gCubeSystem
/
aslcore
16
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Featherweight compatible now. 

Need to integrate the new security model.

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/application-support-layer/applicationSupportLayerCore@82407 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
nikolas.laskaris 2013-10-03 16:29:27 +00:00
parent 702ea6bfbb
commit 356434d02e
11 changed files with 207 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
pom.xml
View File

@ -37,11 +37,14 @@
<artifactId>iscache</artifactId>
<version>[1.2.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
<!--
<dependency>
<groupId>org.gcube.dvos</groupId>
<artifactId>voms-admin-stubs</artifactId>
<version>[2.0.0-SNAPSHOT,3.0.0-SNAPSHOT)</version>
</dependency>
-->
<dependency>
<groupId>org.gcube.dvos</groupId>
<artifactId>usermanagement-stub</artifactId>
@ -52,16 +55,25 @@
<artifactId>ehcache-core</artifactId>
<version>2.5.1</version>
</dependency>
<!--
<dependency>
<groupId>org.gcube.dvos</groupId>
<artifactId>voms-api</artifactId>
<version>[3.1.0-SNAPSHOT, 4.0.0)</version>
</dependency>
<dependency>
<groupId>org.gcube.distribution</groupId>
<artifactId>ghn-core-runtime</artifactId>
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
-->
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.xml.rpc</artifactId>
<version>3.1.1</version>
</dependency>
<dependency>
<groupId>org.gcube.personalisation</groupId>
<artifactId>profileadministration-client-library</artifactId>
@ -97,11 +109,18 @@
<version>1.6.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>xerces</groupId>
<artifactId>xerces</artifactId>
<version>2.4.0</version>
</dependency>
<!--
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jdk14</artifactId>
<version>1.6.1</version>
</dependency>
-->
<dependency>
<groupId>backport-util-concurrent</groupId>
<artifactId>backport-util-concurrent</artifactId>
@ -160,6 +179,21 @@
<artifactId>kxml2</artifactId>
<version>2.3.0</version>
</dependency>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.1</version>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>net.sourceforge.addressing</groupId>
<artifactId>addressing</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>

2
src/main/java/org/gcube/application/framework/core/cache/CachesManager.java vendored
View File

@ -39,8 +39,6 @@ public class CachesManager {
*/
protected CachesManager() {
manager = CacheManager.create(CachesManager.class.getResource("/ehcache.xml"));
caches = new HashMap<String, Ehcache>();

24
src/main/java/org/gcube/application/framework/core/cache/RIsManager.java vendored
View File

@ -36,7 +36,7 @@ public class RIsManager {
// protected HashMap<String, ISCache> isCaches;
protected HashMap<String, Cache> caches; //(scope,iccache) pairs
protected HashMap<String, ISCache> caches; //(scope,iccache) pairs
/** Object logger. */
@ -46,7 +46,7 @@ public class RIsManager {
* Initializes RIsManager
*/
private RIsManager() {
caches = new HashMap<String, Cache>();
caches = new HashMap<String, ISCache>();
}
/**
@ -60,19 +60,21 @@ public class RIsManager {
}
// TODO: UNCOMMENT AND FIX THIS FUNCTION TO COMPLY WITH THE FeatherWeight Stack
/**
* @param scope the GGUBEScope for which the RIs are requested
* @return the ISCache for this specific scope
*/
// public synchronized Cache getISCache(String scope)
// {
// ISCache info = caches.get(scope);
public synchronized ISCache getISCache(String scope)
{
ISCache info = caches.get(scope);
// TODO: UNCOMMENT when ISCache is FeatherWeight Stack compatible
// if(info == null)
// {
// // If the ISCache in not already created, then it creates a new instance and adds it to the HashMap
// try {
// CacheManager.addManager(scope);
// ISCacheManager.addManager(scope);
// info = ISCacheManager.getCacheManager(scope).getManager(scope).getCache();
// caches.put(scope, info);
// try {
@ -84,7 +86,11 @@ public class RIsManager {
// logger.error("", e);
// }
// }
// return info;
// }
logger.debug("RI in cache is probably null");
logger.info("RI in cache is probably null");
return info;
}
}

190
src/main/java/org/gcube/application/framework/core/cache/factories/ApplicationCredentials.java vendored
View File

