You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@airavata.apache.org by hasinitg <gi...@git.apache.org> on 2015/08/01 17:41:15 UTC

[GitHub] airavata pull request: Added identity context and XACML based auth...

GitHub user hasinitg opened a pull request:

    https://github.com/apache/airavata/pull/25

    Added identity context and XACML based authorization for API calls

    This pull request contains the following:
    1. Identity Context - which persists AuthzToken in a thread local
    2. airavata-default-xacml-policy.xml which defines role based access control for admin and non-admin API methods.
    3. XACML PEP (Policy Enforcement Point) to enforce fine grained authorization on the API calls.
    4. Updated secure-client sample to showcase XACML based authorization on API calls w.r.t the default XACML policy. 
    Appreciate if this could be merged with the master.
    Thank you.
    Hasini.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/hasinitg/airavata sprint5_pr2

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/airavata/pull/25.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #25
    
----
commit 6ec2a39e51999d1a1f2e6f9288926aa362d32851
Author: hasinitg <ha...@gmail.com>
Date:   2015-07-30T11:27:18Z

    Added identity context to store user identity info in thread local.

commit 7ef83689624cf135234976b4abb2d3fd7b43499b
Author: hasinitg <ha...@gmail.com>
Date:   2015-07-31T11:43:46Z

    adding some missing files from previous commit.

commit 9c02f24d99c139b7dcc38b6fcddd17dd935c8e73
Author: hasinitg <ha...@gmail.com>
Date:   2015-07-31T19:49:34Z

    adding XACML based authorization for API calls.

commit d3ac7ceb611b3ed853e828c8492927020aacc72a
Author: hasinitg <ha...@gmail.com>
Date:   2015-08-01T10:31:13Z

    adding XACML based fine grained authorization on API calls.

commit 4226a2db00aec8ba0abb84e722bcb9767f0c96fa
Author: hasinitg <ha...@gmail.com>
Date:   2015-08-01T15:26:51Z

    Updated the secure-client sample to showcase the XACML based authorization on API calls and fixed some issues found when running the sample.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] airavata pull request: Added identity context and XACML based auth...

Posted by hasinitg <gi...@git.apache.org>.

Github user hasinitg commented on the pull request:

    https://github.com/apache/airavata/pull/25#issuecomment-128820229
  
    This pull request is updated and now contains following items, in addition to the ones mentioned above:
    1. Updated the airavata-default-xacml-policy in order to cater the current authorization requirements in PGA, as discussed in the dev list.
    2. Updated the secure client sample to showcase the capabilities of the updated authorization policy.
    3. Added the policy administration client (PAP) into the secure solution of airavata server, which publishes and enables the authorization policy in the WSO2 IS via its API, during the startup of airavata server - if the security is enabled.
    
    Thanks,
    Hasini. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] airavata pull request: Added identity context and XACML based auth...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/airavata/pull/25


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---