You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/05/02 21:09:31 UTC
airavata git commit: fixing bug
Repository: airavata
Updated Branches:
refs/heads/develop 12f5b014d -> 9f44797ca
fixing bug
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/9f44797c
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/9f44797c
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/9f44797c
Branch: refs/heads/develop
Commit: 9f44797cad885b728cacf1cec2f059728f241909
Parents: 12f5b01
Author: scnakandala <su...@gmail.com>
Authored: Mon May 2 15:09:27 2016 -0400
Committer: scnakandala <su...@gmail.com>
Committed: Mon May 2 15:09:27 2016 -0400
----------------------------------------------------------------------
.../DefaultAiravataSecurityManager.java | 34 ++++++++++++--------
1 file changed, 20 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/9f44797c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
index 3faf07d..5482b76 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
@@ -56,12 +56,6 @@ import java.util.Map;
public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
private final static Logger logger = LoggerFactory.getLogger(DefaultAiravataSecurityManager.class);
- private CredentialStoreService.Client csClient;
-
- public DefaultAiravataSecurityManager() throws TException, ApplicationSettingsException {
- csClient = getCredentialStoreServiceClient();
- }
-
@Override
public void initializeSecurityInfra() throws AiravataSecurityException {
/* in the default security manager, this method checks if the xacml authorization policy is published,
@@ -86,6 +80,8 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
stringBuilder.append(line);
}
String defaultXACMLPolicy = stringBuilder.toString();
+ CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
+
for(GatewayResourceProfile gwrp : gwProfiles){
if(gwrp.getIdentityServerPwdCredToken() != null && gwrp.getIdentityServerTenant() != null){
PasswordCredential credential = csClient.getPasswordCredential(gwrp.getCredentialStoreToken(), gwrp.getGatewayID());
@@ -137,14 +133,6 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
String gatewayId = authzToken.getGatewayId();
String action = metaData.get(Constants.API_METHOD_NAME);
- AppCatalog appCatalog = RegistryFactory.getAppCatalog();
- GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId);
- PasswordCredential credential = csClient.getPasswordCredential(gwrp.getCredentialStoreToken(), gwrp.getGatewayID());
- String username = credential.getLoginUserName();
- if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
- username = username + "@" + gwrp.getIdentityServerTenant();
- String password = credential.getPassword();
-
//if the authz cache is enabled, check in the cache if the authz decision is cached and if so, what the status is
if (ServerSettings.isAuthzCacheEnabled()) {
//obtain an instance of AuthzCacheManager implementation.
@@ -164,6 +152,15 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
logger.info("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is not in the cache. " +
"Obtaining it from the authorization server.");
+ CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
+ AppCatalog appCatalog = RegistryFactory.getAppCatalog();
+ GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId);
+ PasswordCredential credential = csClient.getPasswordCredential(gwrp.getCredentialStoreToken(), gwrp.getGatewayID());
+ String username = credential.getLoginUserName();
+ if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
+ username = username + "@" + gwrp.getIdentityServerTenant();
+ String password = credential.getPassword();
+
//talk to Authorization Server, obtain the decision, cache it and return the result.
ConfigurationContext configContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
@@ -197,6 +194,15 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
throw new AiravataSecurityException("Error in reading from the authorization cache.");
}
} else {
+ CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
+ AppCatalog appCatalog = RegistryFactory.getAppCatalog();
+ GatewayResourceProfile gwrp = appCatalog.getGatewayProfile().getGatewayProfile(gatewayId);
+ PasswordCredential credential = csClient.getPasswordCredential(gwrp.getCredentialStoreToken(), gwrp.getGatewayID());
+ String username = credential.getLoginUserName();
+ if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
+ username = username + "@" + gwrp.getIdentityServerTenant();
+ String password = credential.getPassword();
+
//talk to Authorization Server, obtain the decision and return the result (authz cache is not enabled).
ConfigurationContext configContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);