Example 1 with GSSResult
use of org.teiid.security.GSSResult in project teiid by teiid.
the class JBossSecurityHelper method negotiateGssLogin.
@Override
public GSSResult negotiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException {
SecurityDomainContext securityDomainContext = getSecurityDomainContext(securityDomain);
if (securityDomainContext != null) {
AuthenticationManager authManager = securityDomainContext.getAuthenticationManager();
if (authManager != null) {
Object previous = null;
NegotiationContext context = new NegotiationContext();
context.setRequestMessage(new KerberosMessage(Constants.KERBEROS_V5, serviceTicket));
try {
context.associate();
// $NON-NLS-1$
SecurityContext securityContext = createSecurityContext(securityDomain, new SimplePrincipal("temp"), null, new Subject());
previous = associateSecurityContext(securityContext);
Subject subject = new Subject();
boolean isValid = authManager.isValid(null, null, subject);
if (isValid) {
Principal principal = null;
for (Principal p : subject.getPrincipals()) {
principal = p;
break;
}
Object sc = createSecurityContext(securityDomain, principal, null, subject);
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Logon successful though GSS API" });
GSSResult result = buildGSSResult(context, securityDomain, true);
result.setSecurityContext(sc);
result.setUserName(principal.getName());
return result;
}
// $NON-NLS-1$
LoginException le = (LoginException) securityContext.getData().get("org.jboss.security.exception");
if (le != null) {
if (le.getMessage().equals("Continuation Required.")) {
// $NON-NLS-1$
return buildGSSResult(context, securityDomain, false);
}
throw le;
}
} finally {
associateSecurityContext(previous);
context.clear();
}
}
}
// $NON-NLS-1$
throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, "GSS Auth", securityDomain));
}
Also used :
AuthenticationManager(org.jboss.security.AuthenticationManager)
GSSResult(org.teiid.security.GSSResult)
KerberosMessage(org.jboss.security.negotiation.spnego.KerberosMessage)
SecurityContext(org.jboss.security.SecurityContext)
LoginException(javax.security.auth.login.LoginException)
NegotiationContext(org.jboss.security.negotiation.common.NegotiationContext)
SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Example 2 with GSSResult
use of org.teiid.security.GSSResult in project teiid by teiid.
the class LogonImpl method neogitiateGssLogin.
public GSSResult neogitiateGssLogin(byte[] serviceTicket, String vdbName, String vdbVersion, String user) throws LogonException {
GSSResult result;
try {
result = service.neogitiateGssLogin(user, vdbName, vdbVersion, serviceTicket);
} catch (LoginException e) {
throw new LogonException(RuntimePlugin.Event.TEIID40014, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
}
if (result == null) {
throw new LogonException(RuntimePlugin.Event.TEIID40014, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
}
if (result.isAuthenticated()) {
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, "Kerberos context established");
this.gssServiceTickets.put(Base64.encodeBytes(MD5(result.getServiceToken())), result.getSecurityContext());
}
return result;
}
Also used :
GSSResult(org.teiid.security.GSSResult)
LogonException(org.teiid.client.security.LogonException)
LoginException(javax.security.auth.login.LoginException)
Example 3 with GSSResult
use of org.teiid.security.GSSResult in project teiid by teiid.
the class LogonImpl method neogitiateGssLogin.
@Override
public LogonResult neogitiateGssLogin(Properties connProps, byte[] serviceTicket, boolean createSession) throws LogonException {
String vdbName = connProps.getProperty(BaseDataSource.VDB_NAME);
String vdbVersion = connProps.getProperty(BaseDataSource.VDB_VERSION);
String user = connProps.getProperty(BaseDataSource.USER_NAME);
AuthenticationType authType = this.service.getAuthenticationType(vdbName, vdbVersion, user);
if (!AuthenticationType.GSS.equals(authType)) {
// $NON-NLS-1$
throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, "Kerberos"));
}
// Using SPENGO security domain establish a token and subject.
GSSResult result = neogitiateGssLogin(serviceTicket, vdbName, vdbVersion, user);
if (!result.isAuthenticated() || !createSession) {
// $NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
LogonResult logonResult = new LogonResult(new SessionToken(0, "temp"), "internal", "internal");
logonResult.addProperty(ILogon.KRB5TOKEN, result.getServiceToken());
logonResult.addProperty(ILogon.KRB5_ESTABLISHED, new Boolean(result.isAuthenticated()));
if (result.isAuthenticated()) {
logonResult.addProperty(GSSCredential.class.getName(), result.getDelegationCredential());
}
return logonResult;
}
// GSS API (jdbc) will make the session in one single call
connProps.setProperty(TeiidURL.CONNECTION.USER_NAME, result.getUserName());
connProps.put(ILogon.KRB5TOKEN, result.getServiceToken());
if (result.getDelegationCredential() != null) {
connProps.put(GSSCredential.class.getName(), result.getDelegationCredential());
}
LogonResult logonResult = logon(connProps);
return logonResult;
}
Also used :
GSSResult(org.teiid.security.GSSResult)
SessionToken(org.teiid.client.security.SessionToken)
GSSCredential(org.ietf.jgss.GSSCredential)
LogonException(org.teiid.client.security.LogonException)
LogonResult(org.teiid.client.security.LogonResult)
AuthenticationType(org.teiid.net.socket.AuthenticationType)
Example 4 with GSSResult
use of org.teiid.security.GSSResult in project teiid by teiid.
the class ODBCServerRemoteImpl method logon.
