http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/listener/AiravataExperimentStatusUpdator.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/listener/AiravataExperimentStatusUpdator.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/listener/AiravataExperimentStatusUpdator.java deleted file mode 100644 index 235dbfe..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/listener/AiravataExperimentStatusUpdator.java +++ /dev/null @@ -1,220 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * -*//* - -package org.apache.airavata.api.server.listener; - -import com.google.common.eventbus.Subscribe; -import org.apache.airavata.api.server.util.DataModelUtils; -import org.apache.airavata.common.exception.AiravataException; -import org.apache.airavata.common.utils.AiravataUtils; -import org.apache.airavata.common.utils.AiravataZKUtils; -import org.apache.airavata.common.utils.Constants; -import org.apache.airavata.common.utils.LocalEventPublisher; -import org.apache.airavata.common.utils.ServerSettings; -import org.apache.airavata.common.utils.listener.AbstractActivityListener; -import org.apache.airavata.messaging.core.MessageContext; -import org.apache.airavata.messaging.core.Publisher; -import org.apache.airavata.messaging.core.impl.RabbitMQTaskLaunchConsumer; -import org.apache.airavata.model.messaging.event.ExperimentStatusChangeEvent; -import org.apache.airavata.model.messaging.event.MessageType; -import org.apache.airavata.model.messaging.event.WorkflowNodeStatusChangeEvent; -import org.apache.airavata.model.util.ExecutionType; -import org.apache.airavata.model.experiment.ExperimentModel; -import org.apache.airavata.model.experiment.ExperimentModelState; -import org.apache.airavata.registry.cpi.ExperimentCatalog; -import org.apache.airavata.registry.cpi.ExperimentCatalogModelType; -import org.apache.curator.framework.CuratorFramework; -import org.apache.curator.utils.ZKPaths; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.File; -import java.util.Calendar; - -public class AiravataExperimentStatusUpdator implements AbstractActivityListener { - private final static Logger logger = LoggerFactory.getLogger(AiravataExperimentStatusUpdator.class); - private ExperimentCatalog airavataExperimentCatalog; - private LocalEventPublisher localEventPublisher; - private Publisher publisher; - private CuratorFramework curatorClient; - private RabbitMQTaskLaunchConsumer consumer; - - public ExperimentCatalog getAiravataExperimentCatalog() { - return airavataExperimentCatalog; - } - - public void setAiravataExperimentCatalog(ExperimentCatalog airavataExperimentCatalog) { - this.airavataExperimentCatalog = airavataExperimentCatalog; - } - - @Subscribe - public void setupExperimentStatus(WorkflowNodeStatusChangeEvent nodeStatus) throws Exception{ - try { - boolean updateExperimentStatus=true; - boolean clean= false; - ExecutionType executionType = DataModelUtils.getExecutionType((Experiment) airavataExperimentCatalog.get(ExperimentCatalogModelType.EXPERIMENT, nodeStatus.getWorkflowNodeIdentity().getExperimentId())); - String experimentNode = ServerSettings.getSetting(Constants.ZOOKEEPER_GFAC_EXPERIMENT_NODE, "/gfac-experiments"); - String experimentPath = experimentNode + File.separator + ServerSettings.getSetting(Constants.ZOOKEEPER_GFAC_SERVER_NAME) - + File.separator + nodeStatus.getWorkflowNodeIdentity().getExperimentId(); - ExperimentState state; - switch (nodeStatus.getState()) { - case CANCELED: - state = ExperimentState.CANCELED; updateExperimentStatus = true; - clean = true; - break; - case COMPLETED: - if(executionType.equals(ExecutionType.SINGLE_APP)){ - state = ExperimentState.COMPLETED; updateExperimentStatus = true; - }else{ - state = ExperimentState.EXECUTING; updateExperimentStatus = true; - } - clean = true; - break; - case INVOKED: - state = ExperimentState.EXECUTING; updateExperimentStatus = false; - break; - case FAILED: - state = ExperimentState.FAILED; updateExperimentStatus = true; - clean = true; - break; - case EXECUTING: - state = ExperimentState.EXECUTING; updateExperimentStatus = true; - break; - case CANCELING: - state = ExperimentState.CANCELING; updateExperimentStatus = true; - break; - default: - return; - } - if (!updateExperimentStatus){ - updateExperimentStatus=(executionType==ExecutionType.SINGLE_APP); - } - updateExperimentStatus(nodeStatus.getWorkflowNodeIdentity().getExperimentId(), state); - logger.debug("Publishing experiment status for " + nodeStatus.getWorkflowNodeIdentity().getExperimentId() + ":" + state.toString()); - ExperimentStatusChangeEvent event = new ExperimentStatusChangeEvent(state, - nodeStatus.getWorkflowNodeIdentity().getExperimentId(), - nodeStatus.getWorkflowNodeIdentity().getGatewayId()); - localEventPublisher.publish(event); - String messageId = AiravataUtils.getId("EXPERIMENT"); - MessageContext msgCntxt = new MessageContext(event, MessageType.EXPERIMENT, messageId, nodeStatus.getWorkflowNodeIdentity().getGatewayId()); - msgCntxt.setUpdatedTime(AiravataUtils.getCurrentTimestamp()); - publisher.publish(msgCntxt); - if (clean) { - cleanup(nodeStatus, experimentNode, experimentPath); - } - } catch (Exception e) { - logger.error("Error persisting data" + e.getLocalizedMessage(), e); - throw new Exception("Error persisting experiment status..", e); - } - } - - private void cleanup(WorkflowNodeStatusChangeEvent nodeStatus, String experimentNode, String experimentPath) throws Exception { - int count = 0; - long deliveryTag = AiravataZKUtils.getDeliveryTag(nodeStatus.getWorkflowNodeIdentity().getExperimentId(), curatorClient, - experimentNode, ServerSettings.getSetting(Constants.ZOOKEEPER_GFAC_SERVER_NAME)); - if(deliveryTag>0) { - if (ServerSettings.isGFacPassiveMode()) { - while (!consumer.isOpen() && count < 3) { - try { - consumer.reconnect(); - } catch (AiravataException e) { - count++; - } - } - try { - if (consumer.isOpen()) { - consumer.sendAck(deliveryTag); - } - } catch (Exception e) { - logger.error("Error sending the Ack ! If the worker pick this again airavata should gracefully handle !"); - } - } - } - if (curatorClient.checkExists().forPath(experimentPath + AiravataZKUtils.DELIVERY_TAG_POSTFIX) != null) { - ZKPaths.deleteChildren(curatorClient.getZookeeperClient().getZooKeeper(), - experimentPath + AiravataZKUtils.DELIVERY_TAG_POSTFIX, true); - } - - if (curatorClient.checkExists().forPath(experimentPath) != null) { - ZKPaths.deleteChildren(curatorClient.getZookeeperClient().getZooKeeper(), experimentPath, true); - } - - // ack cancel operation if exist - long cancelDT = AiravataZKUtils.getCancelDeliveryTagIfExist(nodeStatus.getWorkflowNodeIdentity().getExperimentId(), - curatorClient, experimentNode, ServerSettings.getSetting(Constants.ZOOKEEPER_GFAC_SERVER_NAME)); - count = 0; - if (cancelDT > 0) { - while (!consumer.isOpen() && count < 3) { - try { - consumer.reconnect(); - } catch (AiravataException e) { - count++; - } - } - try { - if (consumer.isOpen()) { - consumer.sendAck(cancelDT); - } - } catch (Exception e) { - logger.error("Error sending the Ack for cancel operation, cancel experiment path : " + experimentPath); - } - } - if (cancelDT > 0) { - ZKPaths.deleteChildren(curatorClient.getZookeeperClient().getZooKeeper(), - experimentPath + AiravataZKUtils.CANCEL_DELIVERY_TAG_POSTFIX, true); - } - } - - public ExperimentState updateExperimentStatus(String experimentId, ExperimentState state) throws Exception { - Experiment details = (Experiment) airavataExperimentCatalog.get(ExperimentCatalogModelType.EXPERIMENT, experimentId); - if(details == null) { - details = new Experiment(); - details.setExperimentID(experimentId); - } - org.apache.airavata.model.workspace.experiment.ExperimentStatus status = new org.apache.airavata.model.workspace.experiment.ExperimentStatus(); - status.setExperimentState(state); - status.setTimeOfStateChange(Calendar.getInstance().getTimeInMillis()); - status.setExperimentState(state); - details.setExperimentStatus(status); - logger.info("Updating the experiment status of experiment: " + experimentId + " to " + status.getExperimentState().toString()); - airavataExperimentCatalog.update(ExperimentCatalogModelType.EXPERIMENT_STATUS, status, experimentId); - return details.getExperimentStatus().getExperimentState(); - - } - - public void setup(Object... configurations) { - for (Object configuration : configurations) { - if (configuration instanceof ExperimentCatalog){ - this.airavataExperimentCatalog =(ExperimentCatalog)configuration; - } else if (configuration instanceof LocalEventPublisher){ - this.localEventPublisher =(LocalEventPublisher) configuration; - } else if (configuration instanceof Publisher){ - this.publisher=(Publisher) configuration; - }else if (configuration instanceof RabbitMQTaskLaunchConsumer) { - this.consumer = (RabbitMQTaskLaunchConsumer) configuration; - }else if (configuration instanceof CuratorFramework) { - this.curatorClient = (CuratorFramework) configuration; - } - - } - } -} -*/
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/listener/ExperimentStatusChangedEvent.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/listener/ExperimentStatusChangedEvent.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/listener/ExperimentStatusChangedEvent.java deleted file mode 100644 index aee709c..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/listener/ExperimentStatusChangedEvent.java +++ /dev/null @@ -1,64 +0,0 @@ -///* -// * -// * Licensed to the Apache Software Foundation (ASF) under one -// * or more contributor license agreements. See the NOTICE file -// * distributed with this work for additional information -// * regarding copyright ownership. The ASF licenses this file -// * to you under the Apache License, Version 2.0 (the -// * "License"); you may not use this file except in compliance -// * with the License. You may obtain a copy of the License at -// * -// * http://www.apache.org/licenses/LICENSE-2.0 -// * -// * Unless required by applicable law or agreed to in writing, -// * software distributed under the License is distributed on an -// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// * KIND, either express or implied. See the License for the -// * specific language governing permissions and limitations -// * under the License. -// * -//*/ -//package org.apache.airavata.api.server.listener; -// -//import org.apache.airavata.common.utils.listener.AbstractStateChangeRequest; -//import org.apache.airavata.gfac.core.monitor.ExperimentIdentity; -//import org.apache.airavata.model.experiment.ExperimentModelState; -// -///** -// * This is the primary job state object used in -// * through out the monitor module. This use airavata-data-model JobState enum -// * Ideally after processing each event or monitoring message from remote system -// * Each monitoring implementation has to return this object with a state and -// * the monitoring ID -// */ -//public class ExperimentStatusChangedEvent extends AbstractStateChangeRequest { -// private ExperimentState state; -// private ExperimentIdentity identity; -// -// // this constructor can be used in Qstat monitor to handle errors -// public ExperimentStatusChangedEvent() { -// } -// -// public ExperimentStatusChangedEvent(ExperimentIdentity experimentIdentity, ExperimentState state) { -// this.state = state; -// setIdentity(experimentIdentity); -// } -// -// public ExperimentState getState() { -// return state; -// } -// -// public void setState(ExperimentState state) { -// this.state = state; -// } -// -// public ExperimentIdentity getIdentity() { -// return identity; -// } -// -// public void setIdentity(ExperimentIdentity identity) { -// this.identity = identity; -// } -// -// -//} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java deleted file mode 100644 index 9245576..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security; - -import org.apache.airavata.model.security.AuthzToken; -import org.apache.airavata.security.AiravataSecurityException; - -import java.util.Map; - -public interface AiravataSecurityManager { - /** - * Implement this method in your SecurityManager to perform necessary initializations at the server startup. - * @throws AiravataSecurityException - */ - public void initializeSecurityInfra() throws AiravataSecurityException; - - /** - * Implement this method with the user authentication/authorization logic in your SecurityManager. - * @param authzToken : this includes OAuth token and user's claims - * @param metaData : this includes other meta data needed for security enforcements. - * @return - * @throws AiravataSecurityException - */ - public boolean isUserAuthorized(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException; -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java deleted file mode 100644 index 3dbab86..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java +++ /dev/null @@ -1,273 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security; - -import org.apache.airavata.api.server.security.authzcache.