airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sma...@apache.org
Subject airavata git commit: merging the implementation carried on sprint1_update2 with the updated airavata master
Date Wed, 08 Jul 2015 14:19:54 GMT
Repository: airavata
Updated Branches:
  refs/heads/master e105f9413 -> ab0bf86c5


merging the implementation carried on sprint1_update2 with the updated airavata master


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/ab0bf86c
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/ab0bf86c
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/ab0bf86c

Branch: refs/heads/master
Commit: ab0bf86c59da550873b7fc18f990042f221e3f35
Parents: e105f94
Author: hasinitg <hasi7786@gmail.com>
Authored: Wed Jul 8 18:43:27 2015 +0530
Committer: hasinitg <hasi7786@gmail.com>
Committed: Wed Jul 8 18:43:27 2015 +0530

----------------------------------------------------------------------
 airavata-api/airavata-api-server/pom.xml        |   5 +
 .../airavata/api/server/AiravataAPIServer.java  | 124 +++++++---
 .../server/handler/AiravataServerHandler.java   |  10 +-
 .../security/AiravataSecurityManager.java       |   3 +-
 .../DefaultAiravataSecurityManager.java         |  13 +-
 .../api/server/security/DefaultOAuthClient.java |  29 ++-
 .../api/server/security/SecurityException.java  |  11 -
 .../server/security/SecurityManagerFactory.java |  37 ++-
 .../api/client/AiravataClientFactory.java       |  30 +++
 distribution/src/main/assembly/bin-assembly.xml |   2 +
 .../apache/airavata/common/utils/Constants.java |   6 +
 .../airavata/common/utils/ServerSettings.java   |  20 ++
 .../main/resources/airavata-server.properties   |  10 +-
 .../server/src/main/resources/airavata.jks      | Bin 501 -> 1410 bytes
 .../server/src/main/resources/airavata.pem      | Bin 0 -> 634 bytes
 .../src/main/resources/client_truststore.jks    | Bin 0 -> 1307 bytes
 .../server/src/main/resources/wso2carbon.pem    | Bin 0 -> 569 bytes
 .../security/AiravataSecurityException.java     |  39 +++
 .../security/util/TrustStoreManager.java        |  83 +++++++
 samples/java-client/pom.xml                     |   5 +-
 samples/java-client/secure-client/pom.xml       |  27 +--
 .../sample/AiravataSecurityException.java       |  31 ---
 .../sample/OAuthAppRegisteringClient.java       |  38 +--
 .../sample/OAuthTokenRetrievalClient.java       |  74 ++++--
 .../airavata/secure/sample/Properties.java      |   7 +-
 .../airavata/secure/sample/SecureClient.java    | 237 ++++++++++++-------
 26 files changed, 578 insertions(+), 263 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/pom.xml
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/pom.xml b/airavata-api/airavata-api-server/pom.xml
index d3d1fc5..7e86cef 100644
--- a/airavata-api/airavata-api-server/pom.xml
+++ b/airavata-api/airavata-api-server/pom.xml
@@ -67,6 +67,11 @@
             <version>${project.version}</version>
         </dependency>
         <dependency>
+            <groupId>org.apache.airavata</groupId>
+            <artifactId>airavata-security</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
             <groupId>org.apache.thrift</groupId>
             <artifactId>libthrift</artifactId>
             <version>${thrift.version}</version>

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
index 42f8c1a..21c2c58 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
@@ -22,6 +22,8 @@
 package org.apache.airavata.api.server;
 
 import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
+import java.net.InetAddress;
 
 import org.apache.airavata.api.Airavata;
 import org.apache.airavata.api.server.handler.AiravataServerHandler;
@@ -40,6 +42,7 @@ import org.apache.thrift.server.TThreadPoolServer;
 import org.apache.thrift.transport.TServerSocket;
 import org.apache.thrift.transport.TServerTransport;
 import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.TSSLTransportFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -51,7 +54,7 @@ public class AiravataAPIServer implements IServer{
 
     private ServerStatus status;
 
-	private TServer server;
+	private TServer server, TLSServer;
 
