Example 1 with SessionServiceException
use of org.teiid.dqp.service.SessionServiceException in project teiid by teiid.
the class SessionServiceImpl method getAuthenticationType.
@Override
public AuthenticationType getAuthenticationType(String vdbName, String version, String userName) throws LogonException {
if (userName == null) {
userName = CoreConstants.DEFAULT_ANON_USERNAME;
}
if (vdbName != null) {
VDB vdb = null;
try {
vdb = getActiveVDB(vdbName, version);
} catch (SessionServiceException e) {
throw new LogonException(e);
}
if (vdb != null) {
String gssPattern = vdb.getPropertyValue(GSS_PATTERN_PROPERTY);
if (gssPattern != null && Pattern.matches(gssPattern, userName)) {
return AuthenticationType.GSS;
}
String passwordPattern = vdb.getPropertyValue(PASSWORD_PATTERN_PROPERTY);
if (passwordPattern != null && Pattern.matches(passwordPattern, userName)) {
return AuthenticationType.USERPASSWORD;
}
String typeProperty = vdb.getPropertyValue(AUTHENTICATION_TYPE_PROPERTY);
if (typeProperty != null) {
return AuthenticationType.valueOf(typeProperty);
}
}
}
return this.defaultAuthenticationType;
}
Also used :
VDB(org.teiid.adminapi.VDB)
LogonException(org.teiid.client.security.LogonException)
SessionServiceException(org.teiid.dqp.service.SessionServiceException)
Example 2 with SessionServiceException
use of org.teiid.dqp.service.SessionServiceException in project teiid by teiid.
the class LogonImpl method logon.
private LogonResult logon(Properties connProps, byte[] krb5ServiceTicket, AuthenticationType authType, String user) throws LogonException {
String vdbName = connProps.getProperty(BaseDataSource.VDB_NAME);
String vdbVersion = connProps.getProperty(BaseDataSource.VDB_VERSION);
String applicationName = connProps.getProperty(TeiidURL.CONNECTION.APP_NAME);
String password = connProps.getProperty(TeiidURL.CONNECTION.PASSWORD);
Credentials credential = null;
if (password != null) {
credential = new Credentials(password.toCharArray());
}
try {
SessionMetadata sessionInfo = service.createSession(vdbName, vdbVersion, authType, user, credential, applicationName, connProps);
if (connProps.get(GSSCredential.class.getName()) != null) {
addCredentials(sessionInfo.getSubject(), (GSSCredential) connProps.get(GSSCredential.class.getName()));
}
updateDQPContext(sessionInfo);
if (DQPWorkContext.getWorkContext().getClientAddress() == null) {
sessionInfo.setEmbedded(true);
}
// if (oldSessionId != null) {
// TODO: we should be smarter about disassociating the old sessions from the client. we'll just rely on
// ping based clean up
// }
LogonResult result = new LogonResult(sessionInfo.getSessionToken(), sessionInfo.getVDBName(), clusterName);
if (krb5ServiceTicket != null) {
result.addProperty(ILogon.KRB5TOKEN, krb5ServiceTicket);
}
return result;
} catch (LoginException e) {
throw new LogonException(e);
} catch (SessionServiceException e) {
throw new LogonException(e);
}
}
Also used :
GSSCredential(org.ietf.jgss.GSSCredential)
SessionMetadata(org.teiid.adminapi.impl.SessionMetadata)
LogonException(org.teiid.client.security.LogonException)
LogonResult(org.teiid.client.security.LogonResult)
LoginException(javax.security.auth.login.LoginException)
Credentials(org.teiid.security.Credentials)
SessionServiceException(org.teiid.dqp.service.SessionServiceException)
Example 3 with SessionServiceException
use of org.teiid.dqp.service.SessionServiceException in project teiid by teiid.
the class SessionServiceImpl method createSession.
@Override
public SessionMetadata createSession(String vdbName, String vdbVersion, AuthenticationType authType, String userName, Credentials credentials, String applicationName, Properties properties) throws LoginException, SessionServiceException {
ArgCheck.isNotNull(applicationName);
ArgCheck.isNotNull(properties);
Object securityContext = null;
Subject subject = null;
String hostName = properties.getProperty(TeiidURL.CONNECTION.CLIENT_HOSTNAME);
String ipAddress = properties.getProperty(TeiidURL.CONNECTION.CLIENT_IP_ADDRESS);
String clientMac = properties.getProperty(TeiidURL.CONNECTION.CLIENT_MAC);
boolean onlyAllowPassthrough = Boolean.valueOf(properties.getProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, // $NON-NLS-1$
"false"));
AuditMessage.LogonInfo info = new AuditMessage.LogonInfo(vdbName, vdbVersion, authType.toString(), userName, applicationName, hostName, ipAddress, clientMac, onlyAllowPassthrough);
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logon-request", info, null));
}
try {
// Validate VDB and version if logging on to server product...
