airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sma...@apache.org
Subject [06/10] airavata git commit: updated the default-xacml-policy with a new rule for admin-read-only role, finished identifying including all admin methods in the policy and updated the sample client to demonstrate the latest updates to the authorization po
Date Mon, 17 Aug 2015 04:09:08 GMT
updated the default-xacml-policy with a new rule for admin-read-only role, finished identifying
including all admin methods in the policy and updated the sample client to demonstrate the
latest updates to the authorization policy.


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/c3652607
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/c3652607
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/c3652607

Branch: refs/heads/master
Commit: c3652607aff77da6dc4dd6ab039ada78aa836c79
Parents: 4226a2d
Author: hasinitg <hasi7786@gmail.com>
Authored: Wed Aug 5 14:04:41 2015 +0530
Committer: hasinitg <hasi7786@gmail.com>
Committed: Wed Aug 5 14:04:41 2015 +0530

----------------------------------------------------------------------
 .../resources/airavata-default-xacml-policy.xml | 98 +++++++++++++++++++-
 .../airavata/secure/sample/SecureClient.java    | 18 +++-
 2 files changed, 113 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/c3652607/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
b/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
index ab3208d..b0ca91e 100644
--- a/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
+++ b/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
@@ -23,6 +23,64 @@
             </Apply>
         </Condition>
     </Rule>
+    <Rule Effect="Permit" RuleId="admin-read-only-permit">
+        <Target>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^(?:(?!
+/airavata/addGateway|
+/airavata/deleteteway|
+/airavata/updateGateway|
+/airavata/registerApplicationModule|
+/airavata/deleteApplicationModule|
+/airavata/updateApplicationInterface|
+/airavata/deleteApplicationInterface|
+/airavata/updateApplicationDeployment|
+/airavata/registerApplicationDeployment|
+/airavata/deleteApplicationDeployment|
+/airavata/updateComputeResource|
+/airavata/registerComputeResource|
+/airavata/deleteBatchQueue|
+/airavata/updateResourceJobManager|
+/airavata/addLocalSubmissionDetails|
+/airavata/updateResourceJobManager|
+/airavaa/updateSSHJobSubmissionDetails|
+/airavata/addSSHJobSubmissionDetails|
+/airavata/updateUnicoreJobSubmissionDetails|
+/airavata/addUNICOREJobSubmissionDetails|
+/airavata/addLocalDataMovementDetails|
+/airavata/updateSCPDataMovementDetails|
+/airavata/addSCPDataMovementDetails|
+/airavata/updateGridFTPDataMovementDetails|
+/airavata/addGridFTPDataMovementDetails|
+/airavata/updateUnicoreDataMovementDetails|
+/airavata/addUnicoreDataMovementDetails|
+/airavata/deleteJobSubmissionInterface|
+/airavata/deleteDataMovementInterface|
+/airavata/deleteComputeResource|
+/airavata/updateGatewayResourceProfile|
+/airavata/registerGatewayResourceProfile|
+/airavata/addGatewayComputeResourcePreference|
+/airavata/deleteGatewayResourceProfile|
+/airavata/deleteGatewayComputeResourcePreference).)*$\r?\n?
+</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+                                             Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+                                             DataType="http://www.w3.org/2001/XMLSchema#string"
MustBePresent="true"/>
+                    </Match>
+                </AllOf>
+            </AnyOf>
+        </Target>
+        <Condition>
+            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
+                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin_read_only</AttributeValue>
+                <AttributeDesignator AttributeId="http://wso2.org/claims/role"
+                                     Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+                                     DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
+            </Apply>
+        </Condition>
+    </Rule>
     <Rule Effect="Permit" RuleId="user-permit">
         <Target>
             <AnyOf>
@@ -30,6 +88,7 @@
                     <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^(?:(?!
 /airavata/addGateway|
+/airavata/getExperimentStatistics|
 /airavata/deleteteway|
 /airavata/updateGateway|
 /airavata/registerApplicationModule|
@@ -46,7 +105,44 @@
 /airavata/getApplicationInterface|
 /airavata/getApplicationInputs|
 /airavata/getApplicationOutputs|
-/airavata/getExperimentStatistics).)*$\r?\n?
+/airavata/updateComputeResource|
+/airavata/getComputeResource|
+/airavata/registerComputeResource|
+/airavata/deleteBatchQueue|
+/airavata/getLocalJobSubmission|
+/airavata/updateResourceJobManager|
+/airavata/addLocalSubmissionDetails|
+/airavata/getSSHJobSubmission|
+/airavata/updateResourceJobManager|
+/airavata/getresourceJobManager|
+/airavaa/updateSSHJobSubmissionDetails|
+/airavata/addSSHJobSubmissionDetails|
+/airavata/getUnicoreJobSubmission|
+/airavata/updateUnicoreJobSubmissionDetails|
+/airavata/addUNICOREJobSubmissionDetails|
+/airavata/addLocalDataMovementDetails|
+/airavata/updateSCPDataMovementDetails|
+/airavata/addSCPDataMovementDetails|
+/airavata/updateGridFTPDataMovementDetails|
+/airavata/addGridFTPDataMovementDetails|
+/airavata/updateUnicoreDataMovementDetails|
+/airavata/addUnicoreDataMovementDetails|
+/airavata/getCloudJobSubmission|
+/airavata/getSCPDataMovement|
+/airavata/getGridFTPDataMovement|
+/airavata/getUnicoreDataMovement|
+/airavata/deleteJobSubmissionInterface|
+/airavata/deleteDataMovementInterface|
+/airavata/deleteComputeResource|
+/airavata/updateGatewayResourceProfile|
+/airavata/registerGatewayResourceProfile|
+/airavata/getAllGateways|
+/airavata/getGateway|
+/airavata/getAllGatewayComputeResources|
+/airavata/addGatewayComputeResourcePreference|
+/airavata/deleteGatewayResourceProfile|
+/airavata/deleteGatewayComputeResourcePreference|
+/airavata/getAvailableAppInterfaceComputeResources).)*$\r?\n?
 </AttributeValue>
                         <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                                              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"

