Example 6 with LogonException
use of org.teiid.client.security.LogonException in project teiid by teiid.
the class LogonImpl method logon.
public LogonResult logon(Properties connProps) throws LogonException {
String vdbName = connProps.getProperty(BaseDataSource.VDB_NAME);
String vdbVersion = connProps.getProperty(BaseDataSource.VDB_VERSION);
String user = connProps.getProperty(TeiidURL.CONNECTION.USER_NAME, CoreConstants.DEFAULT_ANON_USERNAME);
boolean onlyAllowPassthrough = Boolean.valueOf(connProps.getProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, // $NON-NLS-1$
"false"));
AuthenticationType authType = AuthenticationType.USERPASSWORD;
if (!onlyAllowPassthrough) {
authType = this.service.getAuthenticationType(vdbName, vdbVersion, user);
}
// the presence of the KRB5 token take as GSS based login.
if (connProps.get(ILogon.KRB5TOKEN) != null) {
if (authType == AuthenticationType.GSS) {
Object previous = null;
boolean assosiated = false;
SecurityHelper securityHelper = service.getSecurityHelper();
try {
byte[] krb5Token = (byte[]) connProps.get(ILogon.KRB5TOKEN);
Object securityContext = this.gssServiceTickets.remove(Base64.encodeBytes(MD5(krb5Token)));
if (securityContext == null) {
throw new LogonException(RuntimePlugin.Event.TEIID40054, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40054));
}
previous = securityHelper.associateSecurityContext(securityContext);
assosiated = true;
return logon(connProps, krb5Token, AuthenticationType.GSS, user);
} finally {
if (assosiated) {
securityHelper.associateSecurityContext(previous);
}
}
} else {
// shouldn't really get here, but we'll try user name password anyway
}
} else if (authType == AuthenticationType.GSS) {
Version v = DQPWorkContext.getWorkContext().getClientVersion();
// send a login result with a GSS challange
if (v.compareTo(Version.EIGHT_7) >= 0) {
LogonResult result = new LogonResult();
result.addProperty(ILogon.AUTH_TYPE, authType);
return result;
}
// throw an exception
throw new LogonException(RuntimePlugin.Event.TEIID40149, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40149));
}
if (!AuthenticationType.USERPASSWORD.equals(authType)) {
throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, authType));
}
return logon(connProps, null, AuthenticationType.USERPASSWORD, user);
}
Also used :
Version(org.teiid.dqp.internal.process.DQPWorkContext.Version)
LogonException(org.teiid.client.security.LogonException)
LogonResult(org.teiid.client.security.LogonResult)
AuthenticationType(org.teiid.net.socket.AuthenticationType)
SecurityHelper(org.teiid.security.SecurityHelper)
Example 7 with LogonException
use of org.teiid.client.security.LogonException in project teiid by teiid.
the class LogonImpl method neogitiateGssLogin.
public GSSResult neogitiateGssLogin(byte[] serviceTicket, String vdbName, String vdbVersion, String user) throws LogonException {
GSSResult result;
try {
result = service.neogitiateGssLogin(user, vdbName, vdbVersion, serviceTicket);
} catch (LoginException e) {
throw new LogonException(RuntimePlugin.Event.TEIID40014, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
}
if (result == null) {
throw new LogonException(RuntimePlugin.Event.TEIID40014, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
}
if (result.isAuthenticated()) {
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, "Kerberos context established");
this.gssServiceTickets.put(Base64.encodeBytes(MD5(result.getServiceToken())), result.getSecurityContext());
}
return result;
}
Also used :
GSSResult(org.teiid.security.GSSResult)
LogonException(org.teiid.client.security.LogonException)
LoginException(javax.security.auth.login.LoginException)
Example 8 with LogonException
use of org.teiid.client.security.LogonException in project teiid by teiid.
the class LogonImpl method neogitiateGssLogin.