 	public AiravataAPIServer() {
 		setStatus(ServerStatus.STOPPED);
@@ -61,51 +64,95 @@ public class AiravataAPIServer implements IServer{
         try {
             RegistryInitUtil.initializeDB();
             AppCatalogInitUtil.initializeDB();
-            final int serverPort = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_PORT,"8930"));
             final String serverHost = ServerSettings.getSetting(Constants.API_SERVER_HOST, null);
-            
-			TServerTransport serverTransport;
-			
-			if(serverHost == null){
-				serverTransport = new TServerSocket(serverPort);
-			}else{
-				InetSocketAddress inetSocketAddress = new InetSocketAddress(serverHost, serverPort);
-				serverTransport = new TServerSocket(inetSocketAddress);
-			}
-			
-            TThreadPoolServer.Args options = new TThreadPoolServer.Args(serverTransport);
-            options.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_MIN_THREADS, "50"));
-			server = new TThreadPoolServer(options.processor(airavataAPIServer));
-            new Thread() {
-				public void run() {
-					server.serve();
-					RegistryInitUtil.stopDerbyInServerMode();
-					setStatus(ServerStatus.STOPPED);
-					logger.info("Airavata API Server Stopped.");
+            if (!ServerSettings.isTLSEnabled()) {
+                final int serverPort = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_PORT, "8930"));
+
+				TServerTransport serverTransport;
+
+				if (serverHost == null) {
+					serverTransport = new TServerSocket(serverPort);
+				} else {
+					InetSocketAddress inetSocketAddress = new InetSocketAddress(serverHost, serverPort);
+					serverTransport = new TServerSocket(inetSocketAddress);
 				}
-			}.start();
-			new Thread() {
-				public void run() {
-					while(!server.isServing()){
-						try {
-							Thread.sleep(500);
-						} catch (InterruptedException e) {
-							break;
-						}
+
+				TThreadPoolServer.Args options = new TThreadPoolServer.Args(serverTransport);
+				options.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_MIN_THREADS, "50"));
+				server = new TThreadPoolServer(options.processor(airavataAPIServer));
+				new Thread() {
+					public void run() {
+						server.serve();
+						RegistryInitUtil.stopDerbyInServerMode();
+						setStatus(ServerStatus.STOPPED);
+						logger.info("Airavata API Server Stopped.");
 					}
-					if (server.isServing()){
-						setStatus(ServerStatus.STARTED);
-			            logger.info("Starting Airavata API Server on Port " + serverPort);
-			            logger.info("Listening to Airavata Clients ....");
+				}.start();
+				new Thread() {
+					public void run() {
+						while (!server.isServing()) {
+							try {
+								Thread.sleep(500);
+							} catch (InterruptedException e) {
+								break;
+							}
+						}
+						if (server.isServing()) {
+							setStatus(ServerStatus.STARTED);
+							logger.info("Starting Airavata API Server on Port " + serverPort);
+							logger.info("Listening to Airavata Clients ....");
+						}
 					}
-				}
-			}.start();
+				}.start();
+			}
 //            storeServerConfig();
+            /**********start thrift server over TLS******************/
+            if (ServerSettings.isTLSEnabled()) {
+                TSSLTransportFactory.TSSLTransportParameters TLSParams =
+                        new TSSLTransportFactory.TSSLTransportParameters();
+                TLSParams.setKeyStore(ServerSettings.getKeyStorePath(), ServerSettings.getKeyStorePassword());
+                TServerSocket TLSServerTransport = TSSLTransportFactory.getServerSocket(
+                        ServerSettings.getTLSServerPort(), ServerSettings.getTLSClientTimeout(),
+                        InetAddress.getByName(serverHost), TLSParams);
+                TThreadPoolServer.Args settings = new TThreadPoolServer.Args(TLSServerTransport);
+                settings.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting(
+                        Constants.API_SERVER_MIN_THREADS, "50"));
+                TLSServer = new TThreadPoolServer(settings.processor(airavataAPIServer));
+                new Thread() {
+                    public void run() {
+                        TLSServer.serve();
+                        RegistryInitUtil.stopDerbyInServerMode();
+                        setStatus(ServerStatus.STOPPED);
+                        logger.info("Airavata API Server over TLS Stopped.");
+                    }
+                }.start();
+                new Thread() {
+                    public void run() {
+                        while (!TLSServer.isServing()) {
+                            try {
+                                Thread.sleep(500);
+                            } catch (InterruptedException e) {
+                                break;
+                            }
+                        }
+                        if (TLSServer.isServing()) {
+                            setStatus(ServerStatus.STARTED);
+                        }
+                    }
+                }.start();
+                logger.info("Airavata API server starter over TLS on Port: " + ServerSettings.getTLSServerPort());
+            }
         } catch (TTransportException e) {
             logger.error(e.getMessage());
             setStatus(ServerStatus.FAILED);
             RegistryInitUtil.stopDerbyInServerMode();
             throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
+        } catch (ApplicationSettingsException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
+        } catch (UnknownHostException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
         }
     }
     public static void main(String[] args) {
@@ -131,7 +178,10 @@ public class AiravataAPIServer implements IServer{
 			setStatus(ServerStatus.STOPING);
 			server.stop();
 		}
-		
+        //stop the Airavata API server hosted over TLS.
+        if ((ServerSettings.isTLSEnabled()) && TLSServer.isServing()){
+            TLSServer.stop();
+        }
 	}
 
 	@Override

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index ad3d239..de00930 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -104,6 +104,7 @@ import org.apache.airavata.registry.cpi.RegistryException;
 import org.apache.airavata.registry.cpi.ResultOrderType;
 import org.apache.airavata.registry.cpi.WorkflowCatalog;
 import org.apache.airavata.registry.cpi.utils.Constants;
+import org.apache.airavata.security.AiravataSecurityException;
 import org.apache.thrift.TException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -3555,11 +3556,12 @@ public class AiravataServerHandler implements Airavata.Iface {
                     throw new AuthorizationException("User is not authenticated or authorized.");
                 }
             }
-        } catch (org.apache.airavata.api.server.security.SecurityException e) {
-            throw new AuthorizationException(e.getMessage());
+        } catch (AiravataSecurityException e) {
+            logger.error(e.getMessage(), e);
+            throw new AuthorizationException("Error in obtaining initiating Security Manager.");
         } catch (ApplicationSettingsException e) {
-            logger.error("Error in reading API security settings.");
-            throw new AuthorizationException(e.getMessage());
+            logger.error(e.getMessage(), e);
+            throw new AuthorizationException("Error in reading security configuration.");
         }
     }
 

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java
index b39c951..5937d3e 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java
@@ -21,7 +21,8 @@
 package org.apache.airavata.api.server.security;
 
 import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.security.AiravataSecurityException;
 
 public interface AiravataSecurityManager {
-    public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws SecurityException;
+    public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws AiravataSecurityException;
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
index c8aca68..739a1ec 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
@@ -20,8 +20,10 @@
  */
 package org.apache.airavata.api.server.security;
 
+import org.apache.airavata.common.exception.ApplicationSettingsException;
 import org.apache.airavata.common.utils.ServerSettings;
 import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.security.AiravataSecurityException;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.ConfigurationContext;
 import org.apache.axis2.context.ConfigurationContextFactory;
@@ -35,7 +37,7 @@ import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO
 public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
     private final static Logger logger = LoggerFactory.getLogger(DefaultAiravataSecurityManager.class);
 
-    public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws SecurityException {
+    public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws AiravataSecurityException {
         try {
             ConfigurationContext configContext =
                     ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
@@ -46,10 +48,11 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
                     authzToken.getAccessToken());
             return validationResponse.getValid();
         } catch (AxisFault axisFault) {
-            throw new SecurityException(axisFault.getMessage());
-        } catch (Exception exception) {
-            logger.error(exception.getCause().toString());
-            throw new SecurityException(exception.getMessage());
+            logger.error(axisFault.getMessage(), axisFault);
+            throw new AiravataSecurityException("Error in initializing the configuration context for creating the OAuth validation client.");
+        } catch (ApplicationSettingsException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in reading OAuth server configuration.");
         }
     }
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java
index 3f2e32f..7996474 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java
@@ -20,6 +20,10 @@
  */
 package org.apache.airavata.api.server.security;
 
