change in cpi and serverHandler
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/28ab7a4f Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/28ab7a4f Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/28ab7a4f Branch: refs/heads/develop Commit: 28ab7a4f46bdefdd0a556aa13c0518e841533850 Parents: e0fbdeb Author: Anuj Bhandar <[email protected]> Authored: Thu Apr 27 14:49:09 2017 -0400 Committer: Anuj Bhandar <[email protected]> Committed: Thu Apr 27 14:49:09 2017 -0400 ---------------------------------------------------------------------- .../core/impl/TenantManagementKeycloakImpl.java | 7 ++-- .../handlers/IamAdminServicesHandler.java | 42 ++++++++++++++++++-- .../iam-admin-services-cpi.thrift | 11 +++-- 3 files changed, 50 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/28ab7a4f/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java index f688328..6cefd26 100644 --- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java +++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java @@ -33,12 +33,9 @@ import org.keycloak.admin.client.resource.UserResource; import org.keycloak.representations.idm.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - import javax.ws.rs.core.Response; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; -import java.util.Map; public class TenantManagementKeycloakImpl implements TenantManagementInterface { @@ -100,6 +97,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface { return realmDetails; } + @Override public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException{ try{ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); @@ -153,6 +151,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface { } } + @Override public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException{ try{ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); @@ -194,6 +193,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface { } } + @Override public boolean createUser(PasswordCredential realmAdminCreds, UserProfile userProfile, String newPassword) throws IamAdminServicesException{ try{ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), userProfile.getGatewayId(), realmAdminCreds); @@ -232,6 +232,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface { return false; } + @Override public boolean enableUserAccount(PasswordCredential realmAdminAccount, UserProfile userDetails) throws IamAdminServicesException{ try{ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), userDetails.getGatewayId(), realmAdminAccount); http://git-wip-us.apache.org/repos/asf/airavata/blob/28ab7a4f/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java index 311e831..8ac2364 100644 --- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java +++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java @@ -24,11 +24,14 @@ package org.apache.airavata.service.profile.handlers; import org.apache.airavata.model.credential.store.PasswordCredential; import org.apache.airavata.model.error.AuthorizationException; import org.apache.airavata.model.security.AuthzToken; +import org.apache.airavata.model.user.UserProfile; import org.apache.airavata.model.workspace.Gateway; import org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl; import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices; import org.apache.airavata.service.profile.iam.admin.services.cpi.iam_admin_services_cpiConstants; import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.apache.airavata.service.security.interceptor.SecurityCheck; +import org.apache.thrift.TException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -50,8 +53,8 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } @Override - public String setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException { - PasswordCredential isSuperAdminCredentials = new PasswordCredential(); + @SecurityCheck + public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway, PasswordCredential isSuperAdminCredentials) throws IamAdminServicesException, AuthorizationException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); try{ keycloakclient.addTenant(isSuperAdminCredentials,gateway); @@ -59,10 +62,41 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { logger.error("Admin account creation failed !!, please refer error logs for reason"); } Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials,gateway); - //return gatewayWithIdAndSecret; + return gatewayWithIdAndSecret; } catch (IamAdminServicesException ex){ logger.error("Gateway Setup Failed, reason: " + ex.getCause(), ex); + throw ex; + } + } + + //ToDo: Will only be secure when using SSL between PGA and Airavata + @Override + @SecurityCheck + public boolean registerUser(AuthzToken authzToken, UserProfile userDetails, PasswordCredential isRealmAdminCredentials, String newPassword) throws IamAdminServicesException, AuthorizationException { + TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); + try{ + if(keycloakclient.createUser(isRealmAdminCredentials,userDetails,newPassword)) + return true; + else + return false; + } catch (IamAdminServicesException ex){ + logger.error("Error while registering user into Identity Server, reason: " + ex.getCause(), ex); + throw ex; + } + } + + @Override + @SecurityCheck + public boolean enableUser(AuthzToken authzToken, UserProfile userDetails, PasswordCredential isRealmAdminCredentials) throws IamAdminServicesException, AuthorizationException { + TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); + try{ + if(keycloakclient.enableUserAccount(isRealmAdminCredentials,userDetails)) + return true; + else + return false; + } catch (IamAdminServicesException ex){ + logger.error("Error while enabling user account, reason: " + ex.getCause(), ex); + throw ex; } - return null; } } http://git-wip-us.apache.org/repos/asf/airavata/blob/28ab7a4f/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift ---------------------------------------------------------------------- diff --git a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift index e369ab1..320f4ce 100644 --- a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift +++ b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift @@ -27,6 +27,7 @@ include "../../../airavata-apis/airavata_errors.thrift" include "../../../airavata-apis/security_model.thrift" include "../../../data-models/experiment-catalog-models/workspace_model.thrift" include "../../../data-models/user-group-models/user_profile_model.thrift" +include "../../../data-models/credential-store-models/credential_store_data_models.thrift" include "iam_admin_services_cpi_errors.thrift" namespace java org.apache.airavata.service.profile.iam.admin.services.cpi @@ -41,17 +42,21 @@ service IamAdminServices { 2: airavata_errors.AuthorizationException ae) workspace_model.Gateway setUpGateway (1: required security_model.AuthzToken authzToken, - 2: required workspace_model.Gateway gateway) + 2: required workspace_model.Gateway gateway + 3: required credential_store_data_models.PasswordCredential isSuperAdminCredentials) throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse, 2: airavata_errors.AuthorizationException ae) bool registerUser(1: required security_model.AuthzToken authzToken, - 2: required user_profile_model.UserProfile userDetails) + 2: required user_profile_model.UserProfile userDetails + 3: required credential_store_data_models.PasswordCredential isRealmAdminCredentials + 4: required string newPassword) throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse, 2: airavata_errors.AuthorizationException ae) bool enableUser(1: required security_model.AuthzToken authzToken, - 2: required user_profile_model.UserProfile userDetails) + 2: required user_profile_model.UserProfile userDetails + 3: required credential_store_data_models.PasswordCredential isRealmAdminCredentials) throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse, 2: airavata_errors.AuthorizationException ae)