@ -8,106 +8,112 @@ import org.gcube.application.framework.core.util.UserCredential;
//import org.gcube.common.core.scope.GCUBEScope;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.gcube.vomanagement.vomsapi.VOMSAdmin;
import org.gcube.vomanagement.vomsapi.impl.VOMSAPIFactory;
import org.gcube.vomanagement.vomsapi.util.VOMSAttributesReader;
import org.glite.wsdl.services.org_glite_security_voms.User;
import org.gridforum.jgss.ExtendedGSSCredential;
//import org.gcube.vomanagement.vomsapi.VOMSAdmin;
//import org.gcube.vomanagement.vomsapi.impl.VOMSAPIFactory;
//import org.gcube.vomanagement.vomsapi.util.VOMSAttributesReader;
//import org.glite.wsdl.services.org_glite_security_voms.User;
//import org.gridforum.jgss.ExtendedGSSCredential;
/**
*
* This class is used for retrieving and updating the portal credential that is needed by the caches in order to retrieve information form gCube services
* IT'S FOR THE MOMENT DISABLED... IT WILL INTEGRATE THE NEW SECURITY MODEL, WHEN IT'S COMPLETED.
* @author Valia Tsagkalidou (NKUA)
*
*/
public class ApplicationCredentials {
private static ApplicationCredentials applCredentials = new ApplicationCredentials();
private HashMap<String, ExtendedGSSCredential> creds;
protected static String userDN = "/O=Grid/OU=GlobusTest/OU=simpleCA-gauss.eng.it/OU=eng.it/CN=";
protected static String userCA = "/O=Grid/OU=GlobusTest/OU=simpleCA-gauss.eng.it/CN=Globus Simple CA";
/** The logger. */
private static final Logger logger = LoggerFactory.getLogger(ApplicationCredentials.class);
/**
* The basic constructor
*/
protected ApplicationCredentials()
{
creds = new HashMap<String, ExtendedGSSCredential>();
}
// private static ApplicationCredentials applCredentials = new ApplicationCredentials();
// private HashMap<String, ExtendedGSSCredential> creds;
// protected static String userDN = "/O=Grid/OU=GlobusTest/OU=simpleCA-gauss.eng.it/OU=eng.it/CN=";
// protected static String userCA = "/O=Grid/OU=GlobusTest/OU=simpleCA-gauss.eng.it/CN=Globus Simple CA";
//
// /** The logger. */
// private static final Logger logger = LoggerFactory.getLogger(ApplicationCredentials.class);
//
// /**
// * The basic constructor
// */
// protected ApplicationCredentials()
// {
// creds = new HashMap<String, ExtendedGSSCredential>();
// }
//
// /**
// * @return the sigleton of ApplicationCredentials
// */
// public static ApplicationCredentials getInstance()
// {
// return applCredentials;
// }
//
// /**
// * @param VREname the of the VRE for which you want to get the "portal" credential
// * @return the grid credential
// */
// public ExtendedGSSCredential getCredential(String VREname)
// {
// PortalSecurityManager secMan = new PortalSecurityManager(VREname);//GCUBEScope.getScope(VREname));
// if(!secMan.isSecurityEnabled())
// return null;
// ExtendedGSSCredential cred = creds.get(VREname);
// if(cred == null)
// {
// // If the credential is not available, it retrieves it from myProxy
// cred = UserCredential.getCredential("application", VREname);
// if(cred == null)
// {
// //user "application" does not exist on this VRE, so we add him and try to get credential again
// VOMSAdmin vomsA;
// VOMSAPIFactory factory;
// try {
// factory = VOMSAdminManager.getVOMSFactory();
// vomsA = factory.getVOMSAdmin();
// // String[] roles = vomsA.listRoles();
// // vomsA.createUser("application", userDN+"application", userCA, "application@gcube.org");
// // vomsA.addMember(VREname, userDN+"application", userCA);
// // vomsA.assignRole(VREname, roles[0], userDN+"application", userCA);
// // vomsA = new VOMSAdminImpl();
// String[] roles = vomsA.listRoles();
