1 Reply Latest reply on Jul 17, 2019 9:22 AM by rareddy

    User Roles not mapped in Security Context

    lalitverma131
    lalitverma131 Jul 16, 2019 11:42 AM

      Hello,

       

      I am trying to build an application using Teiid's Embedded Runtime. I have been facing issues on applying the data roles to my vdb. I have been trying to map data roles to my users with specific roles to provide restricted access to the model/table/column, but have failed and not been able to access any of the table.

       

      As given in the documentation, I am using the picketbox for the security of my teiid runtime. The only difference is that instead of using an xml configuration for Picketbox, I am trying to build configuration using the Configuration API of the Picketbox, as my configuration can be dynamic.

       

      On debugging the code, I found that :

       

      I am able to authenticate the user properly and also the usercontext returned by the picketbox manager has all the details of roles, group of an principal, but when I try to create an security context using the Picketbox's securitycontextfactory the roles are not added in the security context, probably due to which my data roles are not applying. On further debugging inside the picketbox core jar, I found that the function used to create the securitycontext is not passing in the roles itself.

       

      Below is my code:

       

      1. Code to build the Configuration using the Configuration API of Picketbox:

       

      ConfigurationBuilder cb = new ConfigurationBuilder();

      PicketBoxConfiguration pbc= cb.authentication().mechanism(new UserNamePasswordAuthenticationMechanism()).identityManager().jpaStore().entityManagerLookupStrategy(this).audit();

      PicketBoxManager pbm= new DefaultPicketBoxManager(pbc)

       

      2. Code which authenticates and builds the security context

      final UserContext context = this.pbm.authenticate(new UserContext(new UsernamePasswordCredential(baseUserName,String.valueOf(credentials.getCredentialsAsCharArray()))));

       

      if (context.isAuthenticated()) {

           final Principal userPrincipal = context.getPrincipal();

           final Subject subject = new Subject();

           final String credString = new String(credentials.getCredentialsAsCharArray());

           final String domain = securityDomain;

          

           SecurityContext securityContext = AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() {

                          public SecurityContext run() {

                               SecurityContext sc = null;

                               try {

                                         sc = SecurityContextFactory.createSecurityContext(userPrincipal, credString,subject, domain);

                                    }

                          } catch (Exception e) {

                               throw new RuntimeException(e);

                          }

                          return sc;

                     }

                });

       

      Any help is highly appreciated. I have been stuck in this issue for quite a time.

       

      Regards

      Lalit Verma