Repository: airavata Updated Branches: refs/heads/develop cd243d3bb -> 58401a6c6
getting the subject name from OAuth access token Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/58401a6c Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/58401a6c Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/58401a6c Branch: refs/heads/develop Commit: 58401a6c6027b082ec7c64e207de592afb24246c Parents: cd243d3 Author: scnakandala <[email protected]> Authored: Mon May 2 18:52:04 2016 -0400 Committer: scnakandala <[email protected]> Committed: Mon May 2 18:52:04 2016 -0400 ---------------------------------------------------------------------- .../DefaultAiravataSecurityManager.java | 154 +++++++++---------- .../server/security/xacml/DefaultXACMLPEP.java | 2 +- .../lib/airavata/security_model_types.cpp | 24 +-- .../lib/airavata/security_model_types.h | 12 +- .../lib/Airavata/Model/Security/Types.php | 25 +-- .../apache/airavata/model/security/ttypes.py | 19 +-- .../airavata/model/security/AuthzToken.java | 122 +-------------- .../airavata-apis/security_model.thrift | 3 +- 8 files changed, 89 insertions(+), 272 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java index 2b8c501..96b7742 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java @@ -128,101 +128,91 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager { public boolean isUserAuthorized(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException { try { - String subject = authzToken.getUserName(); String accessToken = authzToken.getAccessToken(); String gatewayId = authzToken.getGatewayId(); String action = metaData.get(Constants.API_METHOD_NAME); - //if the authz cache is enabled, check in the cache if the authz decision is cached and if so, what the status is - if (ServerSettings.isAuthzCacheEnabled()) { - //obtain an instance of AuthzCacheManager implementation. - AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager(); - - //check in the cache - AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus( - new AuthzCacheIndex(subject, gatewayId, accessToken, action)); - - if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) { - logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); - return true; - } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) { - logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); - return false; - } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) { - logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is not in the cache. " + - "Obtaining it from the authorization server."); - - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); - AppCatalog appCatalog = RegistryFactory.getAppCatalog(); - GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId); - PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); - String username = credential.getLoginUserName(); - if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) - username = username + "@" + gwrp.getIdentityServerTenant(); - String password = credential.getPassword(); - - //talk to Authorization Server, obtain the decision, cache it and return the result. - ConfigurationContext configContext = - ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); + CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); + AppCatalog appCatalog = RegistryFactory.getAppCatalog(); + GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId); + PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); + String username = credential.getLoginUserName(); + if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) + username = username + "@" + gwrp.getIdentityServerTenant(); + String password = credential.getPassword(); + + ConfigurationContext configContext = + ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); + + //OAuth token validation + DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(), + username, password, configContext); + OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken( + authzToken.getAccessToken()); + + + //XACML policy validation + if(validationResponse.getValid()){ + long expiryTimestamp = validationResponse.getExpiryTime(); + String subject = validationResponse.getAuthorizedUser(); + if(subject.contains("@")) + subject = subject.split("@")[0]; + + authzToken.getClaimsMap().put(Constants.USER_NAME, subject); + + //if the authz cache is enabled, check in the cache if the authz decision is cached and if so, what the status is + if (ServerSettings.isAuthzCacheEnabled()) { + //obtain an instance of AuthzCacheManager implementation. + AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager(); + + //check in the cache + AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus( + new AuthzCacheIndex(subject, gatewayId, accessToken, action)); + + if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) { + logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); + return true; + } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) { + logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); + return false; + } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) { + logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is not in the cache. " + + "Obtaining it from the authorization server."); + + //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. + TrustStoreManager trustStoreManager = new TrustStoreManager(); + trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), + ServerSettings.getTrustStorePassword()); + + + //check for fine grained authorization for the API invocation, based on XACML. + DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(), + username, password, configContext); + boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken, metaData); + + //cache the authorization decision + authzCacheManager.addToAuthzCache(new AuthzCacheIndex(subject, gatewayId, accessToken, action), + new AuthzCacheEntry(authorizationDecision, expiryTimestamp, System.currentTimeMillis())); + + return authorizationDecision; + } else { + //undefined status returned from the authz cache manager + throw new AiravataSecurityException("Error in reading from the authorization cache."); + } + } else { //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. TrustStoreManager trustStoreManager = new TrustStoreManager(); trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), ServerSettings.getTrustStorePassword()); - DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken( - authzToken.getAccessToken()); - boolean isOAuthTokenValid = validationResponse.getValid(); - long expiryTimestamp = validationResponse.getExpiryTime(); - - //check for fine grained authorization for the API invocation, based on XACML. + //if XACML based authorization is enabled, check for role based authorization for the API invocation DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(), username, password, configContext); - boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken, metaData); - - boolean decision = isOAuthTokenValid && authorizationDecision; - - //cache the authorization decision - authzCacheManager.addToAuthzCache(new AuthzCacheIndex(subject, gatewayId, accessToken, action), - new AuthzCacheEntry(decision, expiryTimestamp, System.currentTimeMillis())); - - return decision; - } else { - //undefined status returned from the authz cache manager - throw new AiravataSecurityException("Error in reading from the authorization cache."); + return entitlementClient.getAuthorizationDecision(authzToken, metaData); } - } else { - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); - AppCatalog appCatalog = RegistryFactory.getAppCatalog(); - GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId); - PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); - String username = credential.getLoginUserName(); - if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) - username = username + "@" + gwrp.getIdentityServerTenant(); - String password = credential.getPassword(); - - //talk to Authorization Server, obtain the decision and return the result (authz cache is not enabled). - ConfigurationContext configContext = - ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); - - //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. - TrustStoreManager trustStoreManager = new TrustStoreManager(); - trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), - ServerSettings.getTrustStorePassword()); - - DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken( - authzToken.getAccessToken()); - boolean isOAuthTokenValid = validationResponse.getValid(); - //if XACML based authorization is enabled, check for role based authorization for the API invocation - DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken, metaData); - - return (isOAuthTokenValid && authorizationDecision); + }else{ + return false; } } catch (AxisFault axisFault) { http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java index 7f89020..42328d1 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java @@ -76,7 +76,7 @@ public class DefaultXACMLPEP { public boolean getAuthorizationDecision(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException { String decision; try { - String subject = authzToken.getUserName(); + String subject = authzToken.getClaimsMap().get(Constants.USER_NAME); String action = "/airavata/" + metaData.get(Constants.API_METHOD_NAME); String decisionString = entitlementServiceStub.getDecisionByAttributes(subject, null, action, null); //parse the XML decision string and obtain the decision http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp index 52968a8..63eabf5 100644 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp +++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.cpp @@ -44,11 +44,6 @@ void AuthzToken::__set_gatewayId(const std::string& val) { __isset.gatewayId = true; } -void AuthzToken::__set_userName(const std::string& val) { - this->userName = val; -__isset.userName = true; -} - void AuthzToken::__set_claimsMap(const std::map<std::string, std::string> & val) { this->claimsMap = val; __isset.claimsMap = true; @@ -93,14 +88,6 @@ uint32_t AuthzToken::read(::apache::thrift::protocol::TProtocol* iprot) { } break; case 3: - if (ftype == ::apache::thrift::protocol::T_STRING) { - xfer += iprot->readString(this->userName); - this->__isset.userName = true; - } else { - xfer += iprot->skip(ftype); - } - break; - case 4: if (ftype == ::apache::thrift::protocol::T_MAP) { { this->claimsMap.clear(); @@ -151,13 +138,8 @@ uint32_t AuthzToken::write(::apache::thrift::protocol::TProtocol* oprot) const { xfer += oprot->writeString(this->gatewayId); xfer += oprot->writeFieldEnd(); } - if (this->__isset.userName) { - xfer += oprot->writeFieldBegin("userName", ::apache::thrift::protocol::T_STRING, 3); - xfer += oprot->writeString(this->userName); - xfer += oprot->writeFieldEnd(); - } if (this->__isset.claimsMap) { - xfer += oprot->writeFieldBegin("claimsMap", ::apache::thrift::protocol::T_MAP, 4); + xfer += oprot->writeFieldBegin("claimsMap", ::apache::thrift::protocol::T_MAP, 3); { xfer += oprot->writeMapBegin(::apache::thrift::protocol::T_STRING, ::apache::thrift::protocol::T_STRING, static_cast<uint32_t>(this->claimsMap.size())); std::map<std::string, std::string> ::const_iterator _iter7; @@ -179,7 +161,6 @@ void swap(AuthzToken &a, AuthzToken &b) { using ::std::swap; swap(a.accessToken, b.accessToken); swap(a.gatewayId, b.gatewayId); - swap(a.userName, b.userName); swap(a.claimsMap, b.claimsMap); swap(a.__isset, b.__isset); } @@ -187,14 +168,12 @@ void swap(AuthzToken &a, AuthzToken &b) { AuthzToken::AuthzToken(const AuthzToken& other8) { accessToken = other8.accessToken; gatewayId = other8.gatewayId; - userName = other8.userName; claimsMap = other8.claimsMap; __isset = other8.__isset; } AuthzToken& AuthzToken::operator=(const AuthzToken& other9) { accessToken = other9.accessToken; gatewayId = other9.gatewayId; - userName = other9.userName; claimsMap = other9.claimsMap; __isset = other9.__isset; return *this; @@ -204,7 +183,6 @@ void AuthzToken::printTo(std::ostream& out) const { out << "AuthzToken("; out << "accessToken=" << to_string(accessToken); out << ", " << "gatewayId="; (__isset.gatewayId ? (out << to_string(gatewayId)) : (out << "<null>")); - out << ", " << "userName="; (__isset.userName ? (out << to_string(userName)) : (out << "<null>")); out << ", " << "claimsMap="; (__isset.claimsMap ? (out << to_string(claimsMap)) : (out << "<null>")); out << ")"; } http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h index 77d618d..cce2875 100644 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h +++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/airavata/security_model_types.h @@ -39,9 +39,8 @@ namespace apache { namespace airavata { namespace model { namespace security { class AuthzToken; typedef struct _AuthzToken__isset { - _AuthzToken__isset() : gatewayId(false), userName(false), claimsMap(false) {} + _AuthzToken__isset() : gatewayId(false), claimsMap(false) {} bool gatewayId :1; - bool userName :1; bool claimsMap :1; } _AuthzToken__isset; @@ -50,13 +49,12 @@ class AuthzToken { AuthzToken(const AuthzToken&); AuthzToken& operator=(const AuthzToken&); - AuthzToken() : accessToken(), gatewayId(), userName() { + AuthzToken() : accessToken(), gatewayId() { } virtual ~AuthzToken() throw(); std::string accessToken; std::string gatewayId; - std::string userName; std::map<std::string, std::string> claimsMap; _AuthzToken__isset __isset; @@ -65,8 +63,6 @@ class AuthzToken { void __set_gatewayId(const std::string& val); - void __set_userName(const std::string& val); - void __set_claimsMap(const std::map<std::string, std::string> & val); bool operator == (const AuthzToken & rhs) const @@ -77,10 +73,6 @@ class AuthzToken { return false; else if (__isset.gatewayId && !(gatewayId == rhs.gatewayId)) return false; - if (__isset.userName != rhs.__isset.userName) - return false; - else if (__isset.userName && !