airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject airavata git commit: getting the subject name from OAuth access token
Date Mon, 02 May 2016 22:52:09 GMT
Repository: airavata
Updated Branches:
  refs/heads/develop cd243d3bb -> 58401a6c6


getting the subject name from OAuth access token


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/58401a6c
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/58401a6c
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/58401a6c

Branch: refs/heads/develop
Commit: 58401a6c6027b082ec7c64e207de592afb24246c
Parents: cd243d3
Author: scnakandala <supun.nakandala@gmail.com>
Authored: Mon May 2 18:52:04 2016 -0400
Committer: scnakandala <supun.nakandala@gmail.com>
Committed: Mon May 2 18:52:04 2016 -0400

----------------------------------------------------------------------
 .../DefaultAiravataSecurityManager.java         | 154 +++++++++----------
 .../server/security/xacml/DefaultXACMLPEP.java  |   2 +-
 .../lib/airavata/security_model_types.cpp       |  24 +--
 .../lib/airavata/security_model_types.h         |  12 +-
 .../lib/Airavata/Model/Security/Types.php       |  25 +--
 .../apache/airavata/model/security/ttypes.py    |  19 +--
 .../airavata/model/security/AuthzToken.java     | 122 +--------------
 .../airavata-apis/security_model.thrift         |   3 +-
 8 files changed, 89 insertions(+), 272 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
index 2b8c501..96b7742 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
@@ -128,101 +128,91 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager
{
 
     public boolean isUserAuthorized(AuthzToken authzToken, Map<String, String> metaData)
throws AiravataSecurityException {
         try {
-            String subject = authzToken.getUserName();
             String accessToken = authzToken.getAccessToken();
             String gatewayId = authzToken.getGatewayId();
             String action = metaData.get(Constants.API_METHOD_NAME);
 
-            //if the authz cache is enabled, check in the cache if the authz decision is
cached and if so, what the status is
-            if (ServerSettings.isAuthzCacheEnabled()) {
-                //obtain an instance of AuthzCacheManager implementation.
-                AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager();
-
-                //check in the cache
-                AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus(
-                        new AuthzCacheIndex(subject, gatewayId, accessToken, action));
-
-                if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) {
-                    logger.info("Authz decision for: (" + subject + ", " + accessToken +
", " + action + ") is retrieved from cache.");
-                    return true;
-                } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) {
-                    logger.info("Authz decision for: (" + subject + ", " + accessToken +
", " + action + ") is retrieved from cache.");
-                    return false;
-                } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) {
-                    logger.info("Authz decision for: (" + subject + ", " + accessToken +
", " + action + ") is not in the cache. " +
-                            "Obtaining it from the authorization server.");
-
-                    CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
-                    AppCatalog appCatalog = RegistryFactory.getAppCatalog();
-                    GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId);
-                    PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(),
gwrp.getGatewayID());
-                    String username = credential.getLoginUserName();
-                    if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
-                        username = username + "@" + gwrp.getIdentityServerTenant();
-                    String password = credential.getPassword();
-
-                    //talk to Authorization Server, obtain the decision, cache it and return
the result.
-                    ConfigurationContext configContext =
-                            ConfigurationContextFactory.createConfigurationContextFromFileSystem(null,
null);
+            CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
+            AppCatalog appCatalog = RegistryFactory.getAppCatalog();
+            GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId);
+            PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(),
gwrp.getGatewayID());
+            String username = credential.getLoginUserName();
+            if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
+                username = username + "@" + gwrp.getIdentityServerTenant();
+            String password = credential.getPassword();
+
+            ConfigurationContext configContext =
+                    ConfigurationContextFactory.createConfigurationContextFromFileSystem(null,
null);
+
+            //OAuth token validation
+            DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(),
+                    username, password, configContext);
+            OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken(
+                    authzToken.getAccessToken());
+
+
+            //XACML policy validation
+            if(validationResponse.getValid()){
+                long expiryTimestamp = validationResponse.getExpiryTime();
+                String subject = validationResponse.getAuthorizedUser();
+                if(subject.contains("@"))
+                    subject = subject.split("@")[0];
+
+                authzToken.getClaimsMap().put(Constants.USER_NAME, subject);
+
+                //if the authz cache is enabled, check in the cache if the authz decision
is cached and if so, what the status is
+                if (ServerSettings.isAuthzCacheEnabled()) {
+                    //obtain an instance of AuthzCacheManager implementation.
+                    AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager();
+
+                    //check in the cache
+                    AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus(
+                            new AuthzCacheIndex(subject, gatewayId, accessToken, action));
+
+                    if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) {
+                        logger.info("Authz decision for: (" + subject + ", " + accessToken
+ ", " + action + ") is retrieved from cache.");
+                        return true;
+                    } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus))
{
+                        logger.info("Authz decision for: (" + subject + ", " + accessToken
+ ", " + action + ") is retrieved from cache.");
+                        return false;
+                    } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) {
+                        logger.info("Authz decision for: (" + subject + ", " + accessToken
+ ", " + action + ") is not in the cache. " +
+                                "Obtaining it from the authorization server.");
+
+                        //initialize SSL context with the trust store that contains the public
cert of WSO2 Identity Server.
+                        TrustStoreManager trustStoreManager = new TrustStoreManager();
+                        trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
+                                ServerSettings.getTrustStorePassword());
+
+
+                        //check for fine grained authorization for the API invocation, based
on XACML.
+                        DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(),
+                                username, password, configContext);
+                        boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken,
metaData);
+
+                        //cache the authorization decision
+                        authzCacheManager.addToAuthzCache(new AuthzCacheIndex(subject, gatewayId,
accessToken, action),
+                                new AuthzCacheEntry(authorizationDecision, expiryTimestamp,
System.currentTimeMillis()));
+
+                        return authorizationDecision;
+                    } else {
+                        //undefined status returned from the authz cache manager
+                        throw new AiravataSecurityException("Error in reading from the authorization
cache.");
+                    }
+                } else {
 