+import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.ServerSettings;
+import org.apache.airavata.security.AiravataSecurityException;
+import org.apache.airavata.security.util.TrustStoreManager;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.ConfigurationContext;
 import org.slf4j.Logger;
@@ -38,6 +42,7 @@ import java.rmi.RemoteException;
  * to get the OAuth token validated.
  */
 public class DefaultOAuthClient {
+
     private OAuth2TokenValidationServiceStub stub;
     private final static Logger logger = LoggerFactory.getLogger(DefaultOAuthClient.class);
     public static final String BEARER_TOKEN_TYPE = "bearer";
@@ -52,16 +57,16 @@ public class DefaultOAuthClient {
      * @throws Exception
      */
     public DefaultOAuthClient(String auhorizationServerURL, String username, String password,
-                              ConfigurationContext configCtx) throws Exception {
+                              ConfigurationContext configCtx) throws AiravataSecurityException {
         String serviceURL = auhorizationServerURL + "OAuth2TokenValidationService";
         try {
             stub = new OAuth2TokenValidationServiceStub(configCtx, serviceURL);
             CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, stub._getServiceClient());
         } catch (AxisFault e) {
-            logger.error("Error initializing OAuth2 Client");
-            throw new Exception("Error initializing OAuth Client", e);
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error initializing OAuth client.");
         }
-        //TODO:Import the WSO2 IS cert into Airavata trust store.
+        /*//TODO:Import the WSO2 IS cert into Airavata trust store.
         try {
             // Get SSL context
             SSLContext sc = SSLContext.getInstance("SSL");
@@ -93,8 +98,7 @@ public class DefaultOAuthClient {
             SSLContext.setDefault(sc);
         } catch (Exception e) {
             e.printStackTrace();
-            //ignore
-        }
+        }*/
     }
 
     /**
@@ -105,7 +109,7 @@ public class DefaultOAuthClient {
      * @throws Exception
      */
     public OAuth2TokenValidationResponseDTO validateAccessToken(String accessToken)
-            throws Exception {
+            throws AiravataSecurityException {
         OAuth2TokenValidationRequestDTO oauthReq = new OAuth2TokenValidationRequestDTO();
         OAuth2TokenValidationRequestDTO_OAuth2AccessToken token =
                 new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
@@ -113,12 +117,17 @@ public class DefaultOAuthClient {
         token.setTokenType(BEARER_TOKEN_TYPE);
         oauthReq.setAccessToken(token);
         try {
+            //initialize SSL context with the trust store.
+            TrustStoreManager trustStoreManager = new TrustStoreManager();
+            trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), ServerSettings.getTrustStorePassword());
             return stub.validate(oauthReq);
         } catch (RemoteException e) {
-            logger.error("Error while validating OAuth2 request");
-            throw new Exception("Error while validating OAuth2 request", e);
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in validating the OAuth access token.");
+        } catch (ApplicationSettingsException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in reading OAuth configuration.");
         }
     }
 
-
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityException.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityException.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityException.java
deleted file mode 100644
index 8d22658..0000000
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityException.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.apache.airavata.api.server.security;
-
-public class SecurityException extends Exception {
-    public SecurityException(String message) {
-        super(message);
-    }
-
-    public SecurityException() {
-        super();
-    }
-}

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java
index 9e71b93..0b376a7 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java
@@ -20,13 +20,44 @@
  */
 package org.apache.airavata.api.server.security;
 
+import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.ServerSettings;
+import org.apache.airavata.security.AiravataSecurityException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 /**
  * This initializes an instance of the appropriate security manager according to the
  * configuration.
  */
 public class SecurityManagerFactory {
-    public static AiravataSecurityManager getSecurityManager(){
-        //TODO:read from configuration and create the appropriate security manager.
-        return new DefaultAiravataSecurityManager();
+    private final static Logger logger = LoggerFactory.getLogger(SecurityManagerFactory.class);
+    private static Class secManagerImpl = null;
+
+    public static AiravataSecurityManager getSecurityManager() throws AiravataSecurityException {
+        try {
+            if(secManagerImpl == null){
+                secManagerImpl = Class.forName(ServerSettings.getSecurityManagerClassName());
+            }
+            AiravataSecurityManager securityManager = (AiravataSecurityManager) secManagerImpl.newInstance();
+            return  securityManager;
+        } catch (ClassNotFoundException e) {
+            String error = "Security Manager class could not be found.";
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException(error);
+        } catch (ApplicationSettingsException e) {
+            String error = "Error in reading the configuration related to Security Manager class.";
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException(error);
+        } catch (InstantiationException e) {
+            String error = "Error in instantiating the Security Manager class.";
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException(error);
+        } catch (IllegalAccessException e) {
+            String error = "Error in instantiating the Security Manager class.";
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException(error);
+
+        }
     }
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java b/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java
index 2ef6a6e..a448192 100644
--- a/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java
+++ b/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java
@@ -29,6 +29,7 @@ import org.apache.thrift.protocol.TProtocol;
 import org.apache.thrift.transport.TSocket;
 import org.apache.thrift.transport.TTransport;
 import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.TSSLTransportFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -49,4 +50,33 @@ public class AiravataClientFactory {
             throw exception;
         }
     }
+
+    /**
+     * This method returns a Airavata Client that talks to the API Server exposed over TLS.
+     *
+     * @param serverHost
+     * @param serverPort
+     * @param trustStorePath
+     * @param trustStorePassword
+     * @param clientTimeOut
+     * @return
+     * @throws AiravataClientConnectException
+     */
+    public static Airavata.Client createAiravataSecureClient(String serverHost, int serverPort, String trustStorePath,
+                                                             String trustStorePassword, int clientTimeOut)
+            throws AiravataClientException {
+        try {
+            TSSLTransportFactory.TSSLTransportParameters params =
+                    new TSSLTransportFactory.TSSLTransportParameters();
+            params.setTrustStore(trustStorePath, trustStorePassword);
+            TSocket transport = TSSLTransportFactory.getClientSocket(serverHost, serverPort, clientTimeOut, params);
+            TProtocol protocol = new TBinaryProtocol(transport);
+            return new Airavata.Client(protocol);
+        } catch (TTransportException e) {
+            logger.error(e.getMessage(), e);
+            AiravataClientException clientError = new AiravataClientException();
+            clientError.setParameter("Unable to connect to the server at " + serverHost + ":" + serverPort);
+            throw clientError;
+        }
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/distribution/src/main/assembly/bin-assembly.xml
----------------------------------------------------------------------
diff --git a/distribution/src/main/assembly/bin-assembly.xml b/distribution/src/main/assembly/bin-assembly.xml
index cb5c229..5276268 100644
--- a/distribution/src/main/assembly/bin-assembly.xml
+++ b/distribution/src/main/assembly/bin-assembly.xml
@@ -103,6 +103,8 @@
 				<include>LSFTemplate.xslt</include>
 				<include>UGETemplate.xslt</include>
 				<include>gsissh.properties</include>
+				<include>airavata.jks</include>
+				<include>client_truststore.jks</include>
 			</includes>
 		</fileSet>
 

