http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultPAPClient.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultPAPClient.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultPAPClient.java deleted file mode 100644 index 110d4d3..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultPAPClient.java +++ /dev/null @@ -1,125 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.xacml; - -import org.apache.airavata.common.exception.ApplicationSettingsException; -import org.apache.airavata.common.utils.ServerSettings; -import org.apache.airavata.security.AiravataSecurityException; -import org.apache.axis2.AxisFault; -import org.apache.axis2.context.ConfigurationContext; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceStub; -import org.wso2.carbon.identity.entitlement.stub.dto.PaginatedStatusHolder; -import org.wso2.carbon.identity.entitlement.stub.dto.PolicyDTO; -import org.wso2.carbon.identity.entitlement.stub.dto.StatusHolder; -import org.wso2.carbon.identity.entitlement.common.EntitlementConstants; -import org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceEntitlementException; -import org.wso2.carbon.utils.CarbonUtils; - -import java.rmi.RemoteException; - -/** - * This publishes the airavata-default-xacml-policy.xml to the PDP via PAP API (of WSO2 Identity Server) - */ -public class DefaultPAPClient { - - private final static Logger logger = LoggerFactory.getLogger(DefaultPAPClient.class); - private EntitlementPolicyAdminServiceStub entitlementPolicyAdminServiceStub; - - public DefaultPAPClient(String auhorizationServerURL, String username, String password, - ConfigurationContext configCtx) throws AiravataSecurityException { - try { - - String PDPURL = auhorizationServerURL + "EntitlementPolicyAdminService"; - entitlementPolicyAdminServiceStub = new EntitlementPolicyAdminServiceStub(configCtx, PDPURL); - CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, - entitlementPolicyAdminServiceStub._getServiceClient()); - } catch (AxisFault e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error initializing XACML PEP client."); - } - - } - - public boolean isPolicyAdded(String policyName) { - try { - PolicyDTO policyDTO = entitlementPolicyAdminServiceStub.getPolicy(policyName, false); - } catch (RemoteException e) { - logger.debug("Error in retrieving the policy.", e); - return false; - } catch (EntitlementPolicyAdminServiceEntitlementException e) { - logger.debug("Error in retrieving the policy.", e); - return false; - } - return true; - } - - public void addPolicy(String policy) throws AiravataSecurityException { - new Thread() { - public void run() { - try { - PolicyDTO policyDTO = new PolicyDTO(); - policyDTO.setPolicy(policy); - entitlementPolicyAdminServiceStub.addPolicy(policyDTO); - entitlementPolicyAdminServiceStub.publishToPDP(new String[]{ServerSettings.getAuthorizationPoliyName()}, - EntitlementConstants.PolicyPublish.ACTION_CREATE, null, false, 0); - - //Since policy publishing happens asynchronously, we need to retrieve the status and verify. - Thread.sleep(2000); - PaginatedStatusHolder paginatedStatusHolder = entitlementPolicyAdminServiceStub. - getStatusData(EntitlementConstants.Status.ABOUT_POLICY, ServerSettings.getAuthorizationPoliyName(), - EntitlementConstants.StatusTypes.PUBLISH_POLICY, "*", 1); - StatusHolder statusHolder = paginatedStatusHolder.getStatusHolders()[0]; - if (statusHolder.getSuccess() && EntitlementConstants.PolicyPublish.ACTION_CREATE.equals(statusHolder.getTargetAction())) { - logger.info("Authorization policy is published successfully."); - } else { - throw new AiravataSecurityException("Failed to publish the authorization policy."); - } - - //enable the published policy - entitlementPolicyAdminServiceStub.enableDisablePolicy(ServerSettings.getAuthorizationPoliyName(), true); - //Since policy enabling happens asynchronously, we need to retrieve the status and verify. - Thread.sleep(2000); - paginatedStatusHolder = entitlementPolicyAdminServiceStub. - getStatusData(EntitlementConstants.Status.ABOUT_POLICY, ServerSettings.getAuthorizationPoliyName(), - EntitlementConstants.StatusTypes.PUBLISH_POLICY, "*", 1); - statusHolder = paginatedStatusHolder.getStatusHolders()[0]; - if (statusHolder.getSuccess() && EntitlementConstants.PolicyPublish.ACTION_ENABLE.equals(statusHolder.getTargetAction())) { - logger.info("Authorization policy is enabled successfully."); - } else { - throw new AiravataSecurityException("Failed to enable the authorization policy."); - } - } catch (RemoteException e) { - logger.error(e.getMessage(), e); - } catch (InterruptedException e) { - logger.error(e.getMessage(), e); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - } catch (AiravataSecurityException e) { - logger.error(e.getMessage(), e); - } catch (EntitlementPolicyAdminServiceEntitlementException e) { - logger.error(e.getMessage(), e); - } - } - }.start(); - } -}
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java deleted file mode 100644 index 8852dca..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.java +++ /dev/null @@ -1,133 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.xacml; - -import org.apache.airavata.common.utils.Constants; -import org.apache.airavata.model.security.AuthzToken; -import org.apache.airavata.security.AiravataSecurityException; -import org.apache.axis2.AxisFault; -import org.apache.axis2.context.ConfigurationContext; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.w3c.dom.Document; -import org.w3c.dom.Node; -import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceException; -import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub; -import org.wso2.carbon.utils.CarbonUtils; -import org.xml.sax.SAXException; - -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.UnsupportedEncodingException; -import java.rmi.RemoteException; -import java.util.Map; - -/** - * This enforces XACML based fine grained authorization on the API calls, by authorizing the API calls - * through default PDP which is WSO2 Identity Server. - */ -public class DefaultXACMLPEP { - - private final static Logger logger = LoggerFactory.getLogger(DefaultXACMLPEP.class); - private EntitlementServiceStub entitlementServiceStub; - - public DefaultXACMLPEP(String