                     //initialize SSL context with the trust store that contains the public
cert of WSO2 Identity Server.
                     TrustStoreManager trustStoreManager = new TrustStoreManager();
                     trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
                             ServerSettings.getTrustStorePassword());
 
-                    DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(),
-                            username, password, configContext);
-                    OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken(
-                            authzToken.getAccessToken());
-                    boolean isOAuthTokenValid = validationResponse.getValid();
-                    long expiryTimestamp = validationResponse.getExpiryTime();
-
-                    //check for fine grained authorization for the API invocation, based
on XACML.
+                    //if XACML based authorization is enabled, check for role based authorization
for the API invocation
                     DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(),
                             username, password, configContext);
-                    boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken,
metaData);
-
-                    boolean decision = isOAuthTokenValid && authorizationDecision;
-
-                    //cache the authorization decision
-                    authzCacheManager.addToAuthzCache(new AuthzCacheIndex(subject, gatewayId,
accessToken, action),
-                            new AuthzCacheEntry(decision, expiryTimestamp, System.currentTimeMillis()));
-
-                    return decision;
-                } else {
-                    //undefined status returned from the authz cache manager
-                    throw new AiravataSecurityException("Error in reading from the authorization
cache.");
+                    return entitlementClient.getAuthorizationDecision(authzToken, metaData);
                 }
-            } else {
-                CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
-                AppCatalog appCatalog = RegistryFactory.getAppCatalog();
-                GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId);
-                PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(),
gwrp.getGatewayID());
-                String username = credential.getLoginUserName();
-                if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
-                    username = username + "@" + gwrp.getIdentityServerTenant();
-                String password = credential.getPassword();
-
-                //talk to Authorization Server, obtain the decision and return the result
(authz cache is not enabled).
-                ConfigurationContext configContext =
-                        ConfigurationContextFactory.createConfigurationContextFromFileSystem(null,
null);
-
-                //initialize SSL context with the trust store that contains the public cert
of WSO2 Identity Server.
-                TrustStoreManager trustStoreManager = new TrustStoreManager();
-                trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
-                        ServerSettings.getTrustStorePassword());
-
-                DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(),
-                        username, password, configContext);
-                OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken(
-                        authzToken.getAccessToken());
-                boolean isOAuthTokenValid = validationResponse.getValid();
-                //if XACML based authorization is enabled, check for role based authorization
for the API invocation
-                DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(),
-                        username, password, configContext);
-                boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken,
metaData);
-
-                return (isOAuthTokenValid && authorizationDecision);
+            }else{
+                return false;
             }
 
