adding some missing files from previous commit.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/7ef83689 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/7ef83689 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/7ef83689 Branch: refs/heads/master Commit: 7ef83689624cf135234976b4abb2d3fd7b43499b Parents: 6ec2a39 Author: hasinitg <[email protected]> Authored: Fri Jul 31 17:13:46 2015 +0530 Committer: hasinitg <[email protected]> Committed: Fri Jul 31 17:13:46 2015 +0530 ---------------------------------------------------------------------- .../server/security/AiravataSecurityManager.java | 2 +- .../security/DefaultAiravataSecurityManager.java | 2 +- .../api/server/security/SecurityInterceptor.java | 18 +++++++++++++----- 3 files changed, 15 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/7ef83689/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java index 5937d3e..348675f 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java @@ -24,5 +24,5 @@ import org.apache.airavata.model.security.AuthzToken; import org.apache.airavata.security.AiravataSecurityException; public interface AiravataSecurityManager { - public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws AiravataSecurityException; + public boolean isUserAuthorized(AuthzToken authzToken) throws AiravataSecurityException; } http://git-wip-us.apache.org/repos/asf/airavata/blob/7ef83689/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java index 739a1ec..9d7c959 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java @@ -37,7 +37,7 @@ import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO public class DefaultAiravataSecurityManager implements AiravataSecurityManager { private final static Logger logger = LoggerFactory.getLogger(DefaultAiravataSecurityManager.class); - public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws AiravataSecurityException { + public boolean isUserAuthorized(AuthzToken authzToken) throws AiravataSecurityException { try { ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); http://git-wip-us.apache.org/repos/asf/airavata/blob/7ef83689/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java index ac89092..cf8f7e2 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java @@ -28,7 +28,6 @@ import org.apache.airavata.model.security.AuthzToken; import org.apache.airavata.security.AiravataSecurityException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.Arrays; /** * Interceptor of Airavata API calls for the purpose of applying security. @@ -37,17 +36,26 @@ public class SecurityInterceptor implements MethodInterceptor{ private final static Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class); @Override public Object invoke(MethodInvocation invocation) throws Throwable { - authenticateNAuthorize((AuthzToken) invocation.getArguments()[0]); - return invocation.proceed(); + //obtain the authz token from the input parameters + AuthzToken authzToken = (AuthzToken) invocation.getArguments()[0]; + //authorize the API call + authorize(authzToken); + //set the user identity info in a thread local to be used in downstream execution. + IdentityContext.set(authzToken); + //let the method call procees upon successful authorization + Object returnObj = invocation.proceed(); + //clean the identity context before the method call returns + IdentityContext.unset(); + return returnObj; } - private void authenticateNAuthorize(AuthzToken authzToken) throws AuthorizationException { + private void authorize(AuthzToken authzToken) throws AuthorizationException { try { boolean isAPISecured = ServerSettings.isAPISecured(); if (isAPISecured) { AiravataSecurityManager securityManager = SecurityManagerFactory.getSecurityManager(); - boolean isAuthz = securityManager.isUserAuthenticatedAndAuthorized(authzToken); + boolean isAuthz = securityManager.isUserAuthorized(authzToken); if (!isAuthz) { throw new AuthorizationException("User is not authenticated or authorized."); }