// User myUser = new User();
// myUser.setCN("application");
// myUser.setDN(userDN+"application");
// myUser.setCA(userCA);
// myUser.setMail("application@gcube.org");
// //vomsA.getExtendedPortType().createUser("application", userDN+"application", userCA, "application@gcube.org");
// vomsA.createUser(myUser);
// //vomsA.getExtendedPortType().addOnlineCAMember(VREname, userDN+"application");
// //vomsA.getExtendedPortType().assignOnlineCARole(VREname, roles[0], userDN+"application");
// vomsA.addMember(VREname, userDN + "application", userCA);
// vomsA.assignRole(VREname, roles[0], userDN + "application", userCA);
// }
// catch (Exception e) {
// vomsA = null;
// logger.error("", e);
// }
// cred = UserCredential.getCredential("application", VREname);
// }
// creds.put(VREname, cred);
// }
// else
// {
// // credential already available
// VOMSAttributesReader vomsReader = null;
// try {
// vomsReader = new VOMSAttributesReader(cred);
// //Check if it's gonna expire in the next minute, and refresh it
// if(vomsReader.getRefreshPeriod() < 60000)
// {
// cred = UserCredential.getCredential("application", VREname);
// creds.put(VREname, cred);
// }
// } catch (Exception e1) {
// logger.error("", e1);
// }
// }
// return cred;
// }
/**
* @return the sigleton of ApplicationCredentials
*/
public static ApplicationCredentials getInstance()
{
return applCredentials;
}
/**
* @param VREname the of the VRE for which you want to get the "portal" credential
* @return the grid credential
*/
public ExtendedGSSCredential getCredential(String VREname)
{
PortalSecurityManager secMan = new PortalSecurityManager(VREname);//GCUBEScope.getScope(VREname));
if(!secMan.isSecurityEnabled())
return null;
ExtendedGSSCredential cred = creds.get(VREname);
if(cred == null)
{
// If the credential is not available, it retrieves it from myProxy
cred = UserCredential.getCredential("application", VREname);
if(cred == null)
{
//user "application" does not exist on this VRE, so we add him and try to get credential again
VOMSAdmin vomsA;
VOMSAPIFactory factory;
try {
factory = VOMSAdminManager.getVOMSFactory();
vomsA = factory.getVOMSAdmin();
// String[] roles = vomsA.listRoles();
// vomsA.createUser("application", userDN+"application", userCA, "application@gcube.org");
// vomsA.addMember(VREname, userDN+"application", userCA);
// vomsA.assignRole(VREname, roles[0], userDN+"application", userCA);
// vomsA = new VOMSAdminImpl();
String[] roles = vomsA.listRoles();
User myUser = new User();
myUser.setCN("application");
myUser.setDN(userDN+"application");
myUser.setCA(userCA);
myUser.setMail("application@gcube.org");
//vomsA.getExtendedPortType().createUser("application", userDN+"application", userCA, "application@gcube.org");
vomsA.createUser(myUser);
//vomsA.getExtendedPortType().addOnlineCAMember(VREname, userDN+"application");
//vomsA.getExtendedPortType().assignOnlineCARole(VREname, roles[0], userDN+"application");
vomsA.addMember(VREname, userDN + "application", userCA);
vomsA.assignRole(VREname, roles[0], userDN + "application", userCA);
}
catch (Exception e) {
vomsA = null;
logger.error("", e);
}
cred = UserCredential.getCredential("application", VREname);
}
creds.put(VREname, cred);
}
else
{
// credential already available
VOMSAttributesReader vomsReader = null;
try {
vomsReader = new VOMSAttributesReader(cred);
//Check if it's gonna expire in the next minute, and refresh it
if(vomsReader.getRefreshPeriod() < 60000)
{
cred = UserCredential.getCredential("application", VREname);
creds.put(VREname, cred);
}
} catch (Exception e1) {
logger.error("", e1);
}
}
return cred;
}
}