@Override
public LogonResult neogitiateGssLogin(Properties connProps, byte[] serviceTicket, boolean createSession) throws LogonException {
String vdbName = connProps.getProperty(BaseDataSource.VDB_NAME);
String vdbVersion = connProps.getProperty(BaseDataSource.VDB_VERSION);
String user = connProps.getProperty(BaseDataSource.USER_NAME);
AuthenticationType authType = this.service.getAuthenticationType(vdbName, vdbVersion, user);
if (!AuthenticationType.GSS.equals(authType)) {
// $NON-NLS-1$
throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, "Kerberos"));
}
// Using SPENGO security domain establish a token and subject.
GSSResult result = neogitiateGssLogin(serviceTicket, vdbName, vdbVersion, user);
if (!result.isAuthenticated() || !createSession) {
// $NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
LogonResult logonResult = new LogonResult(new SessionToken(0, "temp"), "internal", "internal");
logonResult.addProperty(ILogon.KRB5TOKEN, result.getServiceToken());
logonResult.addProperty(ILogon.KRB5_ESTABLISHED, new Boolean(result.isAuthenticated()));
if (result.isAuthenticated()) {
logonResult.addProperty(GSSCredential.class.getName(), result.getDelegationCredential());
}
return logonResult;
}
// GSS API (jdbc) will make the session in one single call
connProps.setProperty(TeiidURL.CONNECTION.USER_NAME, result.getUserName());
connProps.put(ILogon.KRB5TOKEN, result.getServiceToken());
if (result.getDelegationCredential() != null) {
connProps.put(GSSCredential.class.getName(), result.getDelegationCredential());
}
LogonResult logonResult = logon(connProps);
return logonResult;
}
Also used :
GSSResult(org.teiid.security.GSSResult)
SessionToken(org.teiid.client.security.SessionToken)
GSSCredential(org.ietf.jgss.GSSCredential)
LogonException(org.teiid.client.security.LogonException)
LogonResult(org.teiid.client.security.LogonResult)
AuthenticationType(org.teiid.net.socket.AuthenticationType)
Example 9 with LogonException
use of org.teiid.client.security.LogonException in project teiid by teiid.
the class ODBCServerRemoteImpl method logon.
@Override
public void logon(String databaseName, String user, NullTerminatedStringDataInputStream data, SocketAddress remoteAddress) {
try {
java.util.Properties info = new java.util.Properties();
info.put(TeiidURL.CONNECTION.USER_NAME, user);
AuthenticationType authType = getAuthenticationType(user, databaseName);
String password = null;
if (authType.equals(AuthenticationType.USERPASSWORD)) {
password = data.readString();
} else if (authType.equals(AuthenticationType.GSS)) {
byte[] serviceToken = data.readServiceToken();
GSSResult result = this.logon.neogitiateGssLogin(serviceToken, databaseName, null, user);
serviceToken = result.getServiceToken();
if (result.isAuthenticated()) {
info.put(ILogon.KRB5TOKEN, serviceToken);
if (!result.isNullContinuationToken()) {
this.client.authenticationGSSContinue(serviceToken);
}
// if delegation is in progress, participate in it.
if (result.getDelegationCredential() != null) {
info.put(GSSCredential.class.getName(), result.getDelegationCredential());
}
} else {
this.client.authenticationGSSContinue(serviceToken);
return;
}
} else {
// $NON-NLS-1$
throw new AssertionError("Unsupported Authentication Type");
}
// this is local connection
// $NON-NLS-1$
String url = "jdbc:teiid:" + databaseName;
if (password != null) {
info.put(TeiidURL.CONNECTION.PASSWORD, password);
}
String applicationName = this.props.getProperty(PgBackendProtocol.APPLICATION_NAME);
if (applicationName == null) {
applicationName = PgBackendProtocol.DEFAULT_APPLICATION_NAME;
this.props.put(PgBackendProtocol.APPLICATION_NAME, applicationName);
}
info.put(TeiidURL.CONNECTION.APP_NAME, applicationName);
if (remoteAddress instanceof InetSocketAddress) {
SocketServerConnection.updateConnectionProperties(info, ((InetSocketAddress) remoteAddress).getAddress(), false);
}
this.connection = driver.connect(url, info);
// Propagate so that we can use in pg methods
