Updated the secure-client sample to showcase the XACML based authorization on API calls and fixed some issues found when running the sample.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/4226a2db Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/4226a2db Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/4226a2db Branch: refs/heads/master Commit: 4226a2db00aec8ba0abb84e722bcb9767f0c96fa Parents: d3ac7ce Author: hasinitg <[email protected]> Authored: Sat Aug 1 20:56:51 2015 +0530 Committer: hasinitg <[email protected]> Committed: Sat Aug 1 20:56:51 2015 +0530 ---------------------------------------------------------------------- .../api/server/security/DefaultXACMLPEP.java | 7 +--- .../server/security/SecurityInterceptor.java | 3 ++ .../airavata/secure/sample/SecureClient.java | 43 +++++++++++++++++--- 3 files changed, 43 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/4226a2db/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java index e61904c..b60069c 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultXACMLPEP.java @@ -83,13 +83,10 @@ public class DefaultXACMLPEP { String decisionString = entitlementServiceStub.getDecisionByAttributes(subject, null, action, null); //parse the XML decision string and obtain the decision decision = parseDecisionString(decisionString); - if (Constants.NOT_APPLICABLE.equals(decision) || Constants.INDETERMINATE.equals(decision) || - Constants.DENY.equals(decision) || decision == null) { - logger.error("Authorization decision is: " + decision); - throw new AiravataSecurityException("Error in authorizing the user."); - } else if (Constants.PERMIT.equals(decision)) { + if (Constants.PERMIT.equals(decision)) { return true; } else { + logger.error("Authorization decision is: " + decision); return false; } } catch (RemoteException e) { http://git-wip-us.apache.org/repos/asf/airavata/blob/4226a2db/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java index 1f9cd90..2d35b1b 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java @@ -61,12 +61,15 @@ public class SecurityInterceptor implements MethodInterceptor { try { boolean isAPISecured = ServerSettings.isAPISecured(); if (isAPISecured) { + //check in the cache + //if not in the cache, perform authorization with the authorization server AiravataSecurityManager securityManager = SecurityManagerFactory.getSecurityManager(); boolean isAuthz = securityManager.isUserAuthorized(authzToken, metaData); if (!isAuthz) { throw new AuthorizationException("User is not authenticated or authorized."); } + //put the successful authorization decision in the cache } } catch (AiravataSecurityException e) { logger.error(e.getMessage(), e); http://git-wip-us.apache.org/repos/asf/airavata/blob/4226a2db/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java ---------------------------------------------------------------------- diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java index ac34c18..890aa99 100644 --- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java +++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java @@ -24,6 +24,7 @@ import org.apache.airavata.api.client.AiravataClientFactory; import org.apache.airavata.model.error.*; import org.apache.airavata.api.Airavata; import org.apache.airavata.model.security.AuthzToken; +import org.apache.airavata.model.workspace.Gateway; import org.apache.airavata.security.AiravataSecurityException; import org.apache.axis2.AxisFault; import org.apache.axis2.context.ConfigurationContext; @@ -109,6 +110,7 @@ public class SecureClient { throw e; } } else if (option == 2) { + System.out.println(""); System.out.println("Enter Consumer Id: "); consumerId = scanner.next().trim(); System.out.println("Enter Consumer Secret: "); @@ -117,6 +119,7 @@ public class SecureClient { //obtain OAuth access token /************************Start obtaining input from user*****************************/ + System.out.println(""); System.out.println("Please select the preferred grant type: (or press d to use the default option" + Properties.grantType + ")"); System.out.println("1. Resource Owner Password Credential."); System.out.println("2. Client Credential."); @@ -150,10 +153,12 @@ public class SecureClient { password = passwordInput.trim(); } } else if (grantType == 2) { - System.out.println("Obtaining OAuth access token via 'Client Credential' grant type...' grant type...."); + System.out.println(""); System.out.println("Please enter the user name to be passed: "); String userNameInput = scanner.next(); userName = userNameInput.trim(); + System.out.println(""); + System.out.println("Obtaining OAuth access token via 'Client Credential' grant type...' grant type...."); } /***************************** Finish obtaining input from user*******************************************/ @@ -161,10 +166,11 @@ public class SecureClient { //obtain the OAuth token for the specified end user. String accessToken = new OAuthTokenRetrievalClient().retrieveAccessToken(consumerId, consumerSecret, userName, password, grantType); - System.out.println("OAuth access token is: " + accessToken); System.out.println(""); + System.out.println("OAuth access token is: " + accessToken); //invoke Airavata API by the SecureClient, on behalf of the user. + System.out.println(""); System.out.println("Invoking Airavata API..."); System.out.println("Enter the access token to be used: (default:" + accessToken + ", press 'd' to use default value.)"); String accessTokenInput = scanner.next(); @@ -175,6 +181,14 @@ public class SecureClient { acTk = accessTokenInput.trim(); } + //obtain as input, the method to be invoked + System.out.println(""); + System.out.println("Enter the number corresponding to the method to be invoked: "); + System.out.println("1. getAPIVersion"); + System.out.println("2. addGateway"); + String methodNumberString = scanner.next(); + int methodNumber = Integer.valueOf(methodNumberString.trim()); + Airavata.Client client = createAiravataClient(Properties.SERVER_HOST, Properties.SERVER_PORT); AuthzToken authzToken = new AuthzToken(); authzToken.setAccessToken(acTk); @@ -182,9 +196,28 @@ public class SecureClient { claimsMap.put("userName", userName); claimsMap.put("email", "[email protected]"); authzToken.setClaimsMap(claimsMap); - String version = client.getAPIVersion(authzToken); - System.out.println("Airavata API version: " + version); - System.out.println(""); + if (methodNumber == 1) { + + String version = client.getAPIVersion(authzToken); + System.out.println(""); + System.out.println("Airavata API version: " + version); + System.out.println(""); + + } else if (methodNumber == 2) { + System.out.println(""); + System.out.println("Enter the gateway id: "); + String gatewayId = scanner.next().trim(); + + Gateway gateway = new Gateway(gatewayId); + gateway.setDomain("airavata.org"); + gateway.setEmailAddress("[email protected]"); + gateway.setGatewayName("airavataGW"); + String output = client.addGateway(authzToken, gateway); + System.out.println(""); + System.out.println("Output of addGateway: " + output); + System.out.println(""); + + } } catch (InvalidRequestException e) { e.printStackTrace(); } catch (TException e) {