(userName == rhs.userName)) - return false; if (__isset.claimsMap != rhs.__isset.claimsMap) return false; else if (__isset.claimsMap && !(claimsMap == rhs.claimsMap)) http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php index 7b9c143..901565c 100644 --- a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php +++ b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/Security/Types.php @@ -29,10 +29,6 @@ class AuthzToken { */ public $gatewayId = null; /** - * @var string - */ - public $userName = null; - /** * @var array */ public $claimsMap = null; @@ -49,10 +45,6 @@ class AuthzToken { 'type' => TType::STRING, ), 3 => array( - 'var' => 'userName', - 'type' => TType::STRING, - ), - 4 => array( 'var' => 'claimsMap', 'type' => TType::MAP, 'ktype' => TType::STRING, @@ -73,9 +65,6 @@ class AuthzToken { if (isset($vals['gatewayId'])) { $this->gatewayId = $vals['gatewayId']; } - if (isset($vals['userName'])) { - $this->userName = $vals['userName']; - } if (isset($vals['claimsMap'])) { $this->claimsMap = $vals['claimsMap']; } @@ -116,13 +105,6 @@ class AuthzToken { } break; case 3: - if ($ftype == TType::STRING) { - $xfer += $input->readString($this->userName); - } else { - $xfer += $input->skip($ftype); - } - break; - case 4: if ($ftype == TType::MAP) { $this->claimsMap = array(); $_size0 = 0; @@ -165,16 +147,11 @@ class AuthzToken { $xfer += $output->writeString($this->gatewayId); $xfer += $output->writeFieldEnd(); } - if ($this->userName !== null) { - $xfer += $output->writeFieldBegin('userName', TType::STRING, 3); - $xfer += $output->writeString($this->userName); - $xfer += $output->writeFieldEnd(); - } if ($this->claimsMap !== null) { if (!is_array($this->claimsMap)) { throw new TProtocolException('Bad type in structure.', TProtocolException::INVALID_DATA); } - $xfer += $output->writeFieldBegin('claimsMap', TType::MAP, 4); + $xfer += $output->writeFieldBegin('claimsMap', TType::MAP, 3); { $output->writeMapBegin(TType::STRING, TType::STRING, count($this->claimsMap)); { http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py index 5b3cb4c..f05fbaa 100644 --- a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py +++ b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/lib/apache/airavata/model/security/ttypes.py @@ -22,7 +22,6 @@ class AuthzToken: Attributes: - accessToken - gatewayId - - userName - claimsMap """ @@ -30,14 +29,12 @@ class AuthzToken: None, # 0 (1, TType.STRING, 'accessToken', None, None, ), # 1 (2, TType.STRING, 'gatewayId', None, None, ), # 2 - (3, TType.STRING, 'userName', None, None, ), # 3 - (4, TType.MAP, 'claimsMap', (TType.STRING,None,TType.STRING,None), None, ), # 4 + (3, TType.MAP, 'claimsMap', (TType.STRING,None,TType.STRING,None), None, ), # 3 ) - def __init__(self, accessToken=None, gatewayId=None, userName=None, claimsMap=None,): + def __init__(self, accessToken=None, gatewayId=None, claimsMap=None,): self.accessToken = accessToken self.gatewayId = gatewayId - self.userName = userName self.claimsMap = claimsMap def read(self, iprot): @@ -60,11 +57,6 @@ class AuthzToken: else: iprot.skip(ftype) elif fid == 3: - if ftype == TType.STRING: - self.userName = iprot.readString() - else: - iprot.skip(ftype) - elif fid == 4: if ftype == TType.MAP: self.claimsMap = {} (_ktype1, _vtype2, _size0 ) = iprot.readMapBegin() @@ -93,12 +85,8 @@ class AuthzToken: oprot.writeFieldBegin('gatewayId', TType.STRING, 2) oprot.writeString(self.gatewayId) oprot.writeFieldEnd() - if self.userName is not None: - oprot.writeFieldBegin('userName', TType.STRING, 3) - oprot.writeString(self.userName) - oprot.writeFieldEnd() if self.claimsMap is not None: - oprot.writeFieldBegin('claimsMap', TType.MAP, 4) + oprot.writeFieldBegin('claimsMap', TType.MAP, 3) oprot.writeMapBegin(TType.STRING, TType.STRING, len(self.claimsMap)) for kiter7,viter8 in self.claimsMap.items(): oprot.writeString(kiter7) @@ -118,7 +106,6 @@ class AuthzToken: value = 17 value = (value * 31) ^ hash(self.accessToken) value = (value * 31) ^ hash(self.gatewayId) - value = (value * 31) ^ hash(self.userName) value = (value * 31) ^ hash(self.claimsMap) return value http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java index 019a908..8c02925 100644 --- a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java +++ b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java @@ -57,8 +57,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke private static final org.apache.thrift.protocol.TField ACCESS_TOKEN_FIELD_DESC = new org.apache.thrift.protocol.TField("accessToken", org.apache.thrift.protocol.TType.STRING, (short)1); private static