You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by di...@apache.org on 2019/04/30 12:58:22 UTC
[airavata] branch master updated: Removing WSO2 IS based security
managers and ansible installers as we no longer use them
This is an automated email from the ASF dual-hosted git repository.
dimuthuupe pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/master by this push:
new a89811f Removing WSO2 IS based security managers and ansible installers as we no longer use them
a89811f is described below
commit a89811f009376d10f7634e418dbf427f7668f96c
Author: Dimuthu Wannipurage <di...@gmail.com>
AuthorDate: Tue Apr 30 08:58:13 2019 -0400
Removing WSO2 IS based security managers and ansible installers as we no longer use them
---
airavata-api/airavata-api-server/pom.xml | 25 -
.../java-client-samples/pom.xml | 16 -
.../secure/client/OAuthAppRegisteringClient.java | 79 ---
.../secure/client/OAuthTokenRetrievalClient.java | 123 ----
.../client/secure/client/SecureClient.java | 214 +------
airavata-services/services-security/pom.xml | 30 +-
.../security/DefaultAiravataSecurityManager.java | 272 --------
.../org/apache/airavata/service/security/Main.java | 178 ------
.../service/security/oauth/DefaultOAuthClient.java | 90 ---
.../service/security/xacml/DefaultPAPClient.java | 124 ----
.../service/security/xacml/DefaultXACMLPEP.java | 132 ----
dev-tools/ansible/roles/wso2_is/tasks/main.yml | 61 --
.../ansible/roles/wso2_is/templates/carbon.xml.j2 | 688 ---------------------
dev-tools/ansible/roles/wso2_is/vars/main.yml | 38 --
.../resources/airavata-default-xacml-policy.xml | 211 -------
.../server/src/main/resources/gfac-config.yaml | 121 ----
.../server/src/main/resources/wso2carbon.pem | Bin 569 -> 0 bytes
.../server/src/main/resources/zoo.cfg | 22 -
modules/distribution/pom.xml | 7 -
19 files changed, 6 insertions(+), 2425 deletions(-)
diff --git a/airavata-api/airavata-api-server/pom.xml b/airavata-api/airavata-api-server/pom.xml
index a4a7d36..4d00c5f 100644
--- a/airavata-api/airavata-api-server/pom.xml
+++ b/airavata-api/airavata-api-server/pom.xml
@@ -114,36 +114,11 @@
<version>${curator.version}</version>
</dependency>
<dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
- <version>4.2.3</version>
- </dependency>
- <dependency>
- <groupId>org.apache.axis2.wso2</groupId>
- <artifactId>axis2</artifactId>
- <version>1.6.1.wso2v4</version>
- </dependency>
- <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.4</version>
</dependency>
<dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.utils</artifactId>
- <version>4.2.0</version>
- </dependency>
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.entitlement.stub</artifactId>
- <version>4.2.1</version>
- </dependency>
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.entitlement.common</artifactId>
- <version>4.2.1</version>
- </dependency>
- <dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>4.0</version>
diff --git a/airavata-api/airavata-client-sdks/java-client-samples/pom.xml b/airavata-api/airavata-client-sdks/java-client-samples/pom.xml
index 2e8ce40..1c80105 100644
--- a/airavata-api/airavata-client-sdks/java-client-samples/pom.xml
+++ b/airavata-api/airavata-client-sdks/java-client-samples/pom.xml
@@ -72,22 +72,6 @@
<artifactId>airavata-security</artifactId>
<version>${project.version}</version>
</dependency>
-
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
- <version>4.2.3</version>
- </dependency>
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.utils</artifactId>
- <version>4.2.0</version>
- </dependency>
- <dependency>
- <groupId>org.apache.axis2.wso2</groupId>
- <artifactId>axis2</artifactId>
- <version>1.6.1.wso2v4</version>
- </dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
diff --git a/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/OAuthAppRegisteringClient.java b/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/OAuthAppRegisteringClient.java
deleted file mode 100644
index b7dda50..0000000
