Repository: airavata Updated Branches: refs/heads/develop 58401a6c6 -> 988293e6c
getting the subject name from OAuth access token Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/988293e6 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/988293e6 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/988293e6 Branch: refs/heads/develop Commit: 988293e6cc1f400351b499fafe47063557047321 Parents: 58401a6 Author: scnakandala <[email protected]> Authored: Mon May 2 19:01:52 2016 -0400 Committer: scnakandala <[email protected]> Committed: Mon May 2 19:01:52 2016 -0400 ---------------------------------------------------------------------- .../DefaultAiravataSecurityManager.java | 149 +++++++++++-------- .../airavata/model/security/AuthzToken.java | 122 +-------------- .../apache/airavata/common/utils/Constants.java | 1 + .../airavata-apis/security_model.thrift | 3 +- 4 files changed, 93 insertions(+), 182 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/988293e6/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java index 96b7742..58e91d8 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java @@ -128,62 +128,58 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager { public boolean isUserAuthorized(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException { try { + String subject = authzToken.getClaimsMap().get(Constants.USER_NAME); String accessToken = authzToken.getAccessToken(); - String gatewayId = authzToken.getGatewayId(); + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); String action = metaData.get(Constants.API_METHOD_NAME); - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); - AppCatalog appCatalog = RegistryFactory.getAppCatalog(); - GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId); - PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); - String username = credential.getLoginUserName(); - if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) - username = username + "@" + gwrp.getIdentityServerTenant(); - String password = credential.getPassword(); - - ConfigurationContext configContext = - ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); - - //OAuth token validation - DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken( - authzToken.getAccessToken()); - - - //XACML policy validation - if(validationResponse.getValid()){ - long expiryTimestamp = validationResponse.getExpiryTime(); - String subject = validationResponse.getAuthorizedUser(); - if(subject.contains("@")) - subject = subject.split("@")[0]; - - authzToken.getClaimsMap().put(Constants.USER_NAME, subject); - - //if the authz cache is enabled, check in the cache if the authz decision is cached and if so, what the status is - if (ServerSettings.isAuthzCacheEnabled()) { - //obtain an instance of AuthzCacheManager implementation. - AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager(); - - //check in the cache - AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus( - new AuthzCacheIndex(subject, gatewayId, accessToken, action)); - - if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) { - logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); - return true; - } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) { - logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); - return false; - } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) { - logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is not in the cache. " + - "Obtaining it from the authorization server."); + //if the authz cache is enabled, check in the cache if the authz decision is cached and if so, what the status is + if (ServerSettings.isAuthzCacheEnabled()) { + //obtain an instance of AuthzCacheManager implementation. + AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager(); + + //check in the cache + AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus( + new AuthzCacheIndex(subject, gatewayId, accessToken, action)); + + if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) { + logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); + return true; + } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) { + logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); + return false; + } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) { + logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is not in the cache. " + + "Obtaining it from the authorization server."); + + CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); + AppCatalog appCatalog = RegistryFactory.getAppCatalog(); + GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId); + PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); + String username = credential.getLoginUserName(); + if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) + username = username + "@" + gwrp.getIdentityServerTenant(); + String password = credential.getPassword(); + + //talk to Authorization Server, obtain the decision, cache it and return the result. + ConfigurationContext configContext = + ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); + + //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. + TrustStoreManager trustStoreManager = new TrustStoreManager(); + trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), + ServerSettings.getTrustStorePassword()); - //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. - TrustStoreManager trustStoreManager = new TrustStoreManager(); - trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), - ServerSettings.getTrustStorePassword()); + DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(), + username, password, configContext); + OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken( + authzToken.getAccessToken()); + if(validationResponse.getValid()){ + //cannot impersonate users + if(!validationResponse.getAuthorizedUser().equals(subject)) + return false; + long expiryTimestamp = validationResponse.getExpiryTime(); //check for fine grained authorization for the API invocation, based on XACML. DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(), @@ -195,24 +191,45 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager { new AuthzCacheEntry(authorizationDecision, expiryTimestamp, System.currentTimeMillis())); return authorizationDecision; - } else { - //undefined status returned from the authz cache manager - throw new AiravataSecurityException("Error