         } catch (AxisFault axisFault) {

http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java
index 7f89020..42328d1 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java
@@ -76,7 +76,7 @@ public class DefaultXACMLPEP {
     public boolean getAuthorizationDecision(AuthzToken authzToken, Map<String, String>
metaData) throws AiravataSecurityException {
         String decision;
         try {
-            String subject = authzToken.getUserName();
+            String subject = authzToken.getClaimsMap().get(Constants.USER_NAME);
             String action = "/airavata/" + metaData.get(Constants.API_METHOD_NAME);
             String decisionString = entitlementServiceStub.getDecisionByAttributes(subject,
null, action, null);
             //parse the XML decision string and obtain the decision

http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp
b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp
index 52968a8..63eabf5 100644
--- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp
@@ -44,11 +44,6 @@ void AuthzToken::__set_gatewayId(const std::string& val) {
 __isset.gatewayId = true;
 }
 
-void AuthzToken::__set_userName(const std::string& val) {
-  this->userName = val;
-__isset.userName = true;
-}
-
 void AuthzToken::__set_claimsMap(const std::map<std::string, std::string> & val)
{
   this->claimsMap = val;
 __isset.claimsMap = true;
@@ -93,14 +88,6 @@ uint32_t AuthzToken::read(::apache::thrift::protocol::TProtocol* iprot)
{
         }
         break;
       case 3:
-        if (ftype == ::apache::thrift::protocol::T_STRING) {
-          xfer += iprot->readString(this->userName);
-          this->__isset.userName = true;
-        } else {
-          xfer += iprot->skip(ftype);
-        }
-        break;
-      case 4:
         if (ftype == ::apache::thrift::protocol::T_MAP) {
           {
             this->claimsMap.clear();
@@ -151,13 +138,8 @@ uint32_t AuthzToken::write(::apache::thrift::protocol::TProtocol* oprot)
const {
     xfer += oprot->writeString(this->gatewayId);
     xfer += oprot->writeFieldEnd();
   }
-  if (this->__isset.userName) {
-    xfer += oprot->writeFieldBegin("userName", ::apache::thrift::protocol::T_STRING, 3);
-    xfer += oprot->writeString(this->userName);
-    xfer += oprot->writeFieldEnd();
-  }
   if (this->__isset.claimsMap) {
-    xfer += oprot->writeFieldBegin("claimsMap", ::apache::thrift::protocol::T_MAP, 4);
+    xfer += oprot->writeFieldBegin("claimsMap", ::apache::thrift::protocol::T_MAP, 3);
     {
       xfer += oprot->writeMapBegin(::apache::thrift::protocol::T_STRING, ::apache::thrift::protocol::T_STRING,
static_cast<uint32_t>(this->claimsMap.size()));
       std::map<std::string, std::string> ::const_iterator _iter7;
@@ -179,7 +161,6 @@ void swap(AuthzToken &a, AuthzToken &b) {
   using ::std::swap;
   swap(a.accessToken, b.accessToken);
   swap(a.gatewayId, b.gatewayId);
-  swap(a.userName, b.userName);
   swap(a.claimsMap, b.claimsMap);
   swap(a.__isset, b.__isset);
 }
@@ -187,14 +168,12 @@ void swap(AuthzToken &a, AuthzToken &b) {
 AuthzToken::AuthzToken(const AuthzToken& other8) {
   accessToken = other8.accessToken;
   gatewayId = other8.gatewayId;
-  userName = other8.userName;
   claimsMap = other8.claimsMap;
   __isset = other8.__isset;
 }
 AuthzToken& AuthzToken::operator=(const AuthzToken& other9) {
   accessToken = other9.accessToken;
   gatewayId = other9.gatewayId;
-  userName = other9.userName;
   claimsMap = other9.claimsMap;
   __isset = other9.__isset;
   return *this;
@@ -204,7 +183,6 @@ void AuthzToken::printTo(std::ostream& out) const {
   out << "AuthzToken(";
   out << "accessToken=" << to_string(accessToken);
   out << ", " << "gatewayId="; (__isset.gatewayId ? (out << to_string(gatewayId))
: (out << "<null>"));
-  out << ", " << "userName="; (__isset.userName ? (out << to_string(userName))
: (out << "<null>"));
   out << ", " << "claimsMap="; (__isset.claimsMap ? (out << to_string(claimsMap))
: (out << "<null>"));
   out << ")";
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h
b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h
index 77d618d..cce2875 100644
--- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h
@@ -39,9 +39,8 @@ namespace apache { namespace airavata { namespace model { namespace security
{
 class AuthzToken;
 
 typedef struct _AuthzToken__isset {
-  _AuthzToken__isset() : gatewayId(false), userName(false), claimsMap(false) {}
+  _AuthzToken__isset() : gatewayId(false), claimsMap(false) {}
   bool gatewayId :1;
-  bool userName :1;
   bool claimsMap :1;
 } _AuthzToken__isset;
 