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
----------------------------------------------------------------------
diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
index 6e1cb84..a2d032f 100644
--- a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
+++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
@@ -33,7 +33,13 @@ public final class Constants {
     public static final String JOB = "job";
     //API security relates property names
     public static final String IS_API_SECURED = "api.secured";
+    public static final String SECURITY_MANAGER_CLASS = "security.manager.class";
     public static final String REMOTE_OAUTH_SERVER_URL = "remote.oauth.authorization.server";
     public static final String ADMIN_USERNAME = "admin.user.name";
     public static final String ADMIN_PASSWORD = "admin.password";
+    public static final String IS_TLS_ENABLED = "TLS.enabled";
+    public static final String TLS_SERVER_PORT = "TLS.api.server.port";
+    public static final String KEYSTORE_PATH = "keystore.path";
+    public static final String KEYSTORE_PASSWORD = "keystore.password";
+    public static final String TLS_CLIENT_TIMEOUT = "TLS.client.timeout";
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
----------------------------------------------------------------------
diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
index 6d2238a..37521f6 100644
--- a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
+++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
@@ -326,4 +326,24 @@ public class ServerSettings extends ApplicationSettings {
 	public static int getOrchestratorServerPort() throws ApplicationSettingsException {
 		return Integer.valueOf(getSetting(ORCHESTRATOR_SERVER_PORT));
 	}
+
+    public static boolean isTLSEnabled() throws ApplicationSettingsException {
+        return Boolean.valueOf(getSetting(Constants.IS_TLS_ENABLED));
+    }
+    public static int getTLSServerPort() throws ApplicationSettingsException {
+        return Integer.valueOf(getSetting(Constants.TLS_SERVER_PORT));
+    }
+    public static String getKeyStorePath() throws ApplicationSettingsException {
+        return getSetting(Constants.KEYSTORE_PATH);
+    }
+    public static String getKeyStorePassword() throws ApplicationSettingsException {
+        return getSetting(Constants.KEYSTORE_PASSWORD);
+    }
+    public static int getTLSClientTimeout() throws ApplicationSettingsException {
+        return Integer.valueOf(getSetting(Constants.TLS_CLIENT_TIMEOUT));
+    }
+
+    public static String getSecurityManagerClassName() throws ApplicationSettingsException {
+        return getSetting(Constants.SECURITY_MANAGER_CLASS);
+    }
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/airavata-server.properties
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties
index 6494b5d..0b0305f 100644
--- a/modules/configuration/server/src/main/resources/airavata-server.properties
+++ b/modules/configuration/server/src/main/resources/airavata-server.properties
@@ -225,6 +225,14 @@ zookeeper.timeout=30000
 ## API Security Configuration
 ########################################################################
 api.secured=true
+security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager
+TLS.enabled=true
+TLS.api.server.port=9930
+TLS.client.timeout=10000
+keystore.path=airavata.jks
+keystore.password=airavata
+trust.store=client_truststore.jks
+trust.store.password=airavata
 remote.oauth.authorization.server=https://localhost:9443/services/
 admin.user.name=admin
-admin.password=admin
+admin.password=admin
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/airavata.jks
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata.jks b/modules/configuration/server/src/main/resources/airavata.jks
index bd6d8fe..e0e46e2 100644
Binary files a/modules/configuration/server/src/main/resources/airavata.jks and b/modules/configuration/server/src/main/resources/airavata.jks differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/airavata.pem
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata.pem b/modules/configuration/server/src/main/resources/airavata.pem
new file mode 100644
index 0000000..242d955
Binary files /dev/null and b/modules/configuration/server/src/main/resources/airavata.pem differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/client_truststore.jks
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/client_truststore.jks b/modules/configuration/server/src/main/resources/client_truststore.jks
new file mode 100644
index 0000000..cec7a66
Binary files /dev/null and b/modules/configuration/server/src/main/resources/client_truststore.jks differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/wso2carbon.pem
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/wso2carbon.pem b/modules/configuration/server/src/main/resources/wso2carbon.pem
new file mode 100644
index 0000000..8c02f03
Binary files /dev/null and b/modules/configuration/server/src/main/resources/wso2carbon.pem differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/security/src/main/java/org/apache/airavata/security/AiravataSecurityException.java
----------------------------------------------------------------------
diff --git a/modules/security/src/main/java/org/apache/airavata/security/AiravataSecurityException.java b/modules/security/src/main/java/org/apache/airavata/security/AiravataSecurityException.java
new file mode 100644
index 0000000..a29d842
--- /dev/null
+++ b/modules/security/src/main/java/org/apache/airavata/security/AiravataSecurityException.java
@@ -0,0 +1,39 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.airavata.security;
+
+/**
+ * This class is named as AiravataSecurityException in order to avoid the conflicts with the
+ * SecurityException class provided in Java.
+ */
+public class AiravataSecurityException extends Exception {
+    public AiravataSecurityException(String message) {
+        super(message);
+    }
+
+    public AiravataSecurityException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public AiravataSecurityException() {
+        super();
+    }
+}