VDBMetaData vdb = null;
if (vdbName != null) {
vdb = getActiveVDB(vdbName, vdbVersion);
if (vdb == null) {
throw new SessionServiceException(RuntimePlugin.Event.TEIID40046, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40046, vdbName, vdbVersion));
}
}
if (sessionMaxLimit > 0 && getActiveSessionsCount() >= sessionMaxLimit) {
throw new SessionServiceException(RuntimePlugin.Event.TEIID40043, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40043, new Long(sessionMaxLimit)));
}
String securityDomain = getSecurityDomain(userName, vdbName, vdbVersion, vdb);
if (securityDomain != null) {
// Authenticate user...
// if not authenticated, this method throws exception
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "authenticateUser", userName, applicationName });
String baseUserName = userName;
if (allowSecurityDomainQualifier) {
baseUserName = getBaseUsername(userName);
}
if (onlyAllowPassthrough || authType.equals(AuthenticationType.GSS)) {
subject = this.securityHelper.getSubjectInContext(securityDomain);
if (subject == null) {
if ((!onlyAllowPassthrough || !(trustAllLocal && DQPWorkContext.getWorkContext().isLocal()))) {
throw new LoginException(RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40087));
}
} else {
userName = getUserName(subject, baseUserName);
}
securityContext = this.securityHelper.getSecurityContext();
} else {
userName = baseUserName;
securityContext = this.securityHelper.authenticate(securityDomain, baseUserName, credentials, applicationName);
subject = this.securityHelper.getSubjectInContext(securityContext);
}
} else {
LogManager.logDetail(LogConstants.CTX_SECURITY, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40117));
}
long creationTime = System.currentTimeMillis();
// Return a new session info object
SessionMetadata newSession = new SessionMetadata();
newSession.setSessionToken(new SessionToken(userName));
newSession.setSessionId(newSession.getSessionToken().getSessionID());
newSession.setUserName(userName);
newSession.setCreatedTime(creationTime);
newSession.setApplicationName(applicationName);
newSession.setClientHostName(hostName);
newSession.setIPAddress(ipAddress);
newSession.setClientHardwareAddress(clientMac);
newSession.setSecurityDomain(securityDomain);
if (vdb != null) {
newSession.setVDBName(vdb.getName());
newSession.setVDBVersion(vdb.getVersion());
}
// these are local no need for monitoring.
newSession.setSubject(subject);
newSession.setSecurityContext(securityContext);
newSession.setVdb(vdb);
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_SECURITY, MessageLevel.DETAIL)) {
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Logon successful, created", newSession });
}
this.sessionCache.put(newSession.getSessionId(), newSession);
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logon-success", newSession));
}
return newSession;
} catch (LoginException e) {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logon-fail", info, e));
}
throw e;
} catch (SessionServiceException e) {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logon-fail", info, e));
}
throw e;
}
}
Also used :
AuditMessage(org.teiid.logging.AuditMessage)
SessionToken(org.teiid.client.security.SessionToken)
SessionMetadata(org.teiid.adminapi.impl.SessionMetadata)
Subject(javax.security.auth.Subject)
VDBMetaData(org.teiid.adminapi.impl.VDBMetaData)
LoginException(javax.security.auth.login.LoginException)
SessionServiceException(org.teiid.dqp.service.SessionServiceException)
Example 4 with SessionServiceException
use of org.teiid.dqp.service.SessionServiceException in project teiid by teiid.
the class LogonImpl method assertIdentity.
@Override
public void assertIdentity(SessionToken checkSession) throws InvalidSessionException, TeiidComponentException {
if (checkSession == null) {
// disassociate
this.updateDQPContext(new SessionMetadata());
return;
}
SessionMetadata sessionInfo = null;
try {
sessionInfo = this.service.validateSession(checkSession.getSessionID());
} catch (SessionServiceException e) {
throw new TeiidComponentException(RuntimePlugin.Event.TEIID40062, e);
}
if (sessionInfo == null) {
throw new InvalidSessionException(RuntimePlugin.Event.TEIID40063);
}
SessionToken st = sessionInfo.getSessionToken();
if (!st.equals(checkSession)) {
throw new InvalidSessionException(RuntimePlugin.Event.TEIID40064);
}
this.updateDQPContext(sessionInfo);
}
Also used :
InvalidSessionException(org.teiid.client.security.InvalidSessionException)
SessionToken(org.teiid.client.security.SessionToken)
SessionMetadata(org.teiid.adminapi.impl.SessionMetadata)
TeiidComponentException(org.teiid.core.TeiidComponentException)
SessionServiceException(org.teiid.dqp.service.SessionServiceException)
Aggregations
SessionServiceException (org.teiid.dqp.service.SessionServiceException)4
SessionMetadata (org.teiid.adminapi.impl.SessionMetadata)3
LoginException (javax.security.auth.login.LoginException)2
LogonException (org.teiid.client.security.LogonException)2
SessionToken (org.teiid.client.security.SessionToken)2
Subject (javax.security.auth.Subject)1
GSSCredential (org.ietf.jgss.GSSCredential)1
VDB (org.teiid.adminapi.VDB)1
VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)1
InvalidSessionException (org.teiid.client.security.InvalidSessionException)1
LogonResult (org.teiid.client.security.LogonResult)1
TeiidComponentException (org.teiid.core.TeiidComponentException)1
AuditMessage (org.teiid.logging.AuditMessage)1
Credentials (org.teiid.security.Credentials)1