@@ -50,13 +49,12 @@ class AuthzToken {
 
   AuthzToken(const AuthzToken&);
   AuthzToken& operator=(const AuthzToken&);
-  AuthzToken() : accessToken(), gatewayId(), userName() {
+  AuthzToken() : accessToken(), gatewayId() {
   }
 
   virtual ~AuthzToken() throw();
   std::string accessToken;
   std::string gatewayId;
-  std::string userName;
   std::map<std::string, std::string>  claimsMap;
 
   _AuthzToken__isset __isset;
@@ -65,8 +63,6 @@ class AuthzToken {
 
   void __set_gatewayId(const std::string& val);
 
-  void __set_userName(const std::string& val);
-
   void __set_claimsMap(const std::map<std::string, std::string> & val);
 
   bool operator == (const AuthzToken & rhs) const
@@ -77,10 +73,6 @@ class AuthzToken {
       return false;
     else if (__isset.gatewayId && !(gatewayId == rhs.gatewayId))
       return false;
-    if (__isset.userName != rhs.__isset.userName)
-      return false;
-    else if (__isset.userName && !(userName == rhs.userName))
-      return false;
     if (__isset.claimsMap != rhs.__isset.claimsMap)
       return false;
     else if (__isset.claimsMap && !(claimsMap == rhs.claimsMap))

http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php
b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php
index 7b9c143..901565c 100644
--- a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php
+++ b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php
@@ -29,10 +29,6 @@ class AuthzToken {
    */
   public $gatewayId = null;
   /**
-   * @var string
-   */
-  public $userName = null;
-  /**
    * @var array
    */
   public $claimsMap = null;
@@ -49,10 +45,6 @@ class AuthzToken {
           'type' => TType::STRING,
           ),
         3 => array(
-          'var' => 'userName',
-          'type' => TType::STRING,
-          ),
-        4 => array(
           'var' => 'claimsMap',
           'type' => TType::MAP,
           'ktype' => TType::STRING,
@@ -73,9 +65,6 @@ class AuthzToken {
       if (isset($vals['gatewayId'])) {
         $this->gatewayId = $vals['gatewayId'];
       }
-      if (isset($vals['userName'])) {
-        $this->userName = $vals['userName'];
-      }
       if (isset($vals['claimsMap'])) {
         $this->claimsMap = $vals['claimsMap'];
       }
@@ -116,13 +105,6 @@ class AuthzToken {
           }
           break;
         case 3:
-          if ($ftype == TType::STRING) {
-            $xfer += $input->readString($this->userName);
-          } else {
-            $xfer += $input->skip($ftype);
-          }
-          break;
-        case 4:
           if ($ftype == TType::MAP) {
             $this->claimsMap = array();
             $_size0 = 0;
@@ -165,16 +147,11 @@ class AuthzToken {
       $xfer += $output->writeString($this->gatewayId);
       $xfer += $output->writeFieldEnd();
     }
-    if ($this->userName !== null) {
-      $xfer += $output->writeFieldBegin('userName', TType::STRING, 3);
-      $xfer += $output->writeString($this->userName);
-      $xfer += $output->writeFieldEnd();
-    }
     if ($this->claimsMap !== null) {
       if (!is_array($this->claimsMap)) {
         throw new TProtocolException('Bad type in structure.', TProtocolException::INVALID_DATA);
       }
-      $xfer += $output->writeFieldBegin('claimsMap', TType::MAP, 4);
+      $xfer += $output->writeFieldBegin('claimsMap', TType::MAP, 3);
       {
         $output->writeMapBegin(TType::STRING, TType::STRING, count($this->claimsMap));
         {

http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py
b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py
index 5b3cb4c..f05fbaa 100644
--- a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py
+++ b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py
@@ -22,7 +22,6 @@ class AuthzToken:
   Attributes:
    - accessToken
    - gatewayId
-   - userName
    - claimsMap
   """
 