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/security/src/main/java/org/apache/airavata/security/util/TrustStoreManager.java
----------------------------------------------------------------------
diff --git a/modules/security/src/main/java/org/apache/airavata/security/util/TrustStoreManager.java b/modules/security/src/main/java/org/apache/airavata/security/util/TrustStoreManager.java
new file mode 100644
index 0000000..94fb758
--- /dev/null
+++ b/modules/security/src/main/java/org/apache/airavata/security/util/TrustStoreManager.java
@@ -0,0 +1,83 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.airavata.security.util;
+
+import org.apache.airavata.security.AiravataSecurityException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import java.io.*;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TrustStoreManager {
+    private final static Logger logger = LoggerFactory.getLogger(TrustStoreManager.class);
+    public SSLContext initializeTrustStoreManager(String trustStorePath, String trustStorePassword)
+            throws AiravataSecurityException {
+        try {
+            // load and initialize the trust store
+            InputStream trustStream = new FileInputStream(new File(trustStorePath));
+            KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+            char[] trustPassword = trustStorePassword.toCharArray();
+
+            trustStore.load(trustStream, trustPassword);
+
+            // initialize a trust manager factory
+            TrustManagerFactory trustFactory =
+                    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            trustFactory.init(trustStore);
+
+            // get the trust managers from the factory
+            TrustManager[] trustManagers = trustFactory.getTrustManagers();
+
+            // initialize an ssl context to use these managers and set as default
+            SSLContext sslContext = SSLContext.getInstance("SSL");
+            sslContext.init(null, trustManagers, null);
+            SSLContext.setDefault(sslContext);
+            return sslContext;
+        } catch (CertificateException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in initializing the trust store.");
+        } catch (NoSuchAlgorithmException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in initializing the trust store.");
+        } catch (KeyStoreException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in initializing the trust store.");
+        } catch (KeyManagementException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in initializing the trust store.");
+        } catch (FileNotFoundException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in initializing the trust store.");
+        } catch (IOException e) {
+            logger.error(e.getMessage(), e);
+            throw new AiravataSecurityException("Error in initializing the trust store.");
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/pom.xml
----------------------------------------------------------------------
diff --git a/samples/java-client/pom.xml b/samples/java-client/pom.xml
index 7adc314..f5b59f2 100644
--- a/samples/java-client/pom.xml
+++ b/samples/java-client/pom.xml
@@ -12,11 +12,12 @@
     <parent>
         <groupId>org.apache.airavata</groupId>
         <artifactId>airavata</artifactId>
-        <version>0.15-SNAPSHOT</version>
-        <relativePath>../../pom.xml</relativePath>
+        <version>0.16-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.airavata</groupId>
     <artifactId>samples</artifactId>
     <name>Samples - Airavata Client Samples</name>
     <packaging>pom</packaging>

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/pom.xml
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/pom.xml b/samples/java-client/secure-client/pom.xml
index e4dd9d6..8dbc8e8 100644
--- a/samples/java-client/secure-client/pom.xml
+++ b/samples/java-client/secure-client/pom.xml
@@ -5,25 +5,14 @@
     <parent>
         <artifactId>samples</artifactId>
         <groupId>org.apache.airavata</groupId>
-        <version>0.15-SNAPSHOT</version>
+        <version>0.16-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.airavata</groupId>
     <artifactId>secure-client</artifactId>
+    <version>0.16-SNAPSHOT</version>
     <packaging>jar</packaging>
 
-    <repositories>
-        <repository>
-            <id>wso2-nexus</id>
-            <name>WSO2 internal Repository</name>
-            <url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url>
-            <releases>
-                <enabled>true</enabled>
-                <updatePolicy>daily</updatePolicy>
-                <checksumPolicy>ignore</checksumPolicy>
-            </releases>
-        </repository>
-    </repositories>
-
     <dependencies>
         <dependency>
             <groupId>org.apache.airavata</groupId>
@@ -31,6 +20,16 @@
             <version>${project.version}</version>
         </dependency>
         <dependency>
+            <groupId>org.apache.airavata</groupId>
+            <artifactId>airavata-model-utils</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.airavata</groupId>
+            <artifactId>airavata-security</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-log4j12</artifactId>
             <version>1.7.10</version>

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/AiravataSecurityException.java
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/AiravataSecurityException.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/AiravataSecurityException.java
deleted file mode 100644
index 2d5e959..0000000
--- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/AiravataSecurityException.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.airavata.secure.sample;
-
-public class AiravataSecurityException extends Exception {
-    public AiravataSecurityException(String message) {
-        super(message);
-    }
-
-    public AiravataSecurityException() {
-        super();
-    }
-}

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java
index 5113c02..5292318 100644
--- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java
+++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java
@@ -20,6 +20,8 @@
  */
 package org.apache.airavata.secure.sample;
 
+import org.apache.airavata.security.AiravataSecurityException;
+import org.apache.airavata.security.util.TrustStoreManager;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.ConfigurationContext;
 import org.slf4j.Logger;
@@ -46,39 +48,6 @@ public class OAuthAppRegisteringClient {
             logger.error("Error initializing OAuth2 Client");
             throw new Exception("Error initializing OAuth Client", e);
         }
-        //TODO:enable proper SSL handshake with WSO2 IS.
-        try {
-            // Get SSL context
-            SSLContext sc = SSLContext.getInstance("SSL");
-
-            // Create empty HostnameVerifier
-            HostnameVerifier hv = new HostnameVerifier() {
-                public boolean verify(String urlHostName, SSLSession session) {
-                    return true;
-                }
-            };
-            HttpsURLConnection.setDefaultHostnameVerifier(hv);
-
-            // Create a trust manager that does not validate certificate chains
-            TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
-                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                    return null;
-                }
-
-                public void checkClientTrusted(java.security.cert.X509Certificate[] certs,
-                                               String authType) {
-                }
-
-                public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
-                                               String authType) {
-                }
-            }};
-
-            sc.init(null, trustAllCerts, new java.security.SecureRandom());
-            SSLContext.setDefault(sc);
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
 