*; -import org.apache.airavata.api.server.security.oauth.DefaultOAuthClient; -import org.apache.airavata.api.server.security.xacml.DefaultPAPClient; -import org.apache.airavata.api.server.security.xacml.DefaultXACMLPEP; -import org.apache.airavata.common.exception.ApplicationSettingsException; -import org.apache.airavata.common.utils.Constants; -import org.apache.airavata.common.utils.ServerSettings; -import org.apache.airavata.credential.store.client.CredentialStoreClientFactory; -import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.datamodel.PasswordCredential; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile; -import org.apache.airavata.model.security.AuthzToken; -import org.apache.airavata.registry.api.RegistryService; -import org.apache.airavata.registry.api.client.RegistryServiceClientFactory; -import org.apache.airavata.registry.api.exception.RegistryServiceException; -import org.apache.airavata.security.AiravataSecurityException; -import org.apache.airavata.security.util.TrustStoreManager; -import org.apache.axis2.AxisFault; -import org.apache.axis2.context.ConfigurationContext; -import org.apache.axis2.context.ConfigurationContextFactory; -import org.apache.thrift.TException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO; - -import java.io.*; -import java.util.List; -import java.util.Map; - -/** - * This enforces authentication and authorization on Airavata API calls. - */ -public class DefaultAiravataSecurityManager implements AiravataSecurityManager { - private final static Logger logger = LoggerFactory.getLogger(DefaultAiravataSecurityManager.class); - - @Override - public void initializeSecurityInfra() throws AiravataSecurityException { - /* in the default security manager, this method checks if the xacml authorization policy is published, - * and if not, publish the policy to the PDP (of WSO2 Identity Server) - */ - try { - if (ServerSettings.isAPISecured()) { - ConfigurationContext configContext = - ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); - //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. - TrustStoreManager trustStoreManager = new TrustStoreManager(); - trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), - ServerSettings.getTrustStorePassword()); - List<GatewayResourceProfile> gwProfiles = getRegistryServiceClient().getAllGatewayResourceProfiles(); - //read the policy as a string - BufferedReader bufferedReader = new BufferedReader(new FileReader(new File( - ServerSettings.getAuthorizationPoliyName() + ".xml"))); - String line; - StringBuilder stringBuilder = new StringBuilder(); - while ((line = bufferedReader.readLine()) != null) { - stringBuilder.append(line); - } - String defaultXACMLPolicy = stringBuilder.toString(); - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); - - for(GatewayResourceProfile gwrp : gwProfiles){ - if(gwrp.getIdentityServerPwdCredToken() != null && gwrp.getIdentityServerTenant() != null){ - PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); - String username = credential.getLoginUserName(); - if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) - username = username + "@" + gwrp.getIdentityServerTenant(); - String password = credential.getPassword(); - DefaultPAPClient PAPClient = new DefaultPAPClient(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - boolean policyAdded = PAPClient.isPolicyAdded(ServerSettings.getAuthorizationPoliyName()); - if (policyAdded) { - logger.debug("Authorization policy is already added in the authorization server."); - } else { - //publish the policy and enable it in a separate thread - PAPClient.addPolicy(defaultXACMLPolicy); - logger.debug("Authorization policy is published in the authorization server."); - } - }else{ - logger.warn("Identity Server configuration missing for gateway : " + gwrp.getGatewayID()); - } - } - } - } catch (AxisFault axisFault) { - logger.error(axisFault.getMessage(), axisFault); - throw new AiravataSecurityException("Error in initializing the configuration context for creating the " + - "PAP client."); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in reading configuration when creating the PAP client."); - } catch (FileNotFoundException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in reading authorization policy."); - } catch (IOException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in reading the authorization policy."); - } catch (RegistryServiceException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in reading the Gateway Profiles from App Catalog."); - } catch (TException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in connecting to Credential Store Service."); - } - } - - public boolean isUserAuthorized(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException { - try { - String subject = authzToken.getClaimsMap().get(Constants.USER_NAME); - String accessToken = authzToken.getAccessToken(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - String action = metaData.get(Constants.API_METHOD_NAME); - - //if the authz cache is enabled, check in the cache if the authz decision is cached and if so, what the status is - if (ServerSettings.isAuthzCacheEnabled()) { - //obtain an instance of AuthzCacheManager implementation. - AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager(); - - //check in the cache - AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus( - new AuthzCacheIndex(subject, gatewayId, accessToken, action)); - - if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) { - logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); - return true; - } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) { - logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache."); - return false; - } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) { - logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is not in the cache. " + - "Obtaining it from the authorization server."); - - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); - GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId); - PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); - String username = credential.getLoginUserName(); - if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) - username = username + "@" + gwrp.getIdentityServerTenant(); - String password = credential.getPassword(); - - //talk to Authorization Server, obtain the decision, cache it and return the result. - ConfigurationContext configContext = - ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); - - //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. - TrustStoreManager trustStoreManager = new TrustStoreManager(); - trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), - ServerSettings.getTrustStorePassword()); - - DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken( - authzToken.getAccessToken()); - if(validationResponse.getValid()){ - String authorizedUserName = validationResponse.getAuthorizedUser(); - if(authorizedUserName.contains("@")){ - authorizedUserName = authorizedUserName.split("@")[0]; - } - if(subject.contains("@")){ - subject = subject.split("@")[0]; - } - //cannot impersonate users - if(!authorizedUserName.toLowerCase().equals(subject.toLowerCase())) - return false; - - long expiryTimestamp = validationResponse.getExpiryTime(); - - //check for fine grained authorization for the API invocation, based on XACML. - DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken, metaData); - - //cache the authorization decision - authzCacheManager.addToAuthzCache(new AuthzCacheIndex(subject, gatewayId, accessToken, action), - new AuthzCacheEntry(authorizationDecision, expiryTimestamp, System.currentTimeMillis())); - - return authorizationDecision; - }else { - return false; - } - - - } else { - //undefined status returned from the authz cache manager - throw new AiravataSecurityException("Error in reading from the authorization cache."); - } - } else { - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); - GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId); - PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); - String username = credential.getLoginUserName(); - if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty()) - username = username + "@" + gwrp.getIdentityServerTenant(); - String password = credential.getPassword(); - - //talk to Authorization Server, obtain the decision and return the result (authz cache is not enabled). - ConfigurationContext configContext = - ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); - - //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server. - TrustStoreManager trustStoreManager = new TrustStoreManager(); - trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), - ServerSettings.getTrustStorePassword()); - - DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken( - authzToken.getAccessToken()); - boolean isOAuthTokenValid = validationResponse.getValid(); - //if XACML based authorization is enabled, check for role based authorization for the API invocation - DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(), - username, password, configContext); - boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken, metaData); - - return (isOAuthTokenValid && authorizationDecision); - } - - } catch (AxisFault axisFault) { - logger.error(axisFault.getMessage(), axisFault); - throw new AiravataSecurityException("Error in initializing the configuration context for creating the OAuth validation client."); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in reading OAuth server configuration."); - } catch (RegistryServiceException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in accessing AppCatalog."); - } catch (TException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in connecting to Credential Store Service."); - } - } - - private CredentialStoreService.Client getCredentialStoreServiceClient() throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort()); - final String serverHost = ServerSettings.getCredentialStoreServerHost(); - try { - return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort); - } catch (CredentialStoreException e) { - throw new TException("Unable to create credential store client...", e); - } - } - - private RegistryService.Client getRegistryServiceClient() throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getRegistryServerPort()); - final String serverHost = ServerSettings.getRegistryServerHost(); - try { - return RegistryServiceClientFactory.createRegistryClient(serverHost, serverPort); - } catch (RegistryServiceException e) { - throw new TException("Unable to create registry client...", e); - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/IdentityContext.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/IdentityContext.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/IdentityContext.java deleted file mode 100644 index 24cc225..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/IdentityContext.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -package org.apache.airavata.api.server.security; - -import org.apache.airavata.model.security.AuthzToken; - -/** - * This provides a thread local container for AuthzToken through out the execution of a particular thread. - */ -public class IdentityContext { - private static ThreadLocal authzTokenContainer = new ThreadLocal(); - - public static void set(AuthzToken authzToken){ - authzTokenContainer.set(authzToken); - } - - public static void unset(){ - authzTokenContainer.remove(); - } - - public static AuthzToken get(){ - return (AuthzToken) authzTokenContainer.get(); - } - -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/Main.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/Main.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/Main.java deleted file mode 100644 index cfd59c7..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/Main.java +++ /dev/null @@ -1,179 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * -*/ -package org.apache.airavata.api.server.security; - -import org.apache.airavata.api.server.security.oauth.DefaultOAuthClient; -import org.apache.airavata.api.server.security.xacml.DefaultXACMLPEP; -import org.apache.airavata.common.utils.Constants; -import org.apache.airavata.model.error.AuthenticationException; -import org.apache.airavata.model.security.AuthzToken; -import org.apache.airavata.security.AiravataSecurityException; -import org.apache.axis2.AxisFault; -import org.apache.axis2.context.ConfigurationContext; -import org.apache.axis2.context.ConfigurationContextFactory; -import org.apache.oltu.oauth2.client.URLConnectionClient; -import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest; -import org.apache.oltu.oauth2.client.request.OAuthClientRequest; -import org.apache.oltu.oauth2.client.response.OAuthResourceResponse; -import org.apache.oltu.oauth2.common.OAuth; -import org.apache.oltu.oauth2.common.message.types.GrantType; -import org.codehaus.jackson.map.ObjectMapper; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO; - -import java.util.HashMap; -import java.util.Map; - -public class Main { - private final static Logger logger = LoggerFactory.getLogger(Main.class); - - private static String username = "scigap_admin"; - private static String password = "sci9067@min"; - private static String hostName = "https://idp.scigap.org:7443";; -// private static String clientId = "KUu0a74dFbrwvSxD3C_GhwKeNrQa"; - private static String clientId = "O3iUdkkVYyHgzWPiVTQpY_tb96Ma"; -// private static String clientSecret = "UTKb9nDOPsuWB4lEX39TwhkW8qIa"; - private static String clientSecret = "6Ck1jZoa2oRtrzodSqkUZ2iINkUa"; - - public static void main(String[] args) throws AuthenticationException, AiravataSecurityException, AxisFault { - String accessToken = authenticate("[email protected]", "master").getAccess_token(); - ConfigurationContext configContext = - ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); - DefaultOAuthClient defaultOAuthClient = new DefaultOAuthClient(hostName+"/services/",username,password, configContext); - OAuth2TokenValidationResponseDTO tokenValidationRequestDTO = defaultOAuthClient.validateAccessToken(accessToken); - String authorizedUser = tokenValidationRequestDTO.getAuthorizedUser(); - AuthzToken authzToken = new AuthzToken(); - authzToken.setAccessToken(accessToken); - Map<String, String> claimsMap = new HashMap<>(); - claimsMap.put(Constants.USER_NAME, "scigap_admin"); - claimsMap.put(Constants.API_METHOD_NAME, "/airavata/getAPIVersion"); - authzToken.setClaimsMap(claimsMap); - - DefaultXACMLPEP defaultXACMLPEP = new DefaultXACMLPEP(hostName+"/services/",username,password,configContext); - HashMap<String, String> metaDataMap = new HashMap(); - boolean result = defaultXACMLPEP.getAuthorizationDecision(authzToken, metaDataMap); - System.out.println(result); - } - - public static AuthResponse authenticate(String username,String password) throws AuthenticationException { - try { - OAuthClientRequest request = OAuthClientRequest.tokenLocation(hostName+"/oauth2/token"). - setClientId(clientId).setClientSecret(clientSecret). - setGrantType(GrantType.PASSWORD). - setRedirectURI(""). - setUsername(username). - setPassword(password). - setScope("openid"). - buildBodyMessage(); - - - URLConnectionClient ucc = new URLConnectionClient(); - - org.apache.oltu.oauth2.client.OAuthClient oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc); - OAuthResourceResponse resp = oAuthClient.resource(request, OAuth.HttpMethod.POST, OAuthResourceResponse.class); - - //converting JSON to object - ObjectMapper mapper = new ObjectMapper(); - AuthResponse authResponse; - try{ - authResponse = mapper.readValue(resp.getBody(), AuthResponse.class); - }catch (Exception e){ - return null; - } - - String accessToken = authResponse.getAccess_token(); - if(accessToken != null && !accessToken.isEmpty()){ - request = new OAuthBearerClientRequest(hostName + "/oauth2/userinfo?schema=openid"). - buildQueryMessage(); - ucc = new URLConnectionClient(); - request.setHeader("Authorization","Bearer "+accessToken); - oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc); - resp = oAuthClient.resource(request, OAuth.HttpMethod.GET, - OAuthResourceResponse.class); - Map<String,String> profile = mapper.readValue(resp.getBody(), Map.class); - return authResponse; - } - }catch (Exception ex){ - throw new AuthenticationException(ex.getMessage()); - } - return null; - } -} - -class AuthResponse{ - - private String token_type; - private int expires_in; - private String refresh_token; - private String access_token; - public String id_token; - private String scope; - - - public String getToken_type() { - return token_type; - } - - public void setToken_type(String token_type) { - this.token_type = token_type; - } - - public int getExpires_in() { - return expires_in; - } - - public void setExpires_in(int expires_in) { - this.expires_in = expires_in; - } - - public String getRefresh_token() { - return refresh_token; - } - - public void setRefresh_token(String refresh_token) { - this.refresh_token = refresh_token; - } - - public String getAccess_token() { - return access_token; - } - - public void setAccess_token(String access_token) { - this.access_token = access_token; - } - - public String getId_token() { - return id_token; - } - - public void setId_token(String id_token) { - this.id_token = id_token; - } - - public String getScope() { - return scope; - } - - public void setScope(String scope) { - this.scope = scope; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java deleted file mode 100644 index dc03b63..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security; - -import org.apache.airavata.common.exception.ApplicationSettingsException; -import org.apache.airavata.common.utils.ServerSettings; -import org.apache.airavata.security.AiravataSecurityException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * This initializes an instance of the appropriate security manager according to the - * configuration. - */ -public class SecurityManagerFactory { - private final static Logger logger = LoggerFactory.getLogger(SecurityManagerFactory.class); - - public static AiravataSecurityManager getSecurityManager() throws AiravataSecurityException { - try { - Class secManagerImpl = Class.forName(ServerSettings.getSecurityManagerClassName()); - AiravataSecurityManager securityManager = (AiravataSecurityManager) secManagerImpl.newInstance(); - return securityManager; - } catch (ClassNotFoundException e) { - String error = "Security Manager class could not be found."; - logger.error(e.getMessage(), e); - throw new AiravataSecurityException(error); - } catch (ApplicationSettingsException e) { - String error = "Error in reading the configuration related to Security Manager class."; - logger.error(e.getMessage(), e); - throw new AiravataSecurityException(error); - } catch (InstantiationException e) { - String error = "Error in instantiating the Security Manager class."; - logger.error(e.getMessage(), e); - throw new AiravataSecurityException(error); - } catch (IllegalAccessException e) { - String error = "Error in instantiating the Security Manager class."; - logger.error(e.getMessage(), e); - throw new AiravataSecurityException(error); - - } - } -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCache.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCache.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCache.java deleted file mode 100644 index 48d3f01..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCache.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.authzcache; - -import org.apache.airavata.common.exception.ApplicationSettingsException; -import org.apache.airavata.common.utils.ServerSettings; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.util.LinkedHashMap; -import java.util.Map; - -public class AuthzCache extends LinkedHashMap<AuthzCacheIndex, AuthzCacheEntry> { - - private static int MAX_SIZE; - private final static Logger logger = LoggerFactory.getLogger(AuthzCache.class); - - private static AuthzCache authzCache = null; - - public static AuthzCache getInstance() throws ApplicationSettingsException { - if (authzCache == null) { - synchronized (AuthzCache.class) { - if (authzCache == null) { - authzCache = new AuthzCache(ServerSettings.getCacheSize()); - } - } - } - return authzCache; - } - - private AuthzCache(int initialCapacity) { - super(initialCapacity); - MAX_SIZE = initialCapacity; - } - - @Override - protected boolean removeEldestEntry(Map.Entry<AuthzCacheIndex, AuthzCacheEntry> eldest) { - if (size() > MAX_SIZE) { - logger.info("Authz cache max size exceeded. Removing the old entries."); - } - return size() > MAX_SIZE; - } -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheEntry.