Example 1 with AuditMessage
use of org.teiid.logging.AuditMessage in project teiid by teiid.
the class SessionServiceImpl method closeSession.
@Override
public void closeSession(String sessionID) throws InvalidSessionException {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_SECURITY, MessageLevel.DETAIL)) {
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "closeSession", sessionID });
}
SessionMetadata info = getSessionInfo(sessionID, true);
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logoff", info));
}
if (info.getVDBName() != null) {
try {
dqp.terminateSession(info.getSessionId());
} catch (Exception e) {
LogManager.logWarning(LogConstants.CTX_SECURITY, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40018));
}
}
info.setSecurityContext(null);
info.setClosed();
info.getSessionVariables().clear();
}
Also used :
AuditMessage(org.teiid.logging.AuditMessage)
SessionMetadata(org.teiid.adminapi.impl.SessionMetadata)
LoginException(javax.security.auth.login.LoginException)
InvalidSessionException(org.teiid.client.security.InvalidSessionException)
SessionServiceException(org.teiid.dqp.service.SessionServiceException)
LogonException(org.teiid.client.security.LogonException)
Example 2 with AuditMessage
use of org.teiid.logging.AuditMessage in project teiid by teiid.
the class AuthorizationValidationVisitor method logRequest.
private void logRequest(Set<String> resources, Context context) {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// Audit - request
// $NON-NLS-1$
AuditMessage msg = new AuditMessage(context.name(), "getInaccessibleResources-request", resources.toArray(new String[resources.size()]), commandContext);
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, msg);
}
}
Also used :
AuditMessage(org.teiid.logging.AuditMessage)
Example 3 with AuditMessage
use of org.teiid.logging.AuditMessage in project teiid by teiid.
the class AuthorizationValidationVisitor method logResult.
private void logResult(Set<String> resources, Context context, boolean granted) {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
if (granted) {
// $NON-NLS-1$
AuditMessage msg = new AuditMessage(context.name(), "getInaccessibleResources-granted all", resources.toArray(new String[resources.size()]), commandContext);
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, msg);
} else {
// $NON-NLS-1$
AuditMessage msg = new AuditMessage(context.name(), "getInaccessibleResources-denied", resources.toArray(new String[resources.size()]), commandContext);
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, msg);
}
}
}
Also used :
AuditMessage(org.teiid.logging.AuditMessage)
Example 4 with AuditMessage
use of org.teiid.logging.AuditMessage in project teiid by teiid.
the class SessionServiceImpl method createSession.
@Override
public SessionMetadata createSession(String vdbName, String vdbVersion, AuthenticationType authType, String userName, Credentials credentials, String applicationName, Properties properties) throws LoginException, SessionServiceException {
ArgCheck.isNotNull(applicationName);
ArgCheck.isNotNull(properties);
Object securityContext = null;
Subject subject = null;
String hostName = properties.getProperty(TeiidURL.CONNECTION.CLIENT_HOSTNAME);
String ipAddress = properties.getProperty(TeiidURL.CONNECTION.CLIENT_IP_ADDRESS);
String clientMac = properties.getProperty(TeiidURL.CONNECTION.CLIENT_MAC);
boolean onlyAllowPassthrough = Boolean.valueOf(properties.getProperty(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, // $NON-NLS-1$
"false"));
AuditMessage.LogonInfo info = new AuditMessage.LogonInfo(vdbName, vdbVersion, authType.toString(), userName, applicationName, hostName, ipAddress, clientMac, onlyAllowPassthrough);
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logon-request", info, null));
}
try {
// Validate VDB and version if logging on to server product...
VDBMetaData vdb = null;
if (vdbName != null) {
vdb = getActiveVDB(vdbName, vdbVersion);
if (vdb == null) {
throw new SessionServiceException(RuntimePlugin.Event.TEIID40046, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40046, vdbName, vdbVersion));
}
}
if (sessionMaxLimit > 0 && getActiveSessionsCount() >= sessionMaxLimit) {
throw new SessionServiceException(RuntimePlugin.Event.TEIID40043, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40043, new Long(sessionMaxLimit)));
}
String securityDomain = getSecurityDomain(userName, vdbName, vdbVersion, vdb);
if (securityDomain != null) {
// Authenticate user...
// if not authenticated, this method throws exception
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "authenticateUser", userName, applicationName });
String baseUserName = userName;
if (allowSecurityDomainQualifier) {
baseUserName = getBaseUsername(userName);
}
if (onlyAllowPassthrough || authType.equals(AuthenticationType.GSS)) {
subject = this.securityHelper.getSubjectInContext(securityDomain);
if (subject == null) {
if ((!onlyAllowPassthrough || !(trustAllLocal && DQPWorkContext.getWorkContext().isLocal()))) {
throw new LoginException(RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40087));
}
} else {
userName = getUserName(subject, baseUserName);
}
securityContext = this.securityHelper.getSecurityContext();
} else {
userName = baseUserName;
securityContext = this.securityHelper.authenticate(securityDomain, baseUserName, credentials, applicationName);
subject = this.securityHelper.getSubjectInContext(securityContext);
}
} else {
LogManager.logDetail(LogConstants.CTX_SECURITY, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40117));
}
long creationTime = System.currentTimeMillis();
// Return a new session info object
SessionMetadata newSession = new SessionMetadata();
newSession.setSessionToken(new SessionToken(userName));
newSession.setSessionId(newSession.getSessionToken().getSessionID());
newSession.setUserName(userName);
newSession.setCreatedTime(creationTime);
newSession.setApplicationName(applicationName);
newSession.setClientHostName(hostName);
newSession.setIPAddress(ipAddress);
newSession.setClientHardwareAddress(clientMac);
newSession.setSecurityDomain(securityDomain);
if (vdb != null) {
newSession.setVDBName(vdb.getName());
newSession.setVDBVersion(vdb.getVersion());
}
// these are local no need for monitoring.
newSession.setSubject(subject);
newSession.setSecurityContext(securityContext);
newSession.setVdb(vdb);
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_SECURITY, MessageLevel.DETAIL)) {
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Logon successful, created", newSession });
}
this.sessionCache.put(newSession.getSessionId(), newSession);
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logon-success", newSession));
}
return newSession;
} catch (LoginException e) {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logon-fail", info, e));
}
throw e;
} catch (SessionServiceException e) {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_AUDITLOGGING, MessageLevel.DETAIL)) {
// $NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_AUDITLOGGING, new AuditMessage("session", "logon-fail", info, e));
}
throw e;
}
}
Also used :
AuditMessage(org.teiid.logging.AuditMessage)
SessionToken(org.teiid.client.security.SessionToken)
SessionMetadata(org.teiid.adminapi.impl.SessionMetadata)
Subject(javax.security.auth.Subject)
VDBMetaData(org.teiid.adminapi.impl.VDBMetaData)
LoginException(javax.security.auth.login.LoginException)
SessionServiceException(org.teiid.dqp.service.SessionServiceException)
Aggregations
AuditMessage (org.teiid.logging.AuditMessage)4
LoginException (javax.security.auth.login.LoginException)2
SessionMetadata (org.teiid.adminapi.impl.SessionMetadata)2
SessionServiceException (org.teiid.dqp.service.SessionServiceException)2
Subject (javax.security.auth.Subject)1
VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)1
InvalidSessionException (org.teiid.client.security.InvalidSessionException)1
LogonException (org.teiid.client.security.LogonException)1
SessionToken (org.teiid.client.security.SessionToken)1
