airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sma...@apache.org
Subject [05/10] airavata git commit: Updated the secure-client sample to showcase the XACML based authorization on API calls and fixed some issues found when running the sample.
Date Mon, 17 Aug 2015 04:09:07 GMT
Updated the secure-client sample to showcase the XACML based authorization on API calls and
fixed some issues found when running the sample.


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/4226a2db
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/4226a2db
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/4226a2db

Branch: refs/heads/master
Commit: 4226a2db00aec8ba0abb84e722bcb9767f0c96fa
Parents: d3ac7ce
Author: hasinitg <hasi7786@gmail.com>
Authored: Sat Aug 1 20:56:51 2015 +0530
Committer: hasinitg <hasi7786@gmail.com>
Committed: Sat Aug 1 20:56:51 2015 +0530

----------------------------------------------------------------------
 .../api/server/security/DefaultXACMLPEP.java    |  7 +---
 .../server/security/SecurityInterceptor.java    |  3 ++
 .../airavata/secure/sample/SecureClient.java    | 43 +++++++++++++++++---
 3 files changed, 43 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/4226a2db/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java
index e61904c..b60069c 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java
@@ -83,13 +83,10 @@ public class DefaultXACMLPEP {
             String decisionString = entitlementServiceStub.getDecisionByAttributes(subject,
null, action, null);
             //parse the XML decision string and obtain the decision
             decision = parseDecisionString(decisionString);
-            if (Constants.NOT_APPLICABLE.equals(decision) || Constants.INDETERMINATE.equals(decision)
||
-                    Constants.DENY.equals(decision) || decision == null) {
-                logger.error("Authorization decision is: " + decision);
-                throw new AiravataSecurityException("Error in authorizing the user.");
-            } else if (Constants.PERMIT.equals(decision)) {
+            if (Constants.PERMIT.equals(decision)) {
                 return true;
             } else {
+                logger.error("Authorization decision is: " + decision);
                 return false;
             }
         } catch (RemoteException e) {

http://git-wip-us.apache.org/repos/asf/airavata/blob/4226a2db/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
index 1f9cd90..2d35b1b 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
@@ -61,12 +61,15 @@ public class SecurityInterceptor implements MethodInterceptor {
         try {
             boolean isAPISecured = ServerSettings.isAPISecured();
             if (isAPISecured) {
+                //check in the cache
 
+                //if not in the cache, perform authorization with the authorization server
                 AiravataSecurityManager securityManager = SecurityManagerFactory.getSecurityManager();
                 boolean isAuthz = securityManager.isUserAuthorized(authzToken, metaData);
                 if (!isAuthz) {
                     throw new AuthorizationException("User is not authenticated or authorized.");
                 }
+                //put the successful authorization decision in the cache
             }
         } catch (AiravataSecurityException e) {
             logger.error(e.getMessage(), e);

http://git-wip-us.apache.org/repos/asf/airavata/blob/4226a2db/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
index ac34c18..890aa99 100644
--- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
+++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
@@ -24,6 +24,7 @@ import org.apache.airavata.api.client.AiravataClientFactory;
 import org.apache.airavata.model.error.*;
 import org.apache.airavata.api.Airavata;
 import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.model.workspace.Gateway;
 import org.apache.airavata.security.AiravataSecurityException;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.ConfigurationContext;
@@ -109,6 +110,7 @@ public class SecureClient {
                 throw e;
             }
         } else if (option == 2) {
+            System.out.println("");
             System.out.println("Enter Consumer Id: ");
             consumerId = scanner.next().trim();
             System.out.println("Enter Consumer Secret: ");
@@ -117,6 +119,7 @@ public class SecureClient {
         //obtain OAuth access token
 
         /************************Start obtaining input from user*****************************/
+        System.out.println("");
         System.out.println("Please select the preferred grant type: (or press d to use the
default option" + Properties.grantType + ")");
         System.out.println("1. Resource Owner Password Credential.");
         System.out.println("2. Client Credential.");
@@ -150,10 +153,12 @@ public class SecureClient {
                 password = passwordInput.trim();
             }
         } else if (grantType == 2) {
-            System.out.println("Obtaining OAuth access token via 'Client Credential' grant
type...' grant type....");
+            System.out.println("");
             System.out.println("Please enter the user name to be passed: ");
             String userNameInput = scanner.next();
             userName = userNameInput.trim();
+            System.out.println("");
+            System.out.println("Obtaining OAuth access token via 'Client Credential' grant
type...' grant type....");
         }
 
         /***************************** Finish obtaining input from user*******************************************/
@@ -161,10 +166,11 @@ public class SecureClient {
             //obtain the OAuth token for the specified end user.
             String accessToken = new OAuthTokenRetrievalClient().retrieveAccessToken(consumerId,
consumerSecret,
                     userName, password, grantType);
-            System.out.println("OAuth access token is: " + accessToken);
             System.out.println("");
+            System.out.println("OAuth access token is: " + accessToken);
 
             //invoke Airavata API by the SecureClient, on behalf of the user.
+            System.out.println("");
             System.out.println("Invoking Airavata API...");
             System.out.println("Enter the access token to be used: (default:" + accessToken
+ ", press 'd' to use default value.)");
             String accessTokenInput = scanner.next();
@@ -175,6 +181,14 @@ public class SecureClient {
                 acTk = accessTokenInput.trim();
             }
 
+            //obtain as input, the method to be invoked
+            System.out.println("");
+            System.out.println("Enter the number corresponding to the method to be invoked:
");
+            System.out.println("1. getAPIVersion");
+            System.out.println("2. addGateway");
+            String methodNumberString = scanner.next();
+            int methodNumber = Integer.valueOf(methodNumberString.trim());
+
             Airavata.Client client = createAiravataClient(Properties.SERVER_HOST, Properties.SERVER_PORT);
             AuthzToken authzToken = new AuthzToken();
             authzToken.setAccessToken(acTk);
@@ -182,9 +196,28 @@ public class SecureClient {
             claimsMap.put("userName", userName);
             claimsMap.put("email", "hasini@gmail.com");
             authzToken.setClaimsMap(claimsMap);
-            String version = client.getAPIVersion(authzToken);
-            System.out.println("Airavata API version: " + version);
-            System.out.println("");
+            if (methodNumber == 1) {
+
+                String version = client.getAPIVersion(authzToken);
+                System.out.println("");
+                System.out.println("Airavata API version: " + version);
+                System.out.println("");
+
+            } else if (methodNumber == 2) {
+                System.out.println("");
+                System.out.println("Enter the gateway id: ");
+                String gatewayId = scanner.next().trim();
+
+                Gateway gateway = new Gateway(gatewayId);
+                gateway.setDomain("airavata.org");
+                gateway.setEmailAddress("airavata@apache.org");
+                gateway.setGatewayName("airavataGW");
+                String output = client.addGateway(authzToken, gateway);
+                System.out.println("");
+                System.out.println("Output of addGateway: " + output);
+                System.out.println("");
+
+            }
         } catch (InvalidRequestException e) {
             e.printStackTrace();
         } catch (TException e) {


Mime
View raw message