@@ -30,14 +29,12 @@ class AuthzToken:
     None, # 0
     (1, TType.STRING, 'accessToken', None, None, ), # 1
     (2, TType.STRING, 'gatewayId', None, None, ), # 2
-    (3, TType.STRING, 'userName', None, None, ), # 3
-    (4, TType.MAP, 'claimsMap', (TType.STRING,None,TType.STRING,None), None, ), # 4
+    (3, TType.MAP, 'claimsMap', (TType.STRING,None,TType.STRING,None), None, ), # 3
   )
 
-  def __init__(self, accessToken=None, gatewayId=None, userName=None, claimsMap=None,):
+  def __init__(self, accessToken=None, gatewayId=None, claimsMap=None,):
     self.accessToken = accessToken
     self.gatewayId = gatewayId
-    self.userName = userName
     self.claimsMap = claimsMap
 
   def read(self, iprot):
@@ -60,11 +57,6 @@ class AuthzToken:
         else:
           iprot.skip(ftype)
       elif fid == 3:
-        if ftype == TType.STRING:
-          self.userName = iprot.readString()
-        else:
-          iprot.skip(ftype)
-      elif fid == 4:
         if ftype == TType.MAP:
           self.claimsMap = {}
           (_ktype1, _vtype2, _size0 ) = iprot.readMapBegin()
@@ -93,12 +85,8 @@ class AuthzToken:
       oprot.writeFieldBegin('gatewayId', TType.STRING, 2)
       oprot.writeString(self.gatewayId)
       oprot.writeFieldEnd()
-    if self.userName is not None:
-      oprot.writeFieldBegin('userName', TType.STRING, 3)
-      oprot.writeString(self.userName)
-      oprot.writeFieldEnd()
     if self.claimsMap is not None:
-      oprot.writeFieldBegin('claimsMap', TType.MAP, 4)
+      oprot.writeFieldBegin('claimsMap', TType.MAP, 3)
       oprot.writeMapBegin(TType.STRING, TType.STRING, len(self.claimsMap))
       for kiter7,viter8 in self.claimsMap.items():
         oprot.writeString(kiter7)
@@ -118,7 +106,6 @@ class AuthzToken:
     value = 17
     value = (value * 31) ^ hash(self.accessToken)
     value = (value * 31) ^ hash(self.gatewayId)
-    value = (value * 31) ^ hash(self.userName)
     value = (value * 31) ^ hash(self.claimsMap)
     return value
 

http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java
b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java
index 019a908..8c02925 100644
--- a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java
+++ b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java
@@ -57,8 +57,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
 
   private static final org.apache.thrift.protocol.TField ACCESS_TOKEN_FIELD_DESC = new org.apache.thrift.protocol.TField("accessToken",
org.apache.thrift.protocol.TType.STRING, (short)1);
   private static final org.apache.thrift.protocol.TField GATEWAY_ID_FIELD_DESC = new org.apache.thrift.protocol.TField("gatewayId",
org.apache.thrift.protocol.TType.STRING, (short)2);
-  private static final org.apache.thrift.protocol.TField USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("userName",
org.apache.thrift.protocol.TType.STRING, (short)3);
-  private static final org.apache.thrift.protocol.TField CLAIMS_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("claimsMap",
org.apache.thrift.protocol.TType.MAP, (short)4);
+  private static final org.apache.thrift.protocol.TField CLAIMS_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("claimsMap",
org.apache.thrift.protocol.TType.MAP, (short)3);
 
   private static final Map<Class<? extends IScheme>, SchemeFactory> schemes =
new HashMap<Class<? extends IScheme>, SchemeFactory>();
   static {
@@ -68,15 +67,13 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
 
   private String accessToken; // required
   private String gatewayId; // optional
-  private String userName; // optional
   private Map<String,String> claimsMap; // optional
 
   /** The set of fields this struct contains, along with convenience methods for finding
and manipulating them. */
   public enum _Fields implements org.apache.thrift.TFieldIdEnum {
     ACCESS_TOKEN((short)1, "accessToken"),
     GATEWAY_ID((short)2, "gatewayId"),
-    USER_NAME((short)3, "userName"),
-    CLAIMS_MAP((short)4, "claimsMap");
+    CLAIMS_MAP((short)3, "claimsMap");
 
     private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
 
@@ -95,9 +92,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
           return ACCESS_TOKEN;
         case 2: // GATEWAY_ID
           return GATEWAY_ID;
-        case 3: // USER_NAME
-          return USER_NAME;
-        case 4: // CLAIMS_MAP
+        case 3: // CLAIMS_MAP
           return CLAIMS_MAP;
         default:
           return null;
@@ -139,7 +134,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
   }
 