--- a/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/OAuthAppRegisteringClient.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.airavata.client.secure.client;
-
-import org.apache.airavata.security.AiravataSecurityException;
-import org.apache.airavata.security.util.TrustStoreManager;
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
-import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceStub;
-import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
-import org.wso2.carbon.utils.CarbonUtils;
-
-import java.rmi.RemoteException;
-
-public class OAuthAppRegisteringClient {
- private OAuthAdminServiceStub stub;
- private final static Logger logger = LoggerFactory.getLogger(OAuthAppRegisteringClient.class);
-
- public OAuthAppRegisteringClient(String auhorizationServerURL, String username, String password,
- ConfigurationContext configCtx) throws Exception {
- String serviceURL = auhorizationServerURL + "OAuthAdminService";
- try {
- stub = new OAuthAdminServiceStub(configCtx, serviceURL);
- CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, stub._getServiceClient());
- } catch (AxisFault e) {
- logger.error("Error initializing OAuth2 Client");
- throw new Exception("Error initializing OAuth Client", e);
- }
-
- }
-
- public OAuthConsumerAppDTO registerApplication(String appName, String consumerId, String consumerSecret)
- throws AiravataSecurityException {
-
- try {
- OAuthConsumerAppDTO consumerAppDTO = new OAuthConsumerAppDTO();
- consumerAppDTO.setApplicationName(appName);
- // consumer key and secret is set by the application.
- consumerAppDTO.setOauthConsumerKey(consumerId);
- consumerAppDTO.setOauthConsumerSecret(consumerSecret);
- //consumerAppDTO.setUsername(adminUserName);
- //initialize trust store for SSL handshake
- TrustStoreManager trustStoreManager = new TrustStoreManager();
- trustStoreManager.initializeTrustStoreManager(Properties.TRUST_STORE_PATH, Properties.TRUST_STORE_PASSWORD);
- stub.registerOAuthApplicationData(consumerAppDTO);
- // After registration application is retrieve
- return stub.getOAuthApplicationDataByAppName(appName);
- } catch (AxisFault axisFault) {
- axisFault.printStackTrace();
- throw new AiravataSecurityException("Error in registering the OAuth application.");
- } catch (RemoteException e) {
- e.printStackTrace();
- throw new AiravataSecurityException("Error in registering the OAuth application.");
- } catch (OAuthAdminServiceException e) {
- e.printStackTrace();
- throw new AiravataSecurityException("Error in registering the OAuth application.");
- }
- }
-}
diff --git a/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/OAuthTokenRetrievalClient.java b/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/OAuthTokenRetrievalClient.java
deleted file mode 100644
index 6ba888c..0000000
--- a/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/OAuthTokenRetrievalClient.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.airavata.client.secure.client;
-
-import org.apache.airavata.security.AiravataSecurityException;
-import org.apache.airavata.security.util.TrustStoreManager;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.ClientProtocolException;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.conn.scheme.Scheme;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.message.BasicNameValuePair;
-import org.json.simple.JSONObject;
-import org.json.simple.parser.JSONParser;
-import org.json.simple.parser.ParseException;
-
-import javax.net.ssl.SSLContext;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
-import java.util.List;
-
-public class OAuthTokenRetrievalClient {
- /**
- * Retrieve the OAuth Access token via the specified grant type.
- * @param consumerId
- * @param consumerSecret
- * @param userName
- * @param password
- * @param grantType
- * @return
- * @throws SecurityException
- */
- public String retrieveAccessToken(String consumerId, String consumerSecret, String userName, String password, int grantType)
- throws AiravataSecurityException {
-
- HttpPost postMethod = null;
- try {
- //initialize trust store to handle SSL handshake with WSO2 IS properly.
