This content has been marked as final.
Show 17 replies
-
15. Re: Custom Membership Domain
rareddy Nov 2, 2009 11:30 PM (in response to nestordrod)The code I'm looking at was using PlatformPlugin to obtain a standard error message for when the username and/or credential is null in the authenticateUser() method, similar to how the LDAPMembershipDomain class uses DQPEmbeddedPlugin for that purpose
You can use Log4J logging. See the "log4j.xml" file to control the logging levels.Oh, and at the risk of being nit-picky, MembershipDomain is by far not the only Teiid class or interface necessary to implement a custom membership domain.
To see this I did wrote simple eclipse project with following codepackage org.custom; import java.io.Serializable; import java.util.HashMap; import java.util.HashSet; import java.util.Properties; import java.util.Set; import org.apache.log4j.Logger; import com.metamatrix.api.exception.security.InvalidUserException; import com.metamatrix.api.exception.security.LogonException; import com.metamatrix.api.exception.security.UnsupportedCredentialException; import com.metamatrix.platform.security.api.Credentials; import com.metamatrix.platform.security.api.service.SuccessfulAuthenticationToken; import com.metamatrix.platform.security.membership.spi.MembershipDomain; import com.metamatrix.platform.security.membership.spi.MembershipSourceException; public class MyMembershipDomain implements MembershipDomain { static Logger log = Logger.getLogger(MyMembershipDomain.class); HashMap<String, String> userCredentails = new HashMap<String, String>(); Set groups = new HashSet<String>(); @Override public Set getGroupNames(){ return this.groups; } @Override public void initialize(Properties arg0) throws MembershipSourceException { this.userCredentails.put("user1", "password1"); this.userCredentails.put("user2", "password"); groups.add("group1"); groups.add("group2"); } @Override public void shutdown() throws MembershipSourceException { } @Override public SuccessfulAuthenticationToken authenticateUser(String username, Credentials credential, Serializable trustedToken, String applicationName) throws UnsupportedCredentialException, InvalidUserException,LogonException, MembershipSourceException { if (username == null || credential == null) { throw new UnsupportedCredentialException("a username and password must be supplied for this domain"); //$NON-NLS-1$ } String password = userCredentails.get(username); if (password == null) { throw new InvalidUserException("user " + username + " is invalid"); //$NON-NLS-1$ //$NON-NLS-2$ } if (password.equals(String.valueOf(credential.getCredentialsAsCharArray()))) { // logging using log4j. Configure the log4j.xml file control the logging log.debug("user "+username +" has sucessfully logged in"); return new SuccessfulAuthenticationToken(trustedToken, username); } throw new LogonException("user " + username + " could not be authenticated"); //$NON-NLS-1$ //$NON-NLS-2$ } @Override public Set getGroupNamesForUser(String user) throws InvalidUserException, MembershipSourceException { return this.groups; } }
For this to compile properly, I had to add the following jars to the build path in the eclipse.teiid-runtime-6.2.0.jar teiid-common-internal-6.2.0.jar teiid-engine-6.2.0.jar teiid-6.2.0.jar log4j.jar
all these files you can find them in "lib" and "client" directory of your Teiid install. These should all you need to include.
I agree, the dependency set for this not properly re-factored in Teiid. This shows the ugly dependency chain between the projects from the past. We have fixed lot of issues like this in Teiid. We apologize for inconvenience, we are striving to provide best product for our users, but it is no easy task. Thanks for bringing this to our attention.
Future: Teiid is moving to support JAAS based authentication in 6.3 the dependency on Teiid based classes will be completely taken out. To use custom membership you would only need to extend the JAAS based apis, no more Teiid extensions. http://java.sun.com/javase/6/docs/technotes/guides/security/ -
16. Re: Custom Membership Domain
nestordrod Nov 3, 2009 10:21 AM (in response to nestordrod)That looks about right, except I have no "teiid-6.2.0.jar" in my distribution, unless you're referring to "teiid-6.2.0-client.jar".
Thanks for the JAAS reference. I'll look into that and see ho it can interface with the system's authentication provider. -
17. Re: Custom Membership Domain
rareddy Nov 3, 2009 10:42 AM (in response to nestordrod)Yes, That is typo, it is supposed to be "teiid-6.2.0-client.jar"
Thanks.