From commits-return-19512-archive-asf-public=cust-asf.ponee.io@airavata.apache.org Sun Jul 22 02:13:16 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 87AFE180634 for ; Sun, 22 Jul 2018 02:13:15 +0200 (CEST) Received: (qmail 67300 invoked by uid 500); 22 Jul 2018 00:13:14 -0000 Mailing-List: contact commits-help@airavata.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airavata.apache.org Delivered-To: mailing list commits@airavata.apache.org Received: (qmail 67290 invoked by uid 99); 22 Jul 2018 00:13:14 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 Jul 2018 00:13:14 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id EF89980604; Sun, 22 Jul 2018 00:13:13 +0000 (UTC) Date: Sun, 22 Jul 2018 00:13:13 +0000 To: "commits@airavata.apache.org" Subject: [airavata] branch develop updated: AIRAVATA-2862 GatewayGroups first init'ed in SecurityManager MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <153221839390.19388.11230035980334958512@gitbox.apache.org> From: machristie@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: airavata X-Git-Refname: refs/heads/develop X-Git-Reftype: branch X-Git-Oldrev: ca4d613ddb114f5502f03eaf6736104d7b4f415e X-Git-Newrev: 2002fe624e81dbf0a001f43c077fea79c4be000c X-Git-Rev: 2002fe624e81dbf0a001f43c077fea79c4be000c X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/airavata.git The following commit(s) were added to refs/heads/develop by this push: new 2002fe6 AIRAVATA-2862 GatewayGroups first init'ed in SecurityManager 2002fe6 is described below commit 2002fe624e81dbf0a001f43c077fea79c4be000c Author: Marcus Christie AuthorDate: Sat Jul 21 20:02:27 2018 -0400 AIRAVATA-2862 GatewayGroups first init'ed in SecurityManager --- .../airavata/api/server/handler/AiravataServerHandler.java | 3 ++- .../airavata/service/security}/GatewayGroupsInitializer.java | 8 +++++++- .../airavata/service/security/KeyCloakSecurityManager.java | 10 +++++++++- .../service/security}/GatewayGroupsInitializerTest.java | 2 +- 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java index dc019ef..fc7e1f9 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java @@ -25,7 +25,7 @@ import org.apache.airavata.accountprovisioning.SSHAccountProvisionerFactory; import org.apache.airavata.accountprovisioning.SSHAccountProvisionerProvider; import org.apache.airavata.api.Airavata; import org.apache.airavata.api.airavata_apiConstants; -import org.apache.airavata.api.server.util.GatewayGroupsInitializer; +import org.apache.airavata.service.security.GatewayGroupsInitializer; import org.apache.airavata.common.exception.AiravataException; import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.utils.AiravataUtils; @@ -5782,6 +5782,7 @@ public class AiravataServerHandler implements Airavata.Iface { } @Override + @SecurityCheck public GatewayGroups getGatewayGroups(AuthzToken authzToken) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/util/GatewayGroupsInitializer.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/GatewayGroupsInitializer.java similarity index 96% rename from airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/util/GatewayGroupsInitializer.java rename to airavata-services/services-security/src/main/java/org/apache/airavata/service/security/GatewayGroupsInitializer.java index 30eb2a8..c51d67a 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/util/GatewayGroupsInitializer.java +++ b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/GatewayGroupsInitializer.java @@ -18,7 +18,7 @@ * */ -package org.apache.airavata.api.server.util; +package org.apache.airavata.service.security; import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.utils.AiravataUtils; @@ -37,12 +37,16 @@ import org.apache.airavata.sharing.registry.client.SharingRegistryServiceClientF import org.apache.airavata.sharing.registry.models.*; import org.apache.airavata.sharing.registry.service.cpi.SharingRegistryService; import org.apache.thrift.TException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Create and save an initial set of user management groups for a gateway. */ public class GatewayGroupsInitializer { + private final static Logger logger = LoggerFactory.getLogger(KeyCloakSecurityManager.class); + public static GatewayGroups initializeGatewayGroups(String gatewayId) { SharingRegistryService.Client sharingRegistryClient = createSharingRegistryClient(); @@ -73,6 +77,8 @@ public class GatewayGroupsInitializer { public GatewayGroups initialize(String gatewayId) throws TException { + logger.info("Creating a GatewayGroups instance for gateway " + gatewayId + " ..."); + GatewayGroups gatewayGroups = new GatewayGroups(); gatewayGroups.setGatewayId(gatewayId); diff --git a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java index 22bfe5f..348ad02 100644 --- a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java +++ b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java @@ -253,7 +253,7 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager { private GatewayGroupMembership getGatewayGroupMembership(String username, String token, String gatewayId) throws Exception { validateToken(username, token, gatewayId); - GatewayGroups gatewayGroups = registryServiceClient.getGatewayGroups(gatewayId); + GatewayGroups gatewayGroups = getGatewayGroups(gatewayId); List userGroups = sharingRegistryServiceClient.getAllMemberGroupsForUser(gatewayId, username + "@" + gatewayId); List userGroupIds = userGroups.stream().map(g -> g.getGroupId()).collect(Collectors.toList()); GatewayGroupMembership gatewayGroupMembership = new GatewayGroupMembership(); @@ -262,6 +262,14 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager { return gatewayGroupMembership; } + private GatewayGroups getGatewayGroups(String gatewayId) throws Exception { + if (registryServiceClient.isGatewayGroupsExists(gatewayId)) { + return registryServiceClient.getGatewayGroups(gatewayId); + } else { + return GatewayGroupsInitializer.initializeGatewayGroups(gatewayId); + } + } + private void validateToken(String username, String token, String gatewayId) throws Exception { GatewayResourceProfile gwrp = registryServiceClient.getGatewayResourceProfile(gatewayId); String identityServerRealm = gwrp.getIdentityServerTenant(); diff --git a/airavata-api/airavata-api-server/src/test/java/org/apache/airavata/api/server/util/GatewayGroupsInitializerTest.java b/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/GatewayGroupsInitializerTest.java similarity index 99% rename from airavata-api/airavata-api-server/src/test/java/org/apache/airavata/api/server/util/GatewayGroupsInitializerTest.java rename to airavata-services/services-security/src/test/java/org/apache/airavata/service/security/GatewayGroupsInitializerTest.java index 133ef79..e98b189 100644 --- a/airavata-api/airavata-api-server/src/test/java/org/apache/airavata/api/server/util/GatewayGroupsInitializerTest.java +++ b/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/GatewayGroupsInitializerTest.java @@ -18,7 +18,7 @@ * */ -package org.apache.airavata.api.server.util; +package org.apache.airavata.service.security; import mockit.Expectations; import mockit.Mocked;