     }
 
@@ -92,6 +61,9 @@ public class OAuthAppRegisteringClient {
             consumerAppDTO.setOauthConsumerKey(consumerId);
             consumerAppDTO.setOauthConsumerSecret(consumerSecret);
             //consumerAppDTO.setUsername(adminUserName);
+            //initialize trust store for SSL handshake
+            TrustStoreManager trustStoreManager = new TrustStoreManager();
+            trustStoreManager.initializeTrustStoreManager(Properties.TRUST_STORE_PATH, Properties.TRUST_STORE_PASSWORD);
             stub.registerOAuthApplicationData(consumerAppDTO);
             // After registration application is retrieve
             return stub.getOAuthApplicationDataByAppName(appName);

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java
index 7204e53..a92a9e6 100644
--- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java
+++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java
@@ -1,5 +1,27 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
 package org.apache.airavata.secure.sample;
 
+import org.apache.airavata.security.AiravataSecurityException;
+import org.apache.airavata.security.util.TrustStoreManager;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.http.HttpResponse;
 import org.apache.http.NameValuePair;
@@ -24,18 +46,31 @@ import java.util.ArrayList;
 import java.util.List;
 
 public class OAuthTokenRetrievalClient {
-
-    public String retrieveAccessToken(String consumerId, String consumerSecret, String userName, String password)
-            throws SecurityException {
+    /**
+     * Retrieve the OAuth Access token via the specified grant type.
+     * @param consumerId
+     * @param consumerSecret
+     * @param userName
+     * @param password
+     * @param grantType
+     * @return
+     * @throws SecurityException
+     */
+    public String retrieveAccessToken(String consumerId, String consumerSecret, String userName, String password, int grantType)
+            throws AiravataSecurityException {
 
         HttpPost postMethod = null;
         try {
-            //TODO:handle SSL handshake with WSO2 IS properly.
-            org.apache.http.conn.ssl.SSLSocketFactory sf = new org.apache.http.conn.ssl.SSLSocketFactory(
-                    SSLContext.getDefault());
-            sf.setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+            //initialize trust store to handle SSL handshake with WSO2 IS properly.
+            TrustStoreManager trustStoreManager = new TrustStoreManager();
+            SSLContext sslContext = trustStoreManager.initializeTrustStoreManager(Properties.TRUST_STORE_PATH,
+                    Properties.TRUST_STORE_PASSWORD);
+            //create https scheme with the trust store
+            org.apache.http.conn.ssl.SSLSocketFactory sf = new org.apache.http.conn.ssl.SSLSocketFactory(sslContext);
             Scheme httpsScheme = new Scheme("https", sf, Properties.authzServerPort);
+
             HttpClient httpClient = new DefaultHttpClient();
+            //set the https scheme in the httpclient
             httpClient.getConnectionManager().getSchemeRegistry().register(httpsScheme);
 
             postMethod = new HttpPost(Properties.oauthTokenEndPointURL);
@@ -47,9 +82,15 @@ public class OAuthTokenRetrievalClient {
             postMethod.setHeader("Authorization", "Basic " + authHeader);
 
             List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();
-            urlParameters.add(new BasicNameValuePair("grant_type", "password"));
-            urlParameters.add(new BasicNameValuePair("username", userName));
-            urlParameters.add(new BasicNameValuePair("password", password));
+
+            if (grantType == 1) {
+                urlParameters.add(new BasicNameValuePair("grant_type", "password"));
+                urlParameters.add(new BasicNameValuePair("username", userName));
+                urlParameters.add(new BasicNameValuePair("password", password));
+
+            } else if (grantType == 2) {
+                urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials"));
+            }
 
             postMethod.setEntity(new UrlEncodedFormEntity(urlParameters));
 
@@ -68,20 +109,17 @@ public class OAuthTokenRetrievalClient {
             JSONObject jsonObject = (JSONObject) parser.parse(result.toString());
             return (String) jsonObject.get("access_token");
         } catch (ClientProtocolException e) {
-            throw new SecurityException(e.getMessage());
+            throw new AiravataSecurityException(e.getMessage(), e);
         } catch (UnsupportedEncodingException e) {
-            throw new SecurityException(e.getMessage());
+            throw new AiravataSecurityException(e.getMessage(), e);
         } catch (IOException e) {
-            throw new SecurityException(e.getMessage());
-        } catch (NoSuchAlgorithmException e) {
-            throw new SecurityException(e.getMessage());
+            throw new AiravataSecurityException(e.getMessage(), e);
         } catch (ParseException e) {
-            throw new SecurityException(e.getMessage());
+            throw new AiravataSecurityException(e.getMessage(), e);
         } finally {
             if (postMethod != null) {
                 postMethod.releaseConnection();
             }
         }
     }
-
-}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java
index 33661cc..50e563a 100644
--- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java
+++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java
@@ -23,13 +23,18 @@ package org.apache.airavata.secure.sample;
 public class Properties {
     //Airavata server host, port
     public static final String SERVER_HOST = "localhost";
-    public static final int SERVER_PORT = 8930;
+    public static final int SERVER_PORT = 9930;
+
+    //trust store parameters
+    public static final String TRUST_STORE_PATH = "../../../../../airavata/modules/configuration/server/src/main/resources/client_truststore.jks";
+    public static final String TRUST_STORE_PASSWORD = "airavata";
 
     public static String oauthAuthzServerURL = "https://localhost:9443/services/";
     public static String oauthTokenEndPointURL = "https://localhost:9443/oauth2/token";
     public static int authzServerPort = 9443;
     public static String adminUserName = "admin";
     public static String adminPassword = "admin";
+    public static int grantType = 1;
 