http://git-wip-us.apache.org/repos/asf/airavata/blob/c3652607/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
index 890aa99..992d17d 100644
--- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
+++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
@@ -21,6 +21,7 @@
 package org.apache.airavata.secure.sample;
 
 import org.apache.airavata.api.client.AiravataClientFactory;
+import org.apache.airavata.model.appcatalog.appdeployment.ApplicationModule;
 import org.apache.airavata.model.error.*;
 import org.apache.airavata.api.Airavata;
 import org.apache.airavata.model.security.AuthzToken;
@@ -35,6 +36,7 @@ import org.slf4j.LoggerFactory;
 import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
 
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Scanner;
 
@@ -185,7 +187,8 @@ public class SecureClient {
             System.out.println("");
             System.out.println("Enter the number corresponding to the method to be invoked:
");
             System.out.println("1. getAPIVersion");
-            System.out.println("2. addGateway");
+            System.out.println("2. getAllAppModules");
+            System.out.println("3. addGateway");
             String methodNumberString = scanner.next();
             int methodNumber = Integer.valueOf(methodNumberString.trim());
 
@@ -202,12 +205,23 @@ public class SecureClient {
                 System.out.println("");
                 System.out.println("Airavata API version: " + version);
                 System.out.println("");
-
             } else if (methodNumber == 2) {
                 System.out.println("");
                 System.out.println("Enter the gateway id: ");
                 String gatewayId = scanner.next().trim();
 
+                List<ApplicationModule> appModules= client.getAllAppModules(authzToken,
gatewayId);
+                System.out.println("Output of getAllAppModuels: ");
+                for (ApplicationModule appModule : appModules) {
+                    System.out.println(appModule.getAppModuleName());
+                }
+                System.out.println("");
+                System.out.println("");
+            } else if (methodNumber == 3) {
+                System.out.println("");
+                System.out.println("Enter the gateway id: ");
+                String gatewayId = scanner.next().trim();
+
                 Gateway gateway = new Gateway(gatewayId);
                 gateway.setDomain("airavata.org");
                 gateway.setEmailAddress("airavata@apache.org");


Mime
View raw message