final org.apache.thrift.protocol.TField GATEWAY_ID_FIELD_DESC = new org.apache.thrift.protocol.TField("gatewayId", org.apache.thrift.protocol.TType.STRING, (short)2); - private static final org.apache.thrift.protocol.TField USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("userName", org.apache.thrift.protocol.TType.STRING, (short)3); - private static final org.apache.thrift.protocol.TField CLAIMS_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("claimsMap", org.apache.thrift.protocol.TType.MAP, (short)4); + private static final org.apache.thrift.protocol.TField CLAIMS_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("claimsMap", org.apache.thrift.protocol.TType.MAP, (short)3); private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); static { @@ -68,15 +67,13 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke private String accessToken; // required private String gatewayId; // optional - private String userName; // optional private Map<String,String> claimsMap; // optional /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { ACCESS_TOKEN((short)1, "accessToken"), GATEWAY_ID((short)2, "gatewayId"), - USER_NAME((short)3, "userName"), - CLAIMS_MAP((short)4, "claimsMap"); + CLAIMS_MAP((short)3, "claimsMap"); private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); @@ -95,9 +92,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke return ACCESS_TOKEN; case 2: // GATEWAY_ID return GATEWAY_ID; - case 3: // USER_NAME - return USER_NAME; - case 4: // CLAIMS_MAP + case 3: // CLAIMS_MAP return CLAIMS_MAP; default: return null; @@ -139,7 +134,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke } // isset id assignments - private static final _Fields optionals[] = {_Fields.GATEWAY_ID,_Fields.USER_NAME,_Fields.CLAIMS_MAP}; + private static final _Fields optionals[] = {_Fields.GATEWAY_ID,_Fields.CLAIMS_MAP}; public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; static { Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); @@ -147,8 +142,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); tmpMap.put(_Fields.GATEWAY_ID, new org.apache.thrift.meta_data.FieldMetaData("gatewayId", org.apache.thrift.TFieldRequirementType.OPTIONAL, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); - tmpMap.put(_Fields.USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("userName", org.apache.thrift.TFieldRequirementType.OPTIONAL, - new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); tmpMap.put(_Fields.CLAIMS_MAP, new org.apache.thrift.meta_data.FieldMetaData("claimsMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), @@ -177,9 +170,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke if (other.isSetGatewayId()) { this.gatewayId = other.gatewayId; } - if (other.isSetUserName()) { - this.userName = other.userName; - } if (other.isSetClaimsMap()) { Map<String,String> __this__claimsMap = new HashMap<String,String>(other.claimsMap); this.claimsMap = __this__claimsMap; @@ -194,7 +184,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke public void clear() { this.accessToken = null; this.gatewayId = null; - this.userName = null; this.claimsMap = null; } @@ -244,29 +233,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke } } - public String getUserName() { - return this.userName; - } - - public void setUserName(String userName) { - this.userName = userName; - } - - public void unsetUserName() { - this.userName = null; - } - - /** Returns true if field userName is set (has been assigned a value) and false otherwise */ - public boolean isSetUserName() { - return this.userName != null; - } - - public void setUserNameIsSet(boolean value) { - if (!value) { - this.userName = null; - } - } - public int getClaimsMapSize() { return (this.claimsMap == null) ? 0 : this.claimsMap.size(); } @@ -319,14 +285,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke } break; - case USER_NAME: - if (value == null) { - unsetUserName(); - } else { - setUserName((String)value); - } - break; - case CLAIMS_MAP: if (value == null) { unsetClaimsMap(); @@ -346,9 +304,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke case GATEWAY_ID: return getGatewayId(); - case USER_NAME: - return getUserName(); - case CLAIMS_MAP: return getClaimsMap(); @@ -367,8 +322,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke return isSetAccessToken(); case GATEWAY_ID: return isSetGatewayId(); - case USER_NAME: - return isSetUserName(); case CLAIMS_MAP: return isSetClaimsMap(); } @@ -406,15 +359,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke return false; } - boolean this_present_userName = true && this.isSetUserName(); - boolean that_present_userName = true && that.isSetUserName(); - if (this_present_userName || that_present_userName) { - if (!