15
src/main/java/org/gcube/application/framework/core/security/JaasCallbackHandler.java
View File

@ -8,16 +8,17 @@ import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JaasCallbackHandler implements CallbackHandler{
protected String username = null;
protected String password = null;
private Log log = LogFactory.getLog(JaasCallbackHandler.class);
private static final Logger logger = LoggerFactory.getLogger(JaasCallbackHandler.class);
public JaasCallbackHandler(String username, String password) {
super();
this.username = username;
@ -28,13 +29,13 @@ public class JaasCallbackHandler implements CallbackHandler{
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
if (log.isDebugEnabled()) log.debug("responding to NameCallback");
logger.debug("responding to NameCallback");
((NameCallback) callbacks[i]).setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
if (log.isDebugEnabled()) log.debug("responding to PasswordCallback");
logger.debug("responding to PasswordCallback");
((PasswordCallback) callbacks[i]).setPassword(password != null ? password.toCharArray() : new char[0]);
} else {
if (log.isDebugEnabled()) log.debug("unsupported callback: " + callbacks[i].getClass());
logger.debug("unsupported callback: " + callbacks[i].getClass());
throw new UnsupportedCallbackException(callbacks[i]);
}
}

18
src/main/java/org/gcube/application/framework/core/security/LDAPAuthenticationModule.java
View File

@ -8,12 +8,17 @@ import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.gcube.application.framework.core.util.UserCredential;
import org.gridforum.jgss.ExtendedGSSCredential;
//import org.gridforum.jgss.ExtendedGSSCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* FOR THE MOMENT IT'S SOMEWHAT DUMMY... WAITING FOR THE NEW SECURITY MODEL TO BE COMPLETED AND THEN INTEGRATE IT HERE
*
* @author nikolas
*
*/
public class LDAPAuthenticationModule {
/** The logger. */
@ -33,7 +38,13 @@ public class LDAPAuthenticationModule {
public boolean checkAuthentication(String username, String password) throws Exception {
logger.debug("USER authentication is disabled ! THE NEW SECURITY MODEL SHOULD BE INTEGRATED IN ASL");
logger.info("USER authentication is disabled ! THE NEW SECURITY MODEL SHOULD BE INTEGRATED IN ASL");
return true;
/*
logger.info("beginning authentication for " + username);
LoginContext loginContext;
@ -142,6 +153,7 @@ public class LDAPAuthenticationModule {
// return true;
// }
*/
}

5
src/main/java/org/gcube/application/framework/core/security/ServiceContextManager.java
View File

@ -21,10 +21,9 @@ import org.ietf.jgss.GSSCredential;
public class ServiceContextManager<PORTTYPE extends Remote> {
//TODO: SHOULD RECODE THE FUNCTIONS, USING THE NEW FEATHERWEIGHT SECURITY MODEL
/*
/*
public static <PORTTYPE extends Remote> PORTTYPE applySecurity(PORTTYPE stub, ASLSession session) throws Exception{
Credentials credentials = CredentialManager.instance.get();
GCUBESecurityManager secManager = new PortalSecurityManager(session);
PortalSecurityManager secManager = new PortalSecurityManager(session);
if(secManager.isSecurityEnabled())
secManager.useCredentials(session.getCredential());
return GCUBERemotePortTypeContext.getProxy(stub , session.getScope(), secManager);

24
src/main/java/org/gcube/application/framework/core/security/VOMSAdminManager.java
View File

@ -5,12 +5,14 @@ import java.io.File;
import javax.xml.rpc.ServiceException;
//import javax.xml.rpc.ServiceException;
import org.gcube.application.framework.core.util.Settings;
import org.gcube.vomanagement.vomsapi.ExtendedVOMSAdmin;
import org.gcube.vomanagement.vomsapi.VOMSAdmin;
import org.gcube.vomanagement.vomsapi.impl.VOMSAPIConfiguration;
import org.gcube.vomanagement.vomsapi.impl.VOMSAPIConfigurationException;
import org.gcube.vomanagement.vomsapi.impl.VOMSAPIFactory;
//import org.gcube.vomanagement.vomsapi.ExtendedVOMSAdmin;
//import org.gcube.vomanagement.vomsapi.VOMSAdmin;
//import org.gcube.vomanagement.vomsapi.impl.VOMSAPIConfiguration;
//import org.gcube.vomanagement.vomsapi.impl.VOMSAPIConfigurationException;
//import org.gcube.vomanagement.vomsapi.impl.VOMSAPIFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -21,19 +23,16 @@ import org.slf4j.LoggerFactory;
*/
public class VOMSAdminManager {
/** The logger. */
private static final Logger logger = LoggerFactory.getLogger(VOMSAdminManager.class);
/**
*
*/
/*
protected static VOMSAPIFactory factory = null;
protected static VOMSAdmin vomsAdmin = null;
protected static ExtendedVOMSAdmin extendedVomsAdmin = null;
/**
* @return
*/
public static VOMSAPIFactory getVOMSFactory()
{
if(factory == null)
@ -115,5 +114,6 @@ public class VOMSAdminManager {
}
return extendedVomsAdmin;
}
*/
}