auhorizationServerURL, String username, String password, - ConfigurationContext configCtx) throws AiravataSecurityException { - try { - - String PDPURL = auhorizationServerURL + "EntitlementService"; - entitlementServiceStub = new EntitlementServiceStub(configCtx, PDPURL); - CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, entitlementServiceStub._getServiceClient()); - } catch (AxisFault e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error initializing XACML PEP client."); - } - - } - - /** - * Send the XACML authorization request to XAML PDP and return the authorization decision. - * - * @param authzToken - * @param metaData - * @return - */ - public boolean getAuthorizationDecision(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException { - String decision; - try { - String subject = authzToken.getClaimsMap().get(Constants.USER_NAME); - //FIXME hacky way to fix OpenID -> CILogon issue in WSO2 IS - if(subject.startsWith("http://";)){ - subject = subject.substring(6); - } - String action = "/airavata/" + metaData.get(Constants.API_METHOD_NAME); - String decisionString = entitlementServiceStub.getDecisionByAttributes(subject, null, action, null); - //parse the XML decision string and obtain the decision - decision = parseDecisionString(decisionString); - if (Constants.PERMIT.equals(decision)) { - return true; - } else { - logger.error("Authorization decision is: " + decision); - return false; - } - } catch (RemoteException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in authorizing the user."); - } catch (EntitlementServiceException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in authorizing the user."); - } - } - - /** - * This parses the XML based authorization response by the PDP and returns the decision string. - * - * @param decisionString - * @return - * @throws AiravataSecurityException - */ - private String parseDecisionString(String decisionString) throws AiravataSecurityException { - try { - DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); - InputStream inputStream = new ByteArrayInputStream(decisionString.getBytes("UTF-8")); - Document doc = docBuilderFactory.newDocumentBuilder().parse(inputStream); - Node resultNode = doc.getDocumentElement().getFirstChild(); - Node decisionNode = resultNode.getFirstChild(); - String decision = decisionNode.getTextContent(); - return decision; - } catch (ParserConfigurationException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in parsing XACML authorization response."); - } catch (UnsupportedEncodingException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in parsing XACML authorization response."); - } catch (SAXException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in parsing XACML authorization response."); - } catch (IOException e) { - logger.error("Error in parsing XACML authorization response."); - throw new AiravataSecurityException("Error in parsing XACML authorization response."); - } - } -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/util/Constants.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/util/Constants.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/util/Constants.java deleted file mode 100644 index 22e27f2..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/util/Constants.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -package org.apache.airavata.api.server.util; - -public class Constants { - public static final String API_SERVER_PORT = "apiserver.port"; - public static final String API_SERVER_HOST = "apiserver.host"; - public static final String API_SERVER_NAME = "apiserver.name"; - public static final String WORKFLOW_SERVER_PORT = "workflow.server.port"; - public static final String WORKFLOW_SERVER_HOST = "workflow.server.host"; - public static final String API_SERVER_MIN_THREADS = "apiserver.server.min.threads"; -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-stubs/pom.xml ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-stubs/pom.xml b/airavata-api/airavata-api-stubs/pom.xml deleted file mode 100644 index 0e23ec3..0000000 --- a/airavata-api/airavata-api-stubs/pom.xml +++ /dev/null @@ -1,76 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<!--Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file - distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under - the Apache License, Version 2.0 (theà "License"); you may not use this file except in compliance with the License. You may - obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to - in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF - ANY ~ KIND, either express or implied. See the License for the specific language governing permissions and limitations under - the License. --> - -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> - - <modelVersion>4.0.0</modelVersion> - - <parent> - <artifactId>airavata-api</artifactId> - <groupId>org.apache.airavata</groupId> - <version>0.17-SNAPSHOT</version> - <relativePath>../pom.xml</relativePath> - </parent> - - <name>Airavata Generated Stubs Skeltons</name> - <artifactId>airavata-api-stubs</artifactId> - <packaging>jar</packaging> - <url>http://airavata.apache.org/</url> - - <dependencies> - <dependency> - <groupId>org.apache.airavata</groupId> - <artifactId>airavata-data-models</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>org.apache.airavata</groupId> - <artifactId>airavata-credential-store-stubs</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>org.apache.thrift</groupId> - <artifactId>libthrift</artifactId> - <version>${thrift.version}</version> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - <version>${org.slf4j.version}</version> - </dependency> - - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>com.google.code.maven-replacer-plugin</groupId> - <artifactId>replacer</artifactId> - <version>${maven.replacer.plugin.version}</version> - <executions> - <execution> - <phase>generate-sources</phase> - <goals> - <goal>replace</goal> - </goals> - </execution> - </executions> - <configuration> - <includes> - <include>${basedir}/src/main/java/org/apache/airavata/**/*.java</include> - </includes> - <token>, date = ".*"</token> - <value> </value> - </configuration> - </plugin> - </plugins> - </build> - -</project>