in reading from the authorization cache."); + }else { + return false; } - } else { - //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. - TrustStoreManager trustStoreManager = new TrustStoreManager(); - trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), - ServerSettings.getTrustStorePassword()); - //if XACML based authorization is enabled, check for role based authorization for the API invocation - DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - return entitlementClient.getAuthorizationDecision(authzToken, metaData); + } else { + //undefined status returned from the authz cache manager + throw new AiravataSecurityException("Error in reading from the authorization cache."); } - }else{ - return false; + } else { + CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); + AppCatalog appCatalog = RegistryFactory.getAppCatalog(); + GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId); + PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); + String username = credential.getLoginUserName(); + if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) + username = username + "@" + gwrp.getIdentityServerTenant(); + String password = credential.getPassword(); + + //talk to Authorization Server, obtain the decision and return the result (authz cache is not enabled). + ConfigurationContext configContext = + ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); + + //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. + TrustStoreManager trustStoreManager = new TrustStoreManager(); + trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), + ServerSettings.getTrustStorePassword()); + + DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(), + username, password, configContext); + OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken( + authzToken.getAccessToken()); + boolean isOAuthTokenValid = validationResponse.getValid(); + //if XACML based authorization is enabled, check for role based authorization for the API invocation + DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(), + username, password, configContext); + boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken, metaData); + + return (isOAuthTokenValid && authorizationDecision); } } catch (AxisFault axisFault) { @@ -239,4 +256,4 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager { throw new TException("Unable to create credential store client...", e); } } -} +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/988293e6/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java index 8c02925..72a59cb 100644 --- a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java +++ b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/security/AuthzToken.java @@ -56,8 +56,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("AuthzToken"); private static final org.apache.thrift.protocol.TField ACCESS_TOKEN_FIELD_DESC = new org.apache.thrift.protocol.TField("accessToken", org.apache.thrift.protocol.TType.STRING, (short)1); - private static final org.apache.thrift.protocol.TField GATEWAY_ID_FIELD_DESC = new org.apache.thrift.protocol.TField("gatewayId", org.apache.thrift.protocol.TType.STRING, (short)2); - private static final org.apache.thrift.protocol.TField CLAIMS_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("claimsMap", org.apache.thrift.protocol.TType.MAP, (short)3); + private static final org.apache.thrift.protocol.TField CLAIMS_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("claimsMap", org.apache.thrift.protocol.TType.MAP, (short)2); private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); static { @@ -66,14 +65,12 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke } private String accessToken; // required - private String gatewayId; // optional private Map<String,String> claimsMap; // optional /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { ACCESS_TOKEN((short)1, "accessToken"), - GATEWAY_ID((short)2, "gatewayId"), - CLAIMS_MAP((short)3, "claimsMap"); + CLAIMS_MAP((short)2, "claimsMap"); private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); @@ -90,9 +87,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke switch(fieldId) { case 1: // ACCESS_TOKEN return ACCESS_TOKEN; - case 2: // GATEWAY_ID - return GATEWAY_ID; - case 3: // CLAIMS_MAP + case 2: // CLAIMS_MAP return CLAIMS_MAP; default: return null; @@ -134,14 +129,12 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke } // isset id assignments - private static final _Fields optionals[] = {_Fields.GATEWAY_ID,_Fields.CLAIMS_MAP}; + private static final _Fields optionals[] = {_Fields.CLAIMS_MAP}; public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; static { Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); tmpMap.put(_Fields.ACCESS_TOKEN, new org.apache.thrift.meta_data.FieldMetaData("accessToken", org.apache.thrift.TFieldRequirementType.REQUIRED, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); - tmpMap.put(_Fields.GATEWAY_ID, new org.apache.thrift.meta_data.FieldMetaData("gatewayId", org.apache.thrift.TFieldRequirementType.OPTIONAL, - new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); tmpMap.put(_Fields.CLAIMS_MAP, new org.apache.thrift.meta_data.FieldMetaData("claimsMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), @@ -167,9 +160,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke if (other.isSetAccessToken()) { this.accessToken = other.accessToken; } - if (other.isSetGatewayId()) { - this.gatewayId = other.gatewayId; - } if (other.isSetClaimsMap()) { Map<String,String> __this__claimsMap = new HashMap<String,String>(other.claimsMap); this.claimsMap = __this__claimsMap; @@ -183,7 +173,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke @Override public void clear() { this.accessToken = null; - this.gatewayId = null; this.claimsMap = null; } @@ -210,29 +199,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke } } - public String getGatewayId() { - return this.gatewayId; - } - - public void setGatewayId(String gatewayId) { - this.gatewayId = gatewayId; - } - - public void unsetGatewayId() { - this.gatewayId = null; - } - - /** Returns true if field gatewayId is set (has been assigned a value) and false otherwise */ - public boolean isSetGatewayId() { - return this.gatewayId != null; - } - - public void setGatewayIdIsSet(boolean value) { - if (!value) { - this.gatewayId = null; - } - } - public int getClaimsMapSize() { return (this.claimsMap == null) ? 