- TrustStoreManager trustStoreManager = new TrustStoreManager();
- SSLContext sslContext = trustStoreManager.initializeTrustStoreManager(Properties.TRUST_STORE_PATH,
- Properties.TRUST_STORE_PASSWORD);
- //create https scheme with the trust store
- org.apache.http.conn.ssl.SSLSocketFactory sf = new org.apache.http.conn.ssl.SSLSocketFactory(sslContext);
- Scheme httpsScheme = new Scheme("https", sf, Properties.authzServerPort);
-
- HttpClient httpClient = new DefaultHttpClient();
- //set the https scheme in the httpclient
- httpClient.getConnectionManager().getSchemeRegistry().register(httpsScheme);
-
- postMethod = new HttpPost(Properties.oauthTokenEndPointURL);
- //build the HTTP request with relevant params for resource owner credential grant type
- String authInfo = consumerId + ":" + consumerSecret;
- String authHeader = new String(Base64.encodeBase64(authInfo.getBytes()));
-
- postMethod.setHeader("Content-Type", "application/x-www-form-urlencoded");
- postMethod.setHeader("Authorization", "Basic " + authHeader);
-
- List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();
-
- if (grantType == 1) {
- urlParameters.add(new BasicNameValuePair("grant_type", "password"));
- urlParameters.add(new BasicNameValuePair("username", userName));
- urlParameters.add(new BasicNameValuePair("password", password));
-
- } else if (grantType == 2) {
- urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials"));
- }
-
- postMethod.setEntity(new UrlEncodedFormEntity(urlParameters));
-
- HttpResponse response = httpClient.execute(postMethod);
-
- BufferedReader rd = new BufferedReader(
- new InputStreamReader(response.getEntity().getContent()));
-
- StringBuilder result = new StringBuilder();
- String line = "";
- while ((line = rd.readLine()) != null) {
- result.append(line);
- }
-
- JSONParser parser = new JSONParser();
- JSONObject jsonObject = (JSONObject) parser.parse(result.toString());
- return (String) jsonObject.get("access_token");
- } catch (ClientProtocolException e) {
- throw new AiravataSecurityException(e.getMessage(), e);
- } catch (UnsupportedEncodingException e) {
- throw new AiravataSecurityException(e.getMessage(), e);
- } catch (IOException e) {
- throw new AiravataSecurityException(e.getMessage(), e);
- } catch (ParseException e) {
- throw new AiravataSecurityException(e.getMessage(), e);
- } finally {
- if (postMethod != null) {
- postMethod.releaseConnection();
- }
- }
- }
-}
\ No newline at end of file
diff --git a/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/SecureClient.java b/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/SecureClient.java
index f75ed87..13b6c68 100644
--- a/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/SecureClient.java
+++ b/airavata-api/airavata-client-sdks/java-client-samples/src/main/java/org/apache/airavata/client/secure/client/SecureClient.java
@@ -21,225 +21,15 @@ package org.apache.airavata.client.secure.client;
import org.apache.airavata.api.Airavata;
import org.apache.airavata.api.client.AiravataClientFactory;
-import org.apache.airavata.model.appcatalog.appdeployment.ApplicationModule;
import org.apache.airavata.model.error.AiravataClientException;
-import org.apache.airavata.model.error.InvalidRequestException;
-import org.apache.airavata.model.security.AuthzToken;
-import org.apache.airavata.model.workspace.Gateway;
-import org.apache.airavata.model.workspace.GatewayApprovalStatus;
-import org.apache.airavata.security.AiravataSecurityException;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.context.ConfigurationContextFactory;
-import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
-
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Scanner;
public class SecureClient {
private static Logger logger = LoggerFactory.getLogger(SecureClient.class);
public static void main(String[] args) throws Exception {
- Scanner scanner = new Scanner(System.in);
- //register client or use existing client
- System.out.println("");
- System.out.println("Please select from the following options:");
- System.out.println("1. Register the client as an OAuth application.");
- System.out.println("2. Client is already registered. Use the existing credentials.");
- String opInput = scanner.next();
- int option = Integer.valueOf(opInput.trim());
- String consumerId = null;
- String consumerSecret = null;
- if (option == 1) {
- //register OAuth application - this happens once during initialization of the gateway.
