airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anujb...@apache.org
Subject [08/23] airavata git commit: change in cpi and serverHandler
Date Tue, 02 May 2017 16:49:23 GMT
change in cpi and serverHandler


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/28ab7a4f
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/28ab7a4f
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/28ab7a4f

Branch: refs/heads/develop
Commit: 28ab7a4f46bdefdd0a556aa13c0518e841533850
Parents: e0fbdeb
Author: Anuj Bhandar <bhandar.anuj@gmail.com>
Authored: Thu Apr 27 14:49:09 2017 -0400
Committer: Anuj Bhandar <bhandar.anuj@gmail.com>
Committed: Thu Apr 27 14:49:09 2017 -0400

----------------------------------------------------------------------
 .../core/impl/TenantManagementKeycloakImpl.java |  7 ++--
 .../handlers/IamAdminServicesHandler.java       | 42 ++++++++++++++++++--
 .../iam-admin-services-cpi.thrift               | 11 +++--
 3 files changed, 50 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/28ab7a4f/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index f688328..6cefd26 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -33,12 +33,9 @@ import org.keycloak.admin.client.resource.UserResource;
 import org.keycloak.representations.idm.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 public class TenantManagementKeycloakImpl implements TenantManagementInterface {
 
@@ -100,6 +97,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
         return realmDetails;
     }
 
+    @Override
     public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds,
Gateway gatewayDetails) throws IamAdminServicesException{
         try{
             Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
"master", isSuperAdminPasswordCreds);
@@ -153,6 +151,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
         }
     }
 
+    @Override
     public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway
gatewayDetails) throws IamAdminServicesException{
         try{
             Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
"master", isSuperAdminPasswordCreds);
@@ -194,6 +193,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
         }
     }
 
+    @Override
     public boolean createUser(PasswordCredential realmAdminCreds, UserProfile userProfile,
String newPassword) throws IamAdminServicesException{
         try{
             Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
userProfile.getGatewayId(), realmAdminCreds);
@@ -232,6 +232,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
         return false;
     }
 
+    @Override
     public boolean enableUserAccount(PasswordCredential realmAdminAccount, UserProfile userDetails)
throws IamAdminServicesException{
         try{
             Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
userDetails.getGatewayId(), realmAdminAccount);

http://git-wip-us.apache.org/repos/asf/airavata/blob/28ab7a4f/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
index 311e831..8ac2364 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
@@ -24,11 +24,14 @@ package org.apache.airavata.service.profile.handlers;
 import org.apache.airavata.model.credential.store.PasswordCredential;
 import org.apache.airavata.model.error.AuthorizationException;
 import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.model.user.UserProfile;
 import org.apache.airavata.model.workspace.Gateway;
 import org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl;
 import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices;
 import org.apache.airavata.service.profile.iam.admin.services.cpi.iam_admin_services_cpiConstants;
 import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
+import org.apache.airavata.service.security.interceptor.SecurityCheck;
+import org.apache.thrift.TException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -50,8 +53,8 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface {
     }
 
     @Override
-    public String setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException,
AuthorizationException {
-        PasswordCredential isSuperAdminCredentials = new PasswordCredential();
+    @SecurityCheck
+    public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway, PasswordCredential
isSuperAdminCredentials) throws IamAdminServicesException, AuthorizationException {
         TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
         try{
             keycloakclient.addTenant(isSuperAdminCredentials,gateway);
@@ -59,10 +62,41 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface
{
                 logger.error("Admin account creation failed !!, please refer error logs for
reason");
             }
             Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials,gateway);
-            //return gatewayWithIdAndSecret;
+            return gatewayWithIdAndSecret;
         } catch (IamAdminServicesException ex){
             logger.error("Gateway Setup Failed, reason: " + ex.getCause(), ex);
+            throw ex;
+        }
+    }
+
+    //ToDo: Will only be secure when using SSL between PGA and Airavata
+    @Override
+    @SecurityCheck
+    public boolean registerUser(AuthzToken authzToken, UserProfile userDetails, PasswordCredential
isRealmAdminCredentials, String newPassword) throws IamAdminServicesException, AuthorizationException
{
+        TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+        try{
+            if(keycloakclient.createUser(isRealmAdminCredentials,userDetails,newPassword))
+                return true;
+            else
+                return false;
+        } catch (IamAdminServicesException ex){
+            logger.error("Error while registering user into Identity Server, reason: " +
ex.getCause(), ex);
+            throw ex;
+        }
+    }
+
+    @Override
+    @SecurityCheck
+    public boolean enableUser(AuthzToken authzToken, UserProfile userDetails, PasswordCredential
isRealmAdminCredentials) throws IamAdminServicesException, AuthorizationException {
+        TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+        try{
+            if(keycloakclient.enableUserAccount(isRealmAdminCredentials,userDetails))
+                return true;
+            else
+                return false;
+        } catch (IamAdminServicesException ex){
+            logger.error("Error while enabling user account, reason: " + ex.getCause(), ex);
+            throw ex;
         }
-        return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/28ab7a4f/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
----------------------------------------------------------------------
diff --git a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
index e369ab1..320f4ce 100644
--- a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
+++ b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
@@ -27,6 +27,7 @@ include "../../../airavata-apis/airavata_errors.thrift"
 include "../../../airavata-apis/security_model.thrift"
 include "../../../data-models/experiment-catalog-models/workspace_model.thrift"
 include "../../../data-models/user-group-models/user_profile_model.thrift"
+include "../../../data-models/credential-store-models/credential_store_data_models.thrift"
 include "iam_admin_services_cpi_errors.thrift"
 
 namespace java org.apache.airavata.service.profile.iam.admin.services.cpi
@@ -41,17 +42,21 @@ service IamAdminServices {
                                2: airavata_errors.AuthorizationException ae)
 
     workspace_model.Gateway setUpGateway (1: required security_model.AuthzToken authzToken,
-                       2: required workspace_model.Gateway gateway)
+                       2: required workspace_model.Gateway gateway
+                       3: required credential_store_data_models.PasswordCredential isSuperAdminCredentials)
                     throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse,
                             2: airavata_errors.AuthorizationException ae)
 
     bool registerUser(1: required security_model.AuthzToken authzToken,
-                        2: required user_profile_model.UserProfile userDetails)
+                        2: required user_profile_model.UserProfile userDetails
+                        3: required credential_store_data_models.PasswordCredential isRealmAdminCredentials
+                        4: required string newPassword)
                         throws (1: iam_admin_services_cpi_errors.IamAdminServicesException
Idse,
                                                     2: airavata_errors.AuthorizationException
ae)
 
     bool enableUser(1: required security_model.AuthzToken authzToken,
-                            2: required user_profile_model.UserProfile userDetails)
+                            2: required user_profile_model.UserProfile userDetails
+                            3: required credential_store_data_models.PasswordCredential isRealmAdminCredentials)
                             throws (1: iam_admin_services_cpi_errors.IamAdminServicesException
Idse,
                                                         2: airavata_errors.AuthorizationException
ae)
 


Mime
View raw message