Skip to main content

JCA Container Integration, Why Teiid needs it? Part 3

By
The Teiid project is being integrated to run inside a JCA container. In earlier posts I gave two compelling reasons for the move.

Reason # 1
Reason #2

Today we examine #3

Reason 3: Security

Security is vitally important for any enterprise application. This is especially true for Teiid as there are typically strict organizational rules governing access to data sources. At a high level Teiid allows for a customizable user authentication/authorization system. There are pre-defined system administrative roles and data authorization roles can be defined for each virtual database (a.k.a. entitlements, or data roles) to govern access at a granular level.

Teiid 6.2 (and earlier) Security Features

Teiid 6.2 provided a Membership API to define customizable security domains from which to obtain authentication and authorization information. Teiid shipped with implementations of LDAP and File based membership domains. Security at the connector level was supported, static credentials, client passed credentials, or through "trusted" payloads. Using trusted payloads, the client can pass any object to a connector for custom authentication/authorization. Like previous issues, this worked great! and there are reams of code to prove it. However, there is a better alternative JAAS.

Java Authentication and Authorization Service (JAAS)

JAAS is a java based security framework that is built into Java runtime. Here is description from the spec site:

Underlying the Java SE Platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features — cryptography, authentication and authorization, public key infrastructure, and more — are built in. The Java security model is based on a customizable "sandbox" in which Java software programs can run safely, without potential risk to systems or users.

JBoss AS uses the PicketLink (JBoss Security) as the security module, which implements the JAAS based authentication framework. Out of the box there are various different login modules available for use. As before, LDAP and File based login modules supported. If their requirements are not satisfied with any of the provided modules, a developer can also write a custom login module.

By moving into container environment Teiid:
  • replaced a custom security framework with a standards based JAAS based framework
  • has access to a plugin based authorization and authentication mechanism
  • retained all the functionality from before to define security domains.
  • reduced its code footprint.
Connectors can also be configured for a "security-domain" such that the container ensures the user is authenticated prior to access. In some Containers this security profile is used to create user specific connection pools to segregate connections from common connection pools. Having this login context available at the Connector is similar to having the "trusted payload" as before, however passing a payload is left for the implementation of the login module.

Next up well look at Microcontiner and its service and deployer framework.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Teiid Spring Boot 1.7.0 Released

By
Teiid Spring Boot version 1.7.0 to support Teiid 16.0 has been released. This release is mainly to support the Teiid's latest version.  In this release, the support for OpenAPI code generation based on VDB has been removed as there is no community interest and moreover it was at OpenAPI 2.0, and the industry has moved to 3.0 and beyond. There are no plans to further pursue this feature. VDB maven plugin was also removed, which was intended to be a replacement for the VDB importing feature was to be used when working on OpenShift, however, since it requires the Maven repository and does not completely represent the feature as defined on the WildFly based deployments this is also removed. You can still use the VDB import feature with Teiid Spring Boot, simply define the VDB with your "IMPORT DATABASE" statements and provide the additional files along with the main VDB file. During the start of the application, Teiid Spring Boot will load all the necessary DDL files for the ...
Post a Comment
Read more

Teiid Spring Boot 1.5.0 Released

By
I am excited to announce that Teiid Spring Boot version 1.5.0 released today to the maven repository based on Teiid 14.0.0 release. If you have not used Teiid Spring Boot before, it is built on top Teiid Core libraries with developer simplification in mind. It simplifies the deployment model to a single VDB and provides you with executable binary rather than Server like WildFly where you need to deploy your VDBs. The release highlights are * Cassandra Data Source support * Materialization automation * Spring Boot version to 2.2.6 * Keystore/Truststore simplifications that work across the system * SOAP Data Source support * FTP Database Support * A Lot of changes to detect data sources based on their inclusion as dependencies and consistent naming schemes across both Teiid and Teiid Spring Boot. For a full list see this Take look at the various examples in Teiid Spring Boot and take it for test drive let me know if there are any issues or improvements you see. Ramesh...
Post a Comment
Read more

Teiid Designer 8.3 Beta 1 milestone available

By
Teiid Designer 8.3 , targeted for release late next month, is focused on bug fixing and improving the integration of the JBoss server and Teiid runtime frameworks. We've released our first milestone, 8.3 Beta1 and it's available from our downloads page via zip archive or update site . Highlights include... Addressed problems re-deploying non-JDBC data sources TEIIDDES-1742 and TEIIDDES-1767   Improved Teiid Configuration tree behavior TEIIDDES-1730 - Add Create Teiid VDB Data Source action to VDB selection TEIIDDES-1835 - Add preview artifact management actions TEIIDDES-1847 - Filter preview artifacts in tree if not tied to current runtime user      TEIIDDES-1814 - Remove Teiid-specific server creation dialog Teiid Designer Team
Post a Comment
Read more