Search in sources :

Example 1 with GSSResult

use of org.teiid.security.GSSResult in project teiid by teiid.

the class JBossSecurityHelper method negotiateGssLogin.

@Override
public GSSResult negotiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException {
    SecurityDomainContext securityDomainContext = getSecurityDomainContext(securityDomain);
    if (securityDomainContext != null) {
        AuthenticationManager authManager = securityDomainContext.getAuthenticationManager();
        if (authManager != null) {
            Object previous = null;
            NegotiationContext context = new NegotiationContext();
            context.setRequestMessage(new KerberosMessage(Constants.KERBEROS_V5, serviceTicket));
            try {
                context.associate();
                // $NON-NLS-1$
                SecurityContext securityContext = createSecurityContext(securityDomain, new SimplePrincipal("temp"), null, new Subject());
                previous = associateSecurityContext(securityContext);
                Subject subject = new Subject();
                boolean isValid = authManager.isValid(null, null, subject);
                if (isValid) {
                    Principal principal = null;
                    for (Principal p : subject.getPrincipals()) {
                        principal = p;
                        break;
                    }
                    Object sc = createSecurityContext(securityDomain, principal, null, subject);
                    // $NON-NLS-1$
                    LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Logon successful though GSS API" });
                    GSSResult result = buildGSSResult(context, securityDomain, true);
                    result.setSecurityContext(sc);
                    result.setUserName(principal.getName());
                    return result;
                }
                // $NON-NLS-1$
                LoginException le = (LoginException) securityContext.getData().get("org.jboss.security.exception");
                if (le != null) {
                    if (le.getMessage().equals("Continuation Required.")) {
                        // $NON-NLS-1$
                        return buildGSSResult(context, securityDomain, false);
                    }
                    throw le;
                }
            } finally {
                associateSecurityContext(previous);
                context.clear();
            }
        }
    }
    // $NON-NLS-1$
    throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, "GSS Auth", securityDomain));
}
Also used : AuthenticationManager(org.jboss.security.AuthenticationManager) GSSResult(org.teiid.security.GSSResult) KerberosMessage(org.jboss.security.negotiation.spnego.KerberosMessage) SecurityContext(org.jboss.security.SecurityContext) LoginException(javax.security.auth.login.LoginException) NegotiationContext(org.jboss.security.negotiation.common.NegotiationContext) SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext) SimplePrincipal(org.jboss.security.SimplePrincipal) Subject(javax.security.auth.Subject) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 2 with GSSResult

use of org.teiid.security.GSSResult in project teiid by teiid.

the class LogonImpl method neogitiateGssLogin.

public GSSResult neogitiateGssLogin(byte[] serviceTicket, String vdbName, String vdbVersion, String user) throws LogonException {
    GSSResult result;
    try {
        result = service.neogitiateGssLogin(user, vdbName, vdbVersion, serviceTicket);
    } catch (LoginException e) {
        throw new LogonException(RuntimePlugin.Event.TEIID40014, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
    }
    if (result == null) {
        throw new LogonException(RuntimePlugin.Event.TEIID40014, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
    }
    if (result.isAuthenticated()) {
        // $NON-NLS-1$
        LogManager.logDetail(LogConstants.CTX_SECURITY, "Kerberos context established");
        this.gssServiceTickets.put(Base64.encodeBytes(MD5(result.getServiceToken())), result.getSecurityContext());
    }
    return result;
}
Also used : GSSResult(org.teiid.security.GSSResult) LogonException(org.teiid.client.security.LogonException) LoginException(javax.security.auth.login.LoginException)

Example 3 with GSSResult

use of org.teiid.security.GSSResult in project teiid by teiid.

the class LogonImpl method neogitiateGssLogin.

@Override
public LogonResult neogitiateGssLogin(Properties connProps, byte[] serviceTicket, boolean createSession) throws LogonException {
    String vdbName = connProps.getProperty(BaseDataSource.VDB_NAME);
    String vdbVersion = connProps.getProperty(BaseDataSource.VDB_VERSION);
    String user = connProps.getProperty(BaseDataSource.USER_NAME);
    AuthenticationType authType = this.service.getAuthenticationType(vdbName, vdbVersion, user);
    if (!AuthenticationType.GSS.equals(authType)) {
        // $NON-NLS-1$
        throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, "Kerberos"));
    }
    // Using SPENGO security domain establish a token and subject.
    GSSResult result = neogitiateGssLogin(serviceTicket, vdbName, vdbVersion, user);
    if (!result.isAuthenticated() || !createSession) {
        // $NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
        LogonResult logonResult = new LogonResult(new SessionToken(0, "temp"), "internal", "internal");
        logonResult.addProperty(ILogon.KRB5TOKEN, result.getServiceToken());
        logonResult.addProperty(ILogon.KRB5_ESTABLISHED, new Boolean(result.isAuthenticated()));
        if (result.isAuthenticated()) {
            logonResult.addProperty(GSSCredential.class.getName(), result.getDelegationCredential());
        }
        return logonResult;
    }
    // GSS API (jdbc) will make the session in one single call
    connProps.setProperty(TeiidURL.CONNECTION.USER_NAME, result.getUserName());
    connProps.put(ILogon.KRB5TOKEN, result.getServiceToken());
    if (result.getDelegationCredential() != null) {
        connProps.put(GSSCredential.class.getName(), result.getDelegationCredential());
    }
    LogonResult logonResult = logon(connProps);
    return logonResult;
}
Also used : GSSResult(org.teiid.security.GSSResult) SessionToken(org.teiid.client.security.SessionToken) GSSCredential(org.ietf.jgss.GSSCredential) LogonException(org.teiid.client.security.LogonException) LogonResult(org.teiid.client.security.LogonResult) AuthenticationType(org.teiid.net.socket.AuthenticationType)

Example 4 with GSSResult

use of org.teiid.security.GSSResult in project teiid by teiid.

the class ODBCServerRemoteImpl method logon.

