (password != null) {
        credential = new Credentials(password.toCharArray());
    }
    try {
        SessionMetadata sessionInfo = service.createSession(vdbName, vdbVersion, authType, user, credential, applicationName, connProps);
        if (connProps.get(GSSCredential.class.getName()) != null) {
            addCredentials(sessionInfo.getSubject(), (GSSCredential) connProps.get(GSSCredential.class.getName()));
        }
        updateDQPContext(sessionInfo);
        if (DQPWorkContext.getWorkContext().getClientAddress() == null) {
            sessionInfo.setEmbedded(true);
        }
        // if (oldSessionId != null) {
        // TODO: we should be smarter about disassociating the old sessions from the client.  we'll just rely on
        // ping based clean up
        // }
        LogonResult result = new LogonResult(sessionInfo.getSessionToken(), sessionInfo.getVDBName(), clusterName);
        if (krb5ServiceTicket != null) {
            result.addProperty(ILogon.KRB5TOKEN, krb5ServiceTicket);
        }
        return result;
    } catch (LoginException e) {
        throw new LogonException(e);
    } catch (SessionServiceException e) {
        throw new LogonException(e);
    }
}