16
src/main/java/org/gcube/application/framework/core/session/ASLSession.java
View File

@ -24,7 +24,7 @@ import org.gcube.application.framework.core.util.SessionConstants;
import org.gcube.application.framework.core.util.UserCredential;
//import org.gcube.common.core.scope.GCUBEScope;
import org.gcube.common.scope.api.ScopeProvider;
import org.gridforum.jgss.ExtendedGSSCredential;
//import org.gridforum.jgss.ExtendedGSSCredential;
/**
* @author Valia Tsagkalidou (NKUA)
@ -40,8 +40,7 @@ public class ASLSession{
private long lastUsedTime;
private String externalSessionID;
private String username;
private ExtendedGSSCredential credential;
// private GCUBEScope scope; //to be deleted
// private ExtendedGSSCredential credential;
private String scope;
private HashMap<String, Notifier> notifiers;
String scopeName;
@ -251,9 +250,14 @@ public class ASLSession{
/**
* @return the credential
*/
/*
DO NOT FORGET TO COMMENT OUT THIS WHEN THE NEW SECURITY MODEL IS AVAILABLE
public ExtendedGSSCredential getCredential() {
return credential;
}
*/
/**
* @return the external session id (passed to the constructor)
@ -312,9 +316,13 @@ public class ASLSession{
this.scope = scope;
this.scopeName = scope;
ScopeProvider.instance.set(scope);
/* DO NOT FORGET TO ADD THIS WHEN THE NEW SECURITY MODEL IS AVAILABLE !
if(new PortalSecurityManager(this.scope).isSecurityEnabled())
this.credential = UserCredential.getCredential(username, scope);
*/
// get the attribute that indicates of log in has been done from the login portlet - or if the user logs in from a bookmark
if (loggedIn == true) {
// don't log

4
src/main/java/org/gcube/application/framework/core/util/ServiceUtils.java
View File

@ -4,8 +4,8 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import org.apache.axis.message.addressing.EndpointReference;
import org.apache.axis.types.URI.MalformedURIException;
//import org.apache.axis.message.addressing.EndpointReference;
//import org.apache.axis.types.URI.MalformedURIException;
//import org.gcube.application.framework.core.cache.RIsManager;
import org.gcube.application.framework.core.session.ASLSession;
import org.gcube.common.resources.gcore.GCoreEndpoint;

15
src/main/java/org/gcube/application/framework/core/util/UserCredential.java
View File

@ -2,11 +2,11 @@ package org.gcube.application.framework.core.util;
import java.io.File;
import org.gcube.vomanagement.vomsapi.CredentialsManager;
import org.gcube.vomanagement.vomsapi.VOMSAdmin;
import org.gcube.vomanagement.vomsapi.impl.VOMSAPIConfiguration;
import org.gcube.vomanagement.vomsapi.impl.VOMSAPIFactory;
import org.gridforum.jgss.ExtendedGSSCredential;
//import org.gcube.vomanagement.vomsapi.CredentialsManager;
//import org.gcube.vomanagement.vomsapi.VOMSAdmin;
//import org.gcube.vomanagement.vomsapi.impl.VOMSAPIConfiguration;
//import org.gcube.vomanagement.vomsapi.impl.VOMSAPIFactory;
//import org.gridforum.jgss.ExtendedGSSCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -25,6 +25,9 @@ public class UserCredential {
* @param DLname DLname
* @return the GSS Credential
*/
//UNCOMMENT ABOVE CODE WHEN THE SECURITY BECOMES AVAILABLE.
/*
public static ExtendedGSSCredential getCredential(String username, String DLname)
{
CredentialsManager man = null;
@ -73,7 +76,7 @@ public class UserCredential {
return cred;
}
*/
}