     //OAuth consumer app properties
     public static String appName = "AiravataGWP1";

http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
index f3333f2..36b1783 100644
--- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
+++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
@@ -21,9 +21,10 @@
 package org.apache.airavata.secure.sample;
 
 import org.apache.airavata.api.client.AiravataClientFactory;
-import org.apache.airavata.model.error.AiravataClientConnectException;
+import org.apache.airavata.model.error.*;
 import org.apache.airavata.api.Airavata;
 import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.security.AiravataSecurityException;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.ConfigurationContext;
 import org.apache.axis2.context.ConfigurationContextFactory;
@@ -32,121 +33,173 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
 
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Scanner;
 
 public class SecureClient {
     private static Logger logger = LoggerFactory.getLogger(SecureClient.class);
 
     public static void main(String[] args) throws Exception {
-        //register OAuth application - this happens once during initialization of the gateway.
-
-        /************************Start obtaining input from user*****************************/
-        System.out.println("");
-        System.out.println("Registering OAuth application representing the client....");
-        System.out.println("Please enter following information as you prefer, or use defaults.");
         Scanner scanner = new Scanner(System.in);
-        System.out.println("OAuth application name: (default:" + Properties.appName +
-                ", press 'd' to use default value.)");
-        String appNameInput = scanner.next();
-        String appName = null;
-        if (appNameInput.trim().equals("d")) {
-            appName = Properties.appName;
-        } else {
-            appName = appNameInput.trim();
-        }
-
-        System.out.println("Consumer Id: (default:" + Properties.consumerID + ", press 'd' to use default value.)");
-        String consumerIdInput = scanner.next();
+        //register client or use existing client
+        System.out.println("");
+        System.out.println("Please select from the following options:");
+        System.out.println("1. Register the client as an OAuth application.");
+        System.out.println("2. Client is already registered. Use the existing credentials.");
+        String opInput = scanner.next();
+        int option = Integer.valueOf(opInput.trim());
         String consumerId = null;
-        if (consumerIdInput.trim().equals("d")) {
-            consumerId = Properties.consumerID;
-        } else {
-            consumerId = consumerIdInput.trim();
-        }
-
-        System.out.println("Consumer Secret: (default:" + Properties.consumerSecret +
-                ", press 'd' to use default value.)");
-        String consumerSecInput = scanner.next();
         String consumerSecret = null;
-        if (consumerSecInput.trim().equals("d")) {
-            consumerSecret = Properties.consumerSecret;
-        } else {
-            consumerSecret = consumerSecInput.trim();
-        }
-        /***************************** Finish obtaining input from user*******************************************/
+        if (option == 1) {
+            //register OAuth application - this happens once during initialization of the gateway.
 
-        /*********************** Perform registration of the client as an OAuth app***************************/
-        ConfigurationContext configContext =
-                ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
-        OAuthAppRegisteringClient authAppRegisteringClient = new OAuthAppRegisteringClient(
-                Properties.oauthAuthzServerURL, Properties.adminUserName, Properties.adminPassword, configContext);
-        OAuthConsumerAppDTO appDTO = authAppRegisteringClient.registerApplication(appName, consumerId, consumerSecret);
-        /********************* Complete registering the client ***********************************************/
-        System.out.println("");
-        System.out.println("Registered OAuth app successfully. Following is app's details:");
-        System.out.println("App Name: " + appDTO.getApplicationName());
-        System.out.println("Consumer ID: " + appDTO.getOauthConsumerKey());
-        System.out.println("Consumer Secret: " + appDTO.getOauthConsumerSecret());
-        System.out.println("");
+            /************************Start obtaining input from user*****************************/
+            System.out.println("");
+            System.out.println("Registering an OAuth application representing the client....");
+            System.out.println("Please enter following information as you prefer, or use defaults.");
+            System.out.println("OAuth application name: (default:" + Properties.appName +
+                    ", press 'd' to use default value.)");
+            String appNameInput = scanner.next();
+            String appName = null;
+            if (appNameInput.trim().equals("d")) {
+                appName = Properties.appName;
+            } else {
+                appName = appNameInput.trim();
+            }
+
+            System.out.println("Consumer Id: (default:" + Properties.consumerID + ", press 'd' to use default value.)");
+            String consumerIdInput = scanner.next();
+            if (consumerIdInput.trim().equals("d")) {
+                consumerId = Properties.consumerID;
+            } else {
+                consumerId = consumerIdInput.trim();
+            }
+
+            System.out.println("Consumer Secret: (default:" + Properties.consumerSecret +
+                    ", press 'd' to use default value.)");
+            String consumerSecInput = scanner.next();
+            if (consumerSecInput.trim().equals("d")) {
+                consumerSecret = Properties.consumerSecret;
+            } else {
+                consumerSecret = consumerSecInput.trim();
+            }
+            /***************************** Finish obtaining input from user*******************************************/
+
+            /*********************** Perform registration of the client as an OAuth app***************************/
+            try {
+                ConfigurationContext configContext =
+                        ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
+                OAuthAppRegisteringClient authAppRegisteringClient = new OAuthAppRegisteringClient(
+                        Properties.oauthAuthzServerURL, Properties.adminUserName, Properties.adminPassword, configContext);
+                OAuthConsumerAppDTO appDTO = authAppRegisteringClient.registerApplication(appName, consumerId, consumerSecret);
+                /********************* Complete registering the client ***********************************************/
+                System.out.println("");
+                System.out.println("Registered OAuth app successfully. Following is app's details:");
+                System.out.println("App Name: " + appDTO.getApplicationName());
+                System.out.println("Consumer ID: " + appDTO.getOauthConsumerKey());
+                System.out.println("Consumer Secret: " + appDTO.getOauthConsumerSecret());
+                System.out.println("");
+
+            } catch (AiravataSecurityException e) {
+                e.printStackTrace();
+                throw e;
+            } catch (Exception e) {
+                e.printStackTrace();
+                throw e;
+            }
+        } else if (option == 2) {
+            System.out.println("Enter Consumer Id: ");
+            consumerId = scanner.next().trim();
+            System.out.println("Enter Consumer Secret: ");
+            consumerSecret = scanner.next().trim();
+        }
         //obtain OAuth access token
 