0 : this.claimsMap.size(); } @@ -277,14 +243,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke } break; - case GATEWAY_ID: - if (value == null) { - unsetGatewayId(); - } else { - setGatewayId((String)value); - } - break; - case CLAIMS_MAP: if (value == null) { unsetClaimsMap(); @@ -301,9 +259,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke case ACCESS_TOKEN: return getAccessToken(); - case GATEWAY_ID: - return getGatewayId(); - case CLAIMS_MAP: return getClaimsMap(); @@ -320,8 +275,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke switch (field) { case ACCESS_TOKEN: return isSetAccessToken(); - case GATEWAY_ID: - return isSetGatewayId(); case CLAIMS_MAP: return isSetClaimsMap(); } @@ -350,15 +303,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke return false; } - boolean this_present_gatewayId = true && this.isSetGatewayId(); - boolean that_present_gatewayId = true && that.isSetGatewayId(); - if (this_present_gatewayId || that_present_gatewayId) { - if (!(this_present_gatewayId && that_present_gatewayId)) - return false; - if (!this.gatewayId.equals(that.gatewayId)) - return false; - } - boolean this_present_claimsMap = true && this.isSetClaimsMap(); boolean that_present_claimsMap = true && that.isSetClaimsMap(); if (this_present_claimsMap || that_present_claimsMap) { @@ -380,11 +324,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke if (present_accessToken) list.add(accessToken); - boolean present_gatewayId = true && (isSetGatewayId()); - list.add(present_gatewayId); - if (present_gatewayId) - list.add(gatewayId); - boolean present_claimsMap = true && (isSetClaimsMap()); list.add(present_claimsMap); if (present_claimsMap) @@ -411,16 +350,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke return lastComparison; } } - lastComparison = Boolean.valueOf(isSetGatewayId()).compareTo(other.isSetGatewayId()); - if (lastComparison != 0) { - return lastComparison; - } - if (isSetGatewayId()) { - lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.gatewayId, other.gatewayId); - if (lastComparison != 0) { - return lastComparison; - } - } lastComparison = Boolean.valueOf(isSetClaimsMap()).compareTo(other.isSetClaimsMap()); if (lastComparison != 0) { return lastComparison; @@ -458,16 +387,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke sb.append(this.accessToken); } first = false; - if (isSetGatewayId()) { - if (!first) sb.append(", "); - sb.append("gatewayId:"); - if (this.gatewayId == null) { - sb.append("null"); - } else { - sb.append(this.gatewayId); - } - first = false; - } if (isSetClaimsMap()) { if (!first) sb.append(", "); sb.append("claimsMap:"); @@ -533,15 +452,7 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 2: // GATEWAY_ID - if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { - struct.gatewayId = iprot.readString(); - struct.setGatewayIdIsSet(true); - } else { - org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); - } - break; - case 3: // CLAIMS_MAP + case 2: // CLAIMS_MAP if (schemeField.type == org.apache.thrift.protocol.TType.MAP) { { org.apache.thrift.protocol.TMap _map0 = iprot.readMapBegin(); @@ -579,13 +490,6 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke oprot.writeString(struct.accessToken); oprot.writeFieldEnd(); } - if (struct.gatewayId != null) { - if (struct.isSetGatewayId()) { - oprot.writeFieldBegin(GATEWAY_ID_FIELD_DESC); - oprot.writeString(struct.gatewayId); - oprot.writeFieldEnd(); - } - } if (struct.claimsMap != null) { if (struct.isSetClaimsMap()) { oprot.writeFieldBegin(CLAIMS_MAP_FIELD_DESC); @@ -620,16 +524,10 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke TTupleProtocol oprot = (TTupleProtocol) prot; oprot.writeString(struct.accessToken); BitSet optionals = new BitSet(); - if (struct.isSetGatewayId()) { - optionals.set(0); - } if (struct.isSetClaimsMap()) { - optionals.set(1); - } - oprot.writeBitSet(optionals, 2); - if (struct.isSetGatewayId()) { - oprot.writeString(struct.gatewayId); + optionals.set(0); } + oprot.writeBitSet(optionals, 1); if (struct.isSetClaimsMap()) { { oprot.writeI32(struct.claimsMap.size()); @@ -647,12 +545,8 @@ public class AuthzToken implements org.apache.thrift.TBase<AuthzToken, AuthzToke TTupleProtocol iprot = (TTupleProtocol) prot; struct.accessToken = iprot.readString(); struct.setAccessTokenIsSet(true); - BitSet incoming = iprot.readBitSet(2); + BitSet incoming = iprot.readBitSet(1); if (incoming.get(0)) { - struct.gatewayId = iprot.readString(); - struct.setGatewayIdIsSet(true); - } - if (incoming.get(1)) { { org.apache.thrift.protocol.TMap _map6 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, iprot.readI32()); struct.claimsMap = new HashMap<String,String>(2*_map6.size); http://git-wip-us.apache.org/repos/asf/airavata/blob/988293e6/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java ---------------------------------------------------------------------- diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java index a15c257..b5fbd4b 100644 --- a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java +++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java @@ -59,6 +59,7 @@ public final class Constants { //Names of the attributes that could be passed in the AuthzToken's claims map. public static final String USER_NAME = "userName"; + public static final String GATEWAY_ID = "gatewayID"; public static final String EMAIL = "email"; public static final String ROLE = "role"; http://git-wip-us.apache.org/repos/asf/airavata/blob/988293e6/thrift-interface-descriptions/airavata-apis/security_model.thrift ---------------------------------------------------------------------- diff --git a/thrift-interface-descriptions/airavata-apis/security_model.thrift b/thrift-interface-descriptions/airavata-apis/security_model.thrift index 0104165..bda9554 100644 --- a/thrift-interface-descriptions/airavata-apis/security_model.thrift +++ b/thrift-interface-descriptions/airavata-apis/security_model.thrift @@ -31,6 +31,5 @@ namespace py apache.airavata.model.security struct AuthzToken { 1: required string accessToken, - 2: optional string gatewayId, - 3: optional map<string, string> claimsMap + 2: optional map<string, string> claimsMap } \ No newline at end of file