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheEntry.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheEntry.java deleted file mode 100644 index 03ca229..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheEntry.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.authzcache; - -/** - * Cache entry in the default authorization cache. - */ -public class AuthzCacheEntry { - //authorization decision for the authorization request associated with this cache entry. - private boolean decision; - //time to live value for the access token in seconds. - private long expiryTime; - //time stamp in milli seconds at the time this entry is put into the cache - private long entryTimestamp; - - public AuthzCacheEntry(boolean decision, long expiryTime, long entryTimestamp) { - this.decision = decision; - this.expiryTime = expiryTime; - this.entryTimestamp = entryTimestamp; - } - - public long getEntryTimestamp() { - return entryTimestamp; - } - - public void setEntryTimestamp(long entryTimestamp) { - this.entryTimestamp = entryTimestamp; - } - - public long getExpiryTime() { - return expiryTime; - } - - public void setExpiryTime(long timestamp) { - this.expiryTime = timestamp; - } - - public boolean getDecision() { - return decision; - } - - public void setDecision(boolean decision) { - this.decision = decision; - } -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheIndex.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheIndex.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheIndex.java deleted file mode 100644 index f73a59e..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheIndex.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.authzcache; - -/** - * Cache index of the default authorization cache. - */ -public class AuthzCacheIndex { - - private String subject; - private String oauthAccessToken; - private String action; - private String gatewayId; - - public AuthzCacheIndex(String userName, String gatewayId, String accessToken, String actionString) { - this.subject = userName; - this.oauthAccessToken = accessToken; - this.action = actionString; - this.gatewayId = gatewayId; - } - - public String getSubject() { - return subject; - } - - public void setSubject(String subject) { - this.subject = subject; - } - - public String getAction() { - return action; - } - - public void setAction(String action) { - this.action = action; - } - - public String getOauthAccessToken() { - return oauthAccessToken; - } - - public void setOauthAccessToken(String oauthAccessToken) { - this.oauthAccessToken = oauthAccessToken; - } - - public String getGatewayId() { - return gatewayId; - } - - public void setGatewayId(String gatewayId) { - this.gatewayId = gatewayId; - } - - /*Equals and hash code methods are overridden since this is being used as an index of a map and that containsKey method - * should return true if the values of two index objects are equal.*/ - @Override - public boolean equals(Object other) { - if (other == null || other.getClass() != getClass()) { - return false; - } - return ((this.getSubject().equals(((AuthzCacheIndex) other).getSubject())) - && (this.getGatewayId().equals(((AuthzCacheIndex) other).getGatewayId())) - && (this.getOauthAccessToken().equals(((AuthzCacheIndex) other).getOauthAccessToken())) - && (this.getAction().equals(((AuthzCacheIndex) other).getAction()))); - } - - @Override - public int hashCode() { - return this.getSubject().hashCode() + this.getOauthAccessToken().hashCode() + this.getGatewayId().hashCode() - + this.getAction().hashCode(); - } -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheManager.java deleted file mode 100644 index 48cfb03..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheManager.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.authzcache; - -import org.apache.airavata.security.AiravataSecurityException; - -/** - * This is the interface through which security manager accesses the underlying caching implementation - * See the DefaultAuthzCacheManager.java for an example implementation of this interface. - */ -public interface AuthzCacheManager { - /** - * Returns the status of the cache w.r.t the given authorization request which is encapsulated in - * the AuthzCacheIndex. - * - * @param authzCacheIndex - * @return - */ - public AuthzCachedStatus getAuthzCachedStatus(AuthzCacheIndex authzCacheIndex) throws AiravataSecurityException; - - /** - * Add to cache the authorization decision pertaining to a given authorization request. - * - * @param authzCacheIndex - * @param authzCacheEntry - * @throws AiravataSecurityException - */ - public void addToAuthzCache(AuthzCacheIndex authzCacheIndex, AuthzCacheEntry authzCacheEntry) throws AiravataSecurityException; - - /** - * Check if a valid decision is cached for a given authorization request. - * - * @param authzCacheIndex - * @return - */ - public boolean isAuthzDecisionCached(AuthzCacheIndex authzCacheIndex) throws AiravataSecurityException; - - /** - * Returns the AuthzCacheEntry for a given authorization request. - * - * @param authzCacheIndex - * @return - * @throws AiravataSecurityException - */ - public AuthzCacheEntry getAuthzCacheEntry(AuthzCacheIndex authzCacheIndex) throws AiravataSecurityException; - - /** - * Removes the authorization cache entry for a given authorization request. - * - * @param authzCacheIndex - * @throws AiravataSecurityException - */ - public void removeAuthzCacheEntry(AuthzCacheIndex authzCacheIndex) throws AiravataSecurityException; - - /** - * Clear the authorization cache. - * - * @return - */ - public void clearCache() throws AiravataSecurityException; - -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheManagerFactory.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheManagerFactory.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheManagerFactory.java deleted file mode 100644 index b555122..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCacheManagerFactory.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.authzcache; - -import org.apache.airavata.api.server.security.AiravataSecurityManager; -import org.apache.airavata.common.exception.ApplicationSettingsException; -import org.apache.airavata.common.utils.ServerSettings; -import org.apache.airavata.security.AiravataSecurityException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -/** - * This initializes the AuthzCacheManager implementation to be used as defined by the configuration. - */ -public class AuthzCacheManagerFactory { - private final static Logger logger = LoggerFactory.getLogger(AuthzCacheManagerFactory.class); - - public static AuthzCacheManager getAuthzCacheManager() throws AiravataSecurityException { - try { - Class authzCacheManagerImpl = Class.forName(ServerSettings.getAuthzCacheManagerClassName()); - AuthzCacheManager authzCacheManager = (AuthzCacheManager) authzCacheManagerImpl.newInstance(); - return authzCacheManager; - } catch (ClassNotFoundException e) { - String error = "Authorization Cache Manager class could not be found."; - logger.error(e.getMessage(), e); - throw new AiravataSecurityException(error); - } catch (ApplicationSettingsException e) { - String error = "Error in reading the configuration related to Authorization Cache Manager class."; - logger.error(e.getMessage(), e); - throw new AiravataSecurityException(error); - } catch (InstantiationException e) { - String error = "Error in instantiating the Authorization Cache Manager class."; - logger.error(e.getMessage(), e); - throw new AiravataSecurityException(error); - } catch (IllegalAccessException e) { - String error = "Error in instantiating the Authorization Cache Manager class."; - logger.error(e.getMessage(), e); - throw new AiravataSecurityException(error); - - } - } - -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCachedStatus.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCachedStatus.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCachedStatus.java deleted file mode 100644 index e166265..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/AuthzCachedStatus.java +++ /dev/null @@ -1,34 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.authzcache; - -/** - * This enum defines the status of the authorization cache returned by the authorization cache manager - * when an authorization status is checked against an authorization request. - */ -public enum AuthzCachedStatus { - /*Authorization decision is cached for the given authrization request and the decision authorizes the request.*/ - AUTHORIZED, - /*Authorization decision is cached for the given authorization request and the decision denies authorization.*/ - NOT_AUTHORIZED, - /*Authorization decision is not either cached or the cached entry is invalid such that re-authorization is needed.*/ - NOT_CACHED -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/DefaultAuthzCacheManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/DefaultAuthzCacheManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/DefaultAuthzCacheManager.java deleted file mode 100644 index 4c8276f..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/authzcache/DefaultAuthzCacheManager.java +++ /dev/null @@ -1,106 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.authzcache; - -import org.apache.airavata.common.exception.ApplicationSettingsException; -import org.apache.airavata.security.AiravataSecurityException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class DefaultAuthzCacheManager implements AuthzCacheManager { - - private final static Logger logger = LoggerFactory.getLogger(DefaultAuthzCacheManager.class); - - @Override - public AuthzCachedStatus getAuthzCachedStatus(AuthzCacheIndex authzCacheIndex) throws AiravataSecurityException { - if (isAuthzDecisionCached(authzCacheIndex)) { - AuthzCacheEntry cacheEntry = getAuthzCacheEntry(authzCacheIndex); - long expiryTime = cacheEntry.getExpiryTime(); - long currentTime = System.currentTimeMillis(); - long timePassed = (currentTime - cacheEntry.getEntryTimestamp()) / 1000; - if (expiryTime > timePassed) { - //access token is still valid. Hence, return the cached decision - if (cacheEntry.getDecision()) { - return AuthzCachedStatus.AUTHORIZED; - } else { - return AuthzCachedStatus.NOT_AUTHORIZED; - } - } else { - //access token has been expired. Hence, remove the entry and return. - removeAuthzCacheEntry(authzCacheIndex); - return AuthzCachedStatus.NOT_CACHED; - } - } else { - return AuthzCachedStatus.NOT_CACHED; - } - } - - @Override - public void addToAuthzCache(AuthzCacheIndex authzCacheIndex, AuthzCacheEntry authzCacheEntry) throws AiravataSecurityException { - try { - AuthzCache.getInstance().put(authzCacheIndex, authzCacheEntry); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in obtaining the authorization cache instance."); - } - } - - @Override - public boolean isAuthzDecisionCached(AuthzCacheIndex authzCacheIndex) throws AiravataSecurityException { - try { - return AuthzCache.getInstance().containsKey(authzCacheIndex); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in obtaining the authorization cache instance."); - } - } - - @Override - public AuthzCacheEntry getAuthzCacheEntry(AuthzCacheIndex authzCacheIndex) throws AiravataSecurityException { - try { - return AuthzCache.getInstance().get(authzCacheIndex); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in obtaining the authorization cache instance."); - } - } - - @Override - public void removeAuthzCacheEntry(AuthzCacheIndex authzCacheIndex) throws AiravataSecurityException { - try { - AuthzCache.getInstance().remove(authzCacheIndex); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in obtaining the authorization cache instance."); - } - } - - @Override - public void clearCache() throws AiravataSecurityException { - try { - AuthzCache.getInstance().clear(); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in obtaining the authorization cache instance."); - - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityCheck.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityCheck.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityCheck.java deleted file mode 100644 index d4b4952..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityCheck.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.interceptor; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; -import com.google.inject.BindingAnnotation; - -/** - * This is just the definition of the annotation used to mark the API methods to be intercepted. - */ -@Retention(RetentionPolicy.RUNTIME) -@Target({ElementType.METHOD}) -@BindingAnnotation -public @interface SecurityCheck { -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityInterceptor.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityInterceptor.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityInterceptor.java deleted file mode 100644 index 1b4f0ad..