   // isset id assignments
-  private static final _Fields optionals[] = {_Fields.GATEWAY_ID,_Fields.USER_NAME,_Fields.CLAIMS_MAP};
+  private static final _Fields optionals[] = {_Fields.GATEWAY_ID,_Fields.CLAIMS_MAP};
   public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
   static {
     Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields,
org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
@@ -147,8 +142,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
     tmpMap.put(_Fields.GATEWAY_ID, new org.apache.thrift.meta_data.FieldMetaData("gatewayId",
org.apache.thrift.TFieldRequirementType.OPTIONAL, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
-    tmpMap.put(_Fields.USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("userName",
org.apache.thrift.TFieldRequirementType.OPTIONAL, 
-        new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
     tmpMap.put(_Fields.CLAIMS_MAP, new org.apache.thrift.meta_data.FieldMetaData("claimsMap",
org.apache.thrift.TFieldRequirementType.OPTIONAL, 
         new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,

             new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),

@@ -177,9 +170,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
     if (other.isSetGatewayId()) {
       this.gatewayId = other.gatewayId;
     }
-    if (other.isSetUserName()) {
-      this.userName = other.userName;
-    }
     if (other.isSetClaimsMap()) {
       Map<String,String> __this__claimsMap = new HashMap<String,String>(other.claimsMap);
       this.claimsMap = __this__claimsMap;
@@ -194,7 +184,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
   public void clear() {
     this.accessToken = null;
     this.gatewayId = null;
-    this.userName = null;
     this.claimsMap = null;
   }
 
@@ -244,29 +233,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
     }
   }
 
-  public String getUserName() {
-    return this.userName;
-  }
-
-  public void setUserName(String userName) {
-    this.userName = userName;
-  }
-
-  public void unsetUserName() {
-    this.userName = null;
-  }
-
-  /** Returns true if field userName is set (has been assigned a value) and false otherwise
*/
-  public boolean isSetUserName() {
-    return this.userName != null;
-  }
-
-  public void setUserNameIsSet(boolean value) {
-    if (!value) {
-      this.userName = null;
-    }
-  }
-
   public int getClaimsMapSize() {
     return (this.claimsMap == null) ? 0 : this.claimsMap.size();
   }
@@ -319,14 +285,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
       }
       break;
 
-    case USER_NAME:
-      if (value == null) {
-        unsetUserName();
-      } else {
-        setUserName((String)value);
-      }
-      break;
-
     case CLAIMS_MAP:
       if (value == null) {
         unsetClaimsMap();
@@ -346,9 +304,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
     case GATEWAY_ID:
       return getGatewayId();
 
-    case USER_NAME:
-      return getUserName();
-
     case CLAIMS_MAP:
       return getClaimsMap();
 
@@ -367,8 +322,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
       return isSetAccessToken();
     case GATEWAY_ID:
       return isSetGatewayId();
-    case USER_NAME:
-      return isSetUserName();
     case CLAIMS_MAP:
       return isSetClaimsMap();
     }
@@ -406,15 +359,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
         return false;
     }
 
-    boolean this_present_userName = true && this.isSetUserName();
-    boolean that_present_userName = true && that.isSetUserName();
-    if (this_present_userName || that_present_userName) {
-      if (!(this_present_userName && that_present_userName))
-        return false;
-      if (!this.userName.equals(that.userName))
-        return false;
-    }
-
     boolean this_present_claimsMap = true && this.isSetClaimsMap();
     boolean that_present_claimsMap = true && that.isSetClaimsMap();
     if (this_present_claimsMap || that_present_claimsMap) {
@@ -441,11 +385,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
     if (present_gatewayId)
       list.add(gatewayId);
 