         /************************Start obtaining input from user*****************************/
-        System.out.println("Obtaining OAuth access token via 'Resource Owner Password' grant type....");
-        System.out.println("Please enter following information as you prefer, or use defaults.");
-        System.out.println("End user's name: (default:" + Properties.userName +
-                ", press 'd' to use default value.)");
-        String userNameInput = scanner.next();
-        String userName = null;
-        if (userNameInput.trim().equals("d")) {
-            userName = Properties.userName;
+        System.out.println("Please select the preferred grant type: (or press d to use the default option" + Properties.grantType + ")");
+        System.out.println("1. Resource Owner Password Credential.");
+        System.out.println("2. Client Credential.");
+
+        String grantTypeInput = scanner.next().trim();
+        int grantType = 0;
+        if (grantTypeInput.equals("d")) {
+            grantType = Properties.grantType;
         } else {
-            userName = userNameInput.trim();
+            grantType = Integer.valueOf(grantTypeInput);
         }
-
-        System.out.println("End user's password: (default:" + Properties.password + ", press 'd' to use default value.)");
-        String passwordInput = scanner.next();
+        String userName = null;
         String password = null;
-        if (passwordInput.trim().equals("d")) {
-            password = Properties.password;
-        } else {
-            password = passwordInput.trim();
+        if (grantType == 1) {
+            System.out.println("Obtaining OAuth access token via 'Resource Owner Password' grant type....");
+            System.out.println("Please enter following information as you prefer, or use defaults.");
+            System.out.println("End user's name: (default:" + Properties.userName +
+                    ", press 'd' to use default value.)");
+            String userNameInput = scanner.next();
+            if (userNameInput.trim().equals("d")) {
+                userName = Properties.userName;
+            } else {
+                userName = userNameInput.trim();
+            }
+
+            System.out.println("End user's password: (default:" + Properties.password + ", press 'd' to use default value.)");
+            String passwordInput = scanner.next();
+            if (passwordInput.trim().equals("d")) {
+                password = Properties.password;
+            } else {
+                password = passwordInput.trim();
+            }
+        } else if (grantType == 2) {
+            System.out.println("Obtaining OAuth access token via 'Client Credential' grant type...' grant type....");
         }
+
         /***************************** Finish obtaining input from user*******************************************/
+        try {
+            //obtain the OAuth token for the specified end user.
+            String accessToken = new OAuthTokenRetrievalClient().retrieveAccessToken(consumerId, consumerSecret,
+                    userName, password, grantType);
+            System.out.println("OAuth access token is: " + accessToken);
+            System.out.println("");
 
-        //obtain the OAuth token for the specified end user.
-        String accessToken = new OAuthTokenRetrievalClient().retrieveAccessToken(consumerId, consumerSecret, userName,
-                password);
-        System.out.println("OAuth access token obtained for the user: " + userName + " is: " + accessToken);
-        System.out.println("");
+            //invoke Airavata API by the SecureClient, on behalf of the user.
+            System.out.println("Invoking Airavata API...");
+            System.out.println("Enter the access token to be used: (default:" + accessToken + ", press 'd' to use default value.)");
+            String accessTokenInput = scanner.next();
+            String acTk = null;
+            if (accessTokenInput.trim().equals("d")) {
+                acTk = accessToken;
+            } else {
+                acTk = accessTokenInput.trim();
+            }
 
-        //invoke Airavata API by the SecureClient, on behalf of the user.
-        System.out.println("Invoking Airavata API...");
-        System.out.println("Enter the access token to be used: (default:" + accessToken + ", press 'd' to use default value.)");
-        String accessTokenInput = scanner.next();
-        String acTk = null;
-        if (accessTokenInput.trim().equals("d")) {
-            acTk = accessToken;
-        } else {
-            acTk = accessTokenInput.trim();
+            Airavata.Client client = createAiravataClient(Properties.SERVER_HOST, Properties.SERVER_PORT);
+            AuthzToken authzToken = new AuthzToken();
+            authzToken.setAccessToken(acTk);
+            Map<String, String> claimsMap = new HashMap<>();
+            claimsMap.put("userName", "hasinitg");
+            claimsMap.put("email", "hasini@gmail.com");
+            authzToken.setClaimsMap(claimsMap);
+            String version = client.getAPIVersion(authzToken);
+            System.out.println("Airavata API version: " + version);
+            System.out.println("");
+        } catch (InvalidRequestException e) {
+            e.printStackTrace();
+        } catch (TException e) {
+            e.printStackTrace();
+        } catch (AiravataSecurityException e) {
+            e.printStackTrace();
         }
 
-        Airavata.Client client = createAiravataClient(Properties.SERVER_HOST, Properties.SERVER_PORT);
-        AuthzToken authzToken = new AuthzToken();
-        authzToken.setAccessToken(acTk);
-        String version = client.getAPIVersion(authzToken);
-        System.out.println("Airavata API version: " + version);
-        System.out.println("");
     }
 
     public static Airavata.Client createAiravataClient(String serverHost, int serverPort) throws
-            AiravataClientConnectException {
-        try {
-            Airavata.Client client = AiravataClientFactory.createAiravataClient(serverHost, serverPort);
-            return client;
+            AiravataClientException {
+
+        //Airavata.Client client = AiravataClientFactory.createAiravataClient(serverHost, serverPort);
+        Airavata.Client client = AiravataClientFactory.createAiravataSecureClient(serverHost, serverPort,
+                Properties.TRUST_STORE_PATH, Properties.TRUST_STORE_PASSWORD, 10000);
+        return client;
+
 
-        } catch (AiravataClientConnectException e) {
-            logger.error("Error while creating Airavata Client.");
-            throw e;
-        }
     }
-}
+}
\ No newline at end of file


Mime
View raw message