@Override
public void logon(String databaseName, String user, NullTerminatedStringDataInputStream data, SocketAddress remoteAddress) {
try {
java.util.Properties info = new java.util.Properties();
info.put(TeiidURL.CONNECTION.USER_NAME, user);
AuthenticationType authType = getAuthenticationType(user, databaseName);
String password = null;
if (authType.equals(AuthenticationType.USERPASSWORD)) {
password = data.readString();
} else if (authType.equals(AuthenticationType.GSS)) {
byte[] serviceToken = data.readServiceToken();
GSSResult result = this.logon.neogitiateGssLogin(serviceToken, databaseName, null, user);
serviceToken = result.getServiceToken();
if (result.isAuthenticated()) {
info.put(ILogon.KRB5TOKEN, serviceToken);
if (!result.isNullContinuationToken()) {
this.client.authenticationGSSContinue(serviceToken);
}
// if delegation is in progress, participate in it.
if (result.getDelegationCredential() != null) {
info.put(GSSCredential.class.getName(), result.getDelegationCredential());
}
} else {
this.client.authenticationGSSContinue(serviceToken);
return;
}
} else {
// $NON-NLS-1$
throw new AssertionError("Unsupported Authentication Type");
}
// this is local connection
// $NON-NLS-1$
String url = "jdbc:teiid:" + databaseName;
if (password != null) {
info.put(TeiidURL.CONNECTION.PASSWORD, password);
}
String applicationName = this.props.getProperty(PgBackendProtocol.APPLICATION_NAME);
if (applicationName == null) {
applicationName = PgBackendProtocol.DEFAULT_APPLICATION_NAME;
this.props.put(PgBackendProtocol.APPLICATION_NAME, applicationName);
}
info.put(TeiidURL.CONNECTION.APP_NAME, applicationName);
if (remoteAddress instanceof InetSocketAddress) {
SocketServerConnection.updateConnectionProperties(info, ((InetSocketAddress) remoteAddress).getAddress(), false);
}
this.connection = driver.connect(url, info);
// Propagate so that we can use in pg methods
SessionMetadata sm = ((LocalServerConnection) this.connection.getServerConnection()).getWorkContext().getSession();
sm.addAttchment(ODBCServerRemoteImpl.class, this);
setConnectionProperties(this.connection);
int hash = this.connection.getConnectionId().hashCode();
Enumeration<?> keys = this.props.propertyNames();
while (keys.hasMoreElements()) {
String key = (String) keys.nextElement();
this.connection.setExecutionProperty(key, this.props.getProperty(key));
}
StatementImpl s = this.connection.createStatement();
try {
// $NON-NLS-1$
s.execute("select teiid_session_set('resolve_groupby_positional', true)");
} finally {
s.close();
}
this.client.authenticationSucess(hash, hash);
ready();
} catch (SQLException e) {
errorOccurred(e);
terminate();
} catch (LogonException e) {
errorOccurred(e);
terminate();
} catch (IOException e) {
errorOccurred(e);
terminate();
}
}
Also used :
Properties(java.util.Properties)
TeiidSQLException(org.teiid.jdbc.TeiidSQLException)
SQLException(java.sql.SQLException)
InetSocketAddress(java.net.InetSocketAddress)
SessionMetadata(org.teiid.adminapi.impl.SessionMetadata)
IOException(java.io.IOException)
Properties(java.util.Properties)
GSSResult(org.teiid.security.GSSResult)
PreparedStatementImpl(org.teiid.jdbc.PreparedStatementImpl)
StatementImpl(org.teiid.jdbc.StatementImpl)
LogonException(org.teiid.client.security.LogonException)
AuthenticationType(org.teiid.net.socket.AuthenticationType)
Aggregations
GSSResult (org.teiid.security.GSSResult)4
LogonException (org.teiid.client.security.LogonException)3
LoginException (javax.security.auth.login.LoginException)2
AuthenticationType (org.teiid.net.socket.AuthenticationType)2
IOException (java.io.IOException)1
InetSocketAddress (java.net.InetSocketAddress)1
Principal (java.security.Principal)1
SQLException (java.sql.SQLException)1
Properties (java.util.Properties)1
Subject (javax.security.auth.Subject)1
GSSCredential (org.ietf.jgss.GSSCredential)1
SecurityDomainContext (org.jboss.as.security.plugins.SecurityDomainContext)1
AuthenticationManager (org.jboss.security.AuthenticationManager)1
SecurityContext (org.jboss.security.SecurityContext)1
SimplePrincipal (org.jboss.security.SimplePrincipal)1
NegotiationContext (org.jboss.security.negotiation.common.NegotiationContext)1
KerberosMessage (org.jboss.security.negotiation.spnego.KerberosMessage)1
SessionMetadata (org.teiid.adminapi.impl.SessionMetadata)1
LogonResult (org.teiid.client.security.LogonResult)1
SessionToken (org.teiid.client.security.SessionToken)1