-    boolean present_userName = true && (isSetUserName());
-    list.add(present_userName);
-    if (present_userName)
-      list.add(userName);
-
     boolean present_claimsMap = true && (isSetClaimsMap());
     list.add(present_claimsMap);
     if (present_claimsMap)
@@ -482,16 +421,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
         return lastComparison;
       }
     }
-    lastComparison = Boolean.valueOf(isSetUserName()).compareTo(other.isSetUserName());
-    if (lastComparison != 0) {
-      return lastComparison;
-    }
-    if (isSetUserName()) {
-      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.userName, other.userName);
-      if (lastComparison != 0) {
-        return lastComparison;
-      }
-    }
     lastComparison = Boolean.valueOf(isSetClaimsMap()).compareTo(other.isSetClaimsMap());
     if (lastComparison != 0) {
       return lastComparison;
@@ -539,16 +468,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
       }
       first = false;
     }
-    if (isSetUserName()) {
-      if (!first) sb.append(", ");
-      sb.append("userName:");
-      if (this.userName == null) {
-        sb.append("null");
-      } else {
-        sb.append(this.userName);
-      }
-      first = false;
-    }
     if (isSetClaimsMap()) {
       if (!first) sb.append(", ");
       sb.append("claimsMap:");
@@ -622,15 +541,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
             break;
-          case 3: // USER_NAME
-            if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
-              struct.userName = iprot.readString();
-              struct.setUserNameIsSet(true);
-            } else { 
-              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
-            }
-            break;
-          case 4: // CLAIMS_MAP
+          case 3: // CLAIMS_MAP
             if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
               {
                 org.apache.thrift.protocol.TMap _map0 = iprot.readMapBegin();
@@ -675,13 +586,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
           oprot.writeFieldEnd();
         }
       }
-      if (struct.userName != null) {
-        if (struct.isSetUserName()) {
-          oprot.writeFieldBegin(USER_NAME_FIELD_DESC);
-          oprot.writeString(struct.userName);
-          oprot.writeFieldEnd();
-        }
-      }
       if (struct.claimsMap != null) {
         if (struct.isSetClaimsMap()) {
           oprot.writeFieldBegin(CLAIMS_MAP_FIELD_DESC);
@@ -719,19 +623,13 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
       if (struct.isSetGatewayId()) {
         optionals.set(0);
       }
-      if (struct.isSetUserName()) {
-        optionals.set(1);
-      }
       if (struct.isSetClaimsMap()) {
-        optionals.set(2);
+        optionals.set(1);
       }
-      oprot.writeBitSet(optionals, 3);
+      oprot.writeBitSet(optionals, 2);
       if (struct.isSetGatewayId()) {
         oprot.writeString(struct.gatewayId);
       }
-      if (struct.isSetUserName()) {
-        oprot.writeString(struct.userName);
-      }
       if (struct.isSetClaimsMap()) {
         {
           oprot.writeI32(struct.claimsMap.size());
@@ -749,16 +647,12 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken,
AuthzToke
       TTupleProtocol iprot = (TTupleProtocol) prot;
       struct.accessToken = iprot.readString();
       struct.setAccessTokenIsSet(true);
-      BitSet incoming = iprot.readBitSet(3);
+      BitSet incoming = iprot.readBitSet(2);
       if (incoming.get(0)) {
         struct.gatewayId = iprot.readString();
         struct.setGatewayIdIsSet(true);
       }
       if (incoming.get(1)) {
-        struct.userName = iprot.readString();
-        struct.setUserNameIsSet(true);
-      }
-      if (incoming.get(2)) {
         {
           org.apache.thrift.protocol.TMap _map6 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING,
org.apache.thrift.protocol.TType.STRING, iprot.readI32());
           struct.claimsMap = new HashMap<String,String>(2*_map6.size);

http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/thrift-interface-descriptions/airavata-apis/security_model.thrift
----------------------------------------------------------------------
diff --git a/thrift-interface-descriptions/airavata-apis/security_model.thrift b/thrift-interface-descriptions/airavata-apis/security_model.thrift
index 158405d..0104165 100644
--- a/thrift-interface-descriptions/airavata-apis/security_model.thrift
+++ b/thrift-interface-descriptions/airavata-apis/security_model.thrift
@@ -32,6 +32,5 @@ namespace py apache.airavata.model.security
 struct AuthzToken {
     1: required string accessToken,
     2: optional string gatewayId,
-    3: optional string userName,
-    4: optional map<string, string> claimsMap
+    3: optional map<string, string> claimsMap
 }
\ No newline at end of file


Mime
View raw message