-
- /************************Start obtaining input from user*****************************/
- System.out.println("");
- System.out.println("Registering an OAuth application representing the client....");
- System.out.println("Please enter following information as you prefer, or use defaults.");
- System.out.println("OAuth application name: (default:" + Properties.appName +
- ", press 'd' to use default value.)");
- String appNameInput = scanner.next();
- String appName = null;
- if (appNameInput.trim().equals("d")) {
- appName = Properties.appName;
- } else {
- appName = appNameInput.trim();
- }
-
- System.out.println("Consumer Id: (default:" + Properties.consumerID + ", press 'd' to use default value.)");
- String consumerIdInput = scanner.next();
- if (consumerIdInput.trim().equals("d")) {
- consumerId = Properties.consumerID;
- } else {
- consumerId = consumerIdInput.trim();
- }
-
- System.out.println("Consumer Secret: (default:" + Properties.consumerSecret +
- ", press 'd' to use default value.)");
- String consumerSecInput = scanner.next();
- if (consumerSecInput.trim().equals("d")) {
- consumerSecret = Properties.consumerSecret;
- } else {
- consumerSecret = consumerSecInput.trim();
- }
- /***************************** Finish obtaining input from user*******************************************/
-
- /*********************** Perform registration of the client as an OAuth app***************************/
- try {
- ConfigurationContext configContext =
- ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
- OAuthAppRegisteringClient authAppRegisteringClient = new OAuthAppRegisteringClient(
- Properties.oauthAuthzServerURL, Properties.adminUserName, Properties.adminPassword, configContext);
- OAuthConsumerAppDTO appDTO = authAppRegisteringClient.registerApplication(appName, consumerId, consumerSecret);
- /********************* Complete registering the client ***********************************************/
- System.out.println("");
- System.out.println("Registered OAuth app successfully. Following is app's details:");
- System.out.println("App Name: " + appDTO.getApplicationName());
- System.out.println("Consumer ID: " + appDTO.getOauthConsumerKey());
- System.out.println("Consumer Secret: " + appDTO.getOauthConsumerSecret());
- System.out.println("");
-
- } catch (AiravataSecurityException e) {
- e.printStackTrace();
- throw e;
- } catch (Exception e) {
- e.printStackTrace();
- throw e;
- }
- } else if (option == 2) {
- System.out.println("");
- System.out.println("Enter Consumer Id: ");
- consumerId = scanner.next().trim();
- System.out.println("Enter Consumer Secret: ");
- consumerSecret = scanner.next().trim();
- }
- //obtain OAuth access token
-
- /************************Start obtaining input from user*****************************/
- System.out.println("");
- System.out.println("Please select the preferred grant type: (or press d to use the default option" + Properties.grantType + ")");
- System.out.println("1. Resource Owner Password Credential.");
- System.out.println("2. Client Credential.");
-
- String grantTypeInput = scanner.next().trim();
- int grantType = 0;
- if (grantTypeInput.equals("d")) {
- grantType = Properties.grantType;
- } else {
- grantType = Integer.valueOf(grantTypeInput);
- }
- String userName = null;
- String password = null;
- if (grantType == 1) {
- System.out.println("Obtaining OAuth access token via 'Resource Owner Password' grant type....");
- System.out.println("Please enter following information as you prefer, or use defaults.");
- System.out.println("End user's name: (default:" + Properties.userName +
- ", press 'd' to use default value.)");
- String userNameInput = scanner.next();
- if (userNameInput.trim().equals("d")) {
- userName = Properties.userName;
- } else {
- userName = userNameInput.trim();
- }
-
- System.out.println("End user's password: (default:" + Properties.password + ", press 'd' to use default value.)");
- String passwordInput = scanner.next();
- if (passwordInput.trim().equals("d")) {
- password = Properties.password;
- } else {
- password = passwordInput.trim();
- }
- } else if (grantType == 2) {
- System.out.println("");
- System.out.println("Please enter the user name to be passed: ");
- String userNameInput = scanner.next();
- userName = userNameInput.trim();
- System.out.println("");
- System.out.println("Obtaining OAuth access token via 'Client Credential' grant type...' grant type....");
- }
-
- /***************************** Finish obtaining input from user*******************************************/
- try {
- //obtain the OAuth token for the specified end user.
- String accessToken = new OAuthTokenRetrievalClient().retrieveAccessToken(consumerId, consumerSecret,
- userName, password, grantType);
- System.out.println("");
- System.out.println("OAuth access token is: " + accessToken);