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityInterceptor.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.interceptor; - -import org.aopalliance.intercept.MethodInterceptor; -import org.aopalliance.intercept.MethodInvocation; -import org.apache.airavata.api.server.security.AiravataSecurityManager; -import org.apache.airavata.api.server.security.IdentityContext; -import org.apache.airavata.api.server.security.SecurityManagerFactory; -import org.apache.airavata.common.exception.ApplicationSettingsException; -import org.apache.airavata.common.utils.Constants; -import org.apache.airavata.common.utils.ServerSettings; -import org.apache.airavata.model.error.AuthorizationException; -import org.apache.airavata.model.security.AuthzToken; -import org.apache.airavata.security.AiravataSecurityException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.util.HashMap; -import java.util.Map; - -/** - * Interceptor of Airavata API calls for the purpose of applying security. - */ -public class SecurityInterceptor implements MethodInterceptor { - private final static Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class); - - @Override - public Object invoke(MethodInvocation invocation) throws Throwable { - //obtain the authz token from the input parameters - AuthzToken authzToken = (AuthzToken) invocation.getArguments()[0]; - //authorize the API call - HashMap<String, String> metaDataMap = new HashMap(); - metaDataMap.put(Constants.API_METHOD_NAME, invocation.getMethod().getName()); - authorize(authzToken, metaDataMap); - //set the user identity info in a thread local to be used in downstream execution. - IdentityContext.set(authzToken); - //let the method call procees upon successful authorization - Object returnObj = invocation.proceed(); - //clean the identity context before the method call returns - IdentityContext.unset(); - return returnObj; - } - - private void authorize(AuthzToken authzToken, Map<String, String> metaData) throws AuthorizationException { - try { - boolean isAPISecured = ServerSettings.isAPISecured(); - if (isAPISecured) { - AiravataSecurityManager securityManager = SecurityManagerFactory.getSecurityManager(); - boolean isAuthz = securityManager.isUserAuthorized(authzToken, metaData); - if (!isAuthz) { - throw new AuthorizationException("User is not authenticated or authorized."); - } - } - } catch (AiravataSecurityException e) { - logger.error(e.getMessage(), e); - throw new AuthorizationException("Error in authenticating or authorizing user."); - } catch (ApplicationSettingsException e) { - logger.error(e.getMessage(), e); - throw new AuthorizationException("Internal error in authenticating or authorizing user."); - } - } -} - - http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityModule.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityModule.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityModule.java deleted file mode 100644 index 92ca167..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/interceptor/SecurityModule.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.interceptor; - -import com.google.inject.AbstractModule; -import com.google.inject.matcher.Matchers; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * This does the plumbing work of integrating the interceptor with Guice framework for the methods to be - * intercepted upon their invocation. - */ -public class SecurityModule extends AbstractModule { - private final static Logger logger = LoggerFactory.getLogger(SecurityModule.class); - - public void configure(){ - logger.info("Security module reached..."); - SecurityInterceptor interceptor = new SecurityInterceptor(); - //requestInjection(interceptor); - - bindInterceptor(Matchers.any(), Matchers.annotatedWith(SecurityCheck.class), interceptor); - } - -} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/oauth/DefaultOAuthClient.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/oauth/DefaultOAuthClient.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/oauth/DefaultOAuthClient.java deleted file mode 100644 index 0c8d0e3..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/oauth/DefaultOAuthClient.java +++ /dev/null @@ -1,91 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.api.server.security.oauth; - -import org.apache.airavata.security.AiravataSecurityException; -import org.apache.axis2.AxisFault; -import org.apache.axis2.context.ConfigurationContext; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub; -import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO; -import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken; -import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO; -import org.wso2.carbon.utils.CarbonUtils; - -import java.rmi.RemoteException; - -/** - * This is the default OAuth Client that talks to WSO2 IS's OAuth Authentication Server - * to get the OAuth token validated. - */ -public class DefaultOAuthClient { - - private OAuth2TokenValidationServiceStub stub; - private final static Logger logger = LoggerFactory.getLogger(DefaultOAuthClient.class); - public static final String BEARER_TOKEN_TYPE = "bearer"; - - /** - * OAuth2TokenValidationService Admin Service Client - * - * @param auhorizationServerURL - * @param username - * @param password - * @param configCtx - * @throws Exception - */ - public DefaultOAuthClient(String auhorizationServerURL, String username, String password, - ConfigurationContext configCtx) throws AiravataSecurityException { - try { - String serviceURL = auhorizationServerURL + "OAuth2TokenValidationService"; - stub = new OAuth2TokenValidationServiceStub(configCtx, serviceURL); - CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, stub._getServiceClient()); - } catch (AxisFault e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error initializing OAuth client."); - } - } - - /** - * Validates the OAuth 2.0 access token - * - * @param accessToken - * @return - * @throws Exception - */ - public OAuth2TokenValidationResponseDTO validateAccessToken(String accessToken) - throws AiravataSecurityException { - - try { - OAuth2TokenValidationRequestDTO oauthReq = new OAuth2TokenValidationRequestDTO(); - OAuth2TokenValidationRequestDTO_OAuth2AccessToken token = - new OAuth2TokenValidationRequestDTO_OAuth2AccessToken(); - token.setIdentifier(accessToken); - token.setTokenType(BEARER_TOKEN_TYPE); - oauthReq.setAccessToken(token); - return stub.validate(oauthReq); - } catch (RemoteException e) { - logger.error(e.getMessage(), e); - throw new AiravataSecurityException("Error in validating the OAuth access token."); - } - } - -}