@Override
public void logon(String databaseName, String user, NullTerminatedStringDataInputStream data, SocketAddress remoteAddress) {
    try {
        java.util.Properties info = new java.util.Properties();
        info.put(TeiidURL.CONNECTION.USER_NAME, user);
        AuthenticationType authType = getAuthenticationType(user, databaseName);
        String password = null;
        if (authType.equals(AuthenticationType.USERPASSWORD)) {
            password = data.readString();
        } else if (authType.equals(AuthenticationType.GSS)) {
            byte[] serviceToken = data.readServiceToken();
            GSSResult result = this.logon.neogitiateGssLogin(serviceToken, databaseName, null, user);
            serviceToken = result.getServiceToken();
            if (result.isAuthenticated()) {
                info.put(ILogon.KRB5TOKEN, serviceToken);
                if (!result.isNullContinuationToken()) {
                    this.client.authenticationGSSContinue(serviceToken);
                }
                // if delegation is in progress, participate in it.
                if (result.getDelegationCredential() != null) {
                    info.put(GSSCredential.class.getName(), result.getDelegationCredential());
                }
            } else {
                this.client.authenticationGSSContinue(serviceToken);
                return;
            }
        } else {
            // $NON-NLS-1$
            throw new AssertionError("Unsupported Authentication Type");
        }
        // this is local connection
        // $NON-NLS-1$
        String url = "jdbc:teiid:" + databaseName;
        if (password != null) {
            info.put(TeiidURL.CONNECTION.PASSWORD, password);
        }
        String applicationName = this.props.getProperty(PgBackendProtocol.APPLICATION_NAME);
        if (applicationName == null) {
            applicationName = PgBackendProtocol.DEFAULT_APPLICATION_NAME;
            this.props.put(PgBackendProtocol.APPLICATION_NAME, applicationName);
        }
        info.put(TeiidURL.CONNECTION.APP_NAME, applicationName);
        if (remoteAddress instanceof InetSocketAddress) {
            SocketServerConnection.updateConnectionProperties(info, ((InetSocketAddress) remoteAddress).getAddress(), false);
        }
        this.connection = driver.connect(url, info);
        // Propagate so that we can use in pg methods
        SessionMetadata sm = ((LocalServerConnection) this.connection.getServerConnection()).getWorkContext().getSession();
        sm.addAttchment(ODBCServerRemoteImpl.class, this);
        setConnectionProperties(this.connection);
        int hash = this.connection.getConnectionId().hashCode();
        Enumeration<?> keys = this.props.propertyNames();
        while (keys.hasMoreElements()) {
            String key = (String) keys.nextElement();
            this.connection.setExecutionProperty(key, this.props.getProperty(key));
        }
        StatementImpl s = this.connection.createStatement();
        try {
            // $NON-NLS-1$
            s.execute("select teiid_session_set('resolve_groupby_positional', true)");
        } finally {
            s.close();
        }
        this.client.authenticationSucess(hash, hash);
        ready();
    } catch (SQLException e) {
        errorOccurred(e);
        terminate();
    } catch (LogonException e) {
        errorOccurred(e);
        terminate();
    } catch (IOException e) {
        errorOccurred(e);
        terminate();
    }
}
Also used : Properties(java.util.Properties) TeiidSQLException(org.teiid.jdbc.TeiidSQLException) SQLException(java.sql.SQLException) InetSocketAddress(java.net.InetSocketAddress) SessionMetadata(org.teiid.adminapi.impl.SessionMetadata) IOException(java.io.IOException) Properties(java.util.Properties) GSSResult(org.teiid.security.GSSResult) PreparedStatementImpl(org.teiid.jdbc.PreparedStatementImpl) StatementImpl(org.teiid.jdbc.StatementImpl) LogonException(org.teiid.client.security.LogonException) AuthenticationType(org.teiid.net.socket.AuthenticationType)

Aggregations

GSSResult (org.teiid.security.GSSResult)4 LogonException (org.teiid.client.security.LogonException)3 LoginException (javax.security.auth.login.LoginException)2 AuthenticationType (org.teiid.net.socket.AuthenticationType)2 IOException (java.io.IOException)1 InetSocketAddress (java.net.InetSocketAddress)1 Principal (java.security.Principal)1 SQLException (java.sql.SQLException)1 Properties (java.util.Properties)1 Subject (javax.security.auth.Subject)1 GSSCredential (org.ietf.jgss.GSSCredential)1 SecurityDomainContext (org.jboss.as.security.plugins.SecurityDomainContext)1 AuthenticationManager (org.jboss.security.AuthenticationManager)1 SecurityContext (org.jboss.security.SecurityContext)1 SimplePrincipal (org.jboss.security.SimplePrincipal)1 NegotiationContext (org.jboss.security.negotiation.common.NegotiationContext)1 KerberosMessage (org.jboss.security.negotiation.spnego.KerberosMessage)1 SessionMetadata (org.teiid.adminapi.impl.SessionMetadata)1 LogonResult (org.teiid.client.security.LogonResult)1 SessionToken (org.teiid.client.security.SessionToken)1