(this_present_userName && that_present_userName)) - return false; - if (!this.userName.equals(that.userName)) - return false; - } - boolean this_present_claimsMap = true && this.isSetClaimsMap(); boolean that_present_claimsMap = true && that.isSetClaimsMap(); if (this_present_claimsMap || that_present_claimsMap) { @@ -441,11 +385,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke if (present_gatewayId) list.add(gatewayId); - boolean present_userName = true && (isSetUserName()); - list.add(present_userName); - if (present_userName) - list.add(userName); - boolean present_claimsMap = true && (isSetClaimsMap()); list.add(present_claimsMap); if (present_claimsMap) @@ -482,16 +421,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke return lastComparison; } } - lastComparison = Boolean.valueOf(isSetUserName()).compareTo(other.isSetUserName()); - if (lastComparison != 0) { - return lastComparison; - } - if (isSetUserName()) { - lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.userName, other.userName); - if (lastComparison != 0) { - return lastComparison; - } - } lastComparison = Boolean.valueOf(isSetClaimsMap()).compareTo(other.isSetClaimsMap()); if (lastComparison != 0) { return lastComparison; @@ -539,16 +468,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke } first = false; } - if (isSetUserName()) { - if (!first) sb.append(", "); - sb.append("userName:"); - if (this.userName == null) { - sb.append("null"); - } else { - sb.append(this.userName); - } - first = false; - } if (isSetClaimsMap()) { if (!first) sb.append(", "); sb.append("claimsMap:"); @@ -622,15 +541,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 3: // USER_NAME - if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { - struct.userName = iprot.readString(); - struct.setUserNameIsSet(true); - } else { - org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); - } - break; - case 4: // CLAIMS_MAP + case 3: // CLAIMS_MAP if (schemeField.type == org.apache.thrift.protocol.TType.MAP) { { org.apache.thrift.protocol.TMap _map0 = iprot.readMapBegin(); @@ -675,13 +586,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke oprot.writeFieldEnd(); } } - if (struct.userName != null) { - if (struct.isSetUserName()) { - oprot.writeFieldBegin(USER_NAME_FIELD_DESC); - oprot.writeString(struct.userName); - oprot.writeFieldEnd(); - } - } if (struct.claimsMap != null) { if (struct.isSetClaimsMap()) { oprot.writeFieldBegin(CLAIMS_MAP_FIELD_DESC); @@ -719,19 +623,13 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke if (struct.isSetGatewayId()) { optionals.set(0); } - if (struct.isSetUserName()) { - optionals.set(1); - } if (struct.isSetClaimsMap()) { - optionals.set(2); + optionals.set(1); } - oprot.writeBitSet(optionals, 3); + oprot.writeBitSet(optionals, 2); if (struct.isSetGatewayId()) { oprot.writeString(struct.gatewayId); } - if (struct.isSetUserName()) { - oprot.writeString(struct.userName); - } if (struct.isSetClaimsMap()) { { oprot.writeI32(struct.claimsMap.size()); @@ -749,16 +647,12 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke TTupleProtocol iprot = (TTupleProtocol) prot; struct.accessToken = iprot.readString(); struct.setAccessTokenIsSet(true); - BitSet incoming = iprot.readBitSet(3); + BitSet incoming = iprot.readBitSet(2); if (incoming.get(0)) { struct.gatewayId = iprot.readString(); struct.setGatewayIdIsSet(true); } if (incoming.get(1)) { - struct.userName = iprot.readString(); - struct.setUserNameIsSet(true); - } - if (incoming.get(2)) { { org.apache.thrift.protocol.TMap _map6 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, iprot.readI32()); struct.claimsMap = new HashMap<String,String>(2*_map6.size); http://git-wip-us.apache.org/repos/asf/airavata/blob/58401a6c/thrift-interface-descriptions/airavata-apis/security_model.thrift ---------------------------------------------------------------------- diff --git a/thrift-interface-descriptions/airavata-apis/security_model.thrift b/thrift-interface-descriptions/airavata-apis/security_model.thrift index 158405d..0104165 100644 --- a/thrift-interface-descriptions/airavata-apis/security_model.thrift +++ b/thrift-interface-descriptions/airavata-apis/security_model.thrift @@ -32,6 +32,5 @@ namespace py apache.airavata.model.security struct AuthzToken { 1: required string accessToken, 2: optional string gatewayId, - 3: optional string userName, - 4: optional map<string, string> claimsMap + 3: optional map<string, string> claimsMap } \ No newline at end of file