SessionMetadata sm = ((LocalServerConnection) this.connection.getServerConnection()).getWorkContext().getSession();
sm.addAttchment(ODBCServerRemoteImpl.class, this);
setConnectionProperties(this.connection);
int hash = this.connection.getConnectionId().hashCode();
Enumeration<?> keys = this.props.propertyNames();
while (keys.hasMoreElements()) {
String key = (String) keys.nextElement();
this.connection.setExecutionProperty(key, this.props.getProperty(key));
}
StatementImpl s = this.connection.createStatement();
try {
// $NON-NLS-1$
s.execute("select teiid_session_set('resolve_groupby_positional', true)");
} finally {
s.close();
}
this.client.authenticationSucess(hash, hash);
ready();
} catch (SQLException e) {
errorOccurred(e);
terminate();
} catch (LogonException e) {
errorOccurred(e);
terminate();
} catch (IOException e) {
errorOccurred(e);
terminate();
}
}
Also used :
Properties(java.util.Properties)
TeiidSQLException(org.teiid.jdbc.TeiidSQLException)
SQLException(java.sql.SQLException)
InetSocketAddress(java.net.InetSocketAddress)
SessionMetadata(org.teiid.adminapi.impl.SessionMetadata)
IOException(java.io.IOException)
Properties(java.util.Properties)
GSSResult(org.teiid.security.GSSResult)
PreparedStatementImpl(org.teiid.jdbc.PreparedStatementImpl)
StatementImpl(org.teiid.jdbc.StatementImpl)
LogonException(org.teiid.client.security.LogonException)
AuthenticationType(org.teiid.net.socket.AuthenticationType)
Example 10 with LogonException
use of org.teiid.client.security.LogonException in project teiid by teiid.
the class SocketServerConnection method logon.
private void logon(ILogon newLogon, boolean logoff) throws LogonException, TeiidComponentException, CommunicationException {
SocketServerInstance instance = this.serverInstance;
updateConnectionProperties(connProps, instance.getLocalAddress(), true);
LogonResult newResult = null;
// - if gss
if (connProps.contains(TeiidURL.CONNECTION.JAAS_NAME)) {
newResult = MakeGSS.authenticate(newLogon, connProps);
} else {
newResult = newLogon.logon(connProps);
}
AuthenticationType type = (AuthenticationType) newResult.getProperty(ILogon.AUTH_TYPE);
if (type != null) {
// server has issued an additional challange
if (type == AuthenticationType.GSS) {
newResult = MakeGSS.authenticate(newLogon, connProps);
} else {
throw new LogonException(JDBCPlugin.Event.TEIID20034, JDBCPlugin.Util.gs(JDBCPlugin.Event.TEIID20034, type));
}
}
if (logoff) {
LogonResult old = this.logonResults.remove(this.serverInstance.getHostInfo());
this.connectionFactory.disconnected(this.serverInstance, old.getSessionToken());
logoffAll();
}
this.logonResult = newResult;
this.logonResults.put(instance.getHostInfo(), this.logonResult);
this.connectionFactory.connected(instance, this.logonResult.getSessionToken());
}
Also used :
LogonException(org.teiid.client.security.LogonException)
LogonResult(org.teiid.client.security.LogonResult)
Aggregations
LogonException (org.teiid.client.security.LogonException)14
LogonResult (org.teiid.client.security.LogonResult)8
TeiidComponentException (org.teiid.core.TeiidComponentException)5
AuthenticationType (org.teiid.net.socket.AuthenticationType)5
Properties (java.util.Properties)4
CommunicationException (org.teiid.net.CommunicationException)4
IOException (java.io.IOException)3
InetSocketAddress (java.net.InetSocketAddress)3
InvalidSessionException (org.teiid.client.security.InvalidSessionException)3
SessionToken (org.teiid.client.security.SessionToken)3
ConnectionException (org.teiid.net.ConnectionException)3
GSSResult (org.teiid.security.GSSResult)3
UnknownHostException (java.net.UnknownHostException)2
Subject (javax.security.auth.Subject)2
LoginException (javax.security.auth.login.LoginException)2
GSSCredential (org.ietf.jgss.GSSCredential)2
Test (org.junit.Test)2
SessionMetadata (org.teiid.adminapi.impl.SessionMetadata)2
ILogon (org.teiid.client.security.ILogon)2
ResultsFuture (org.teiid.client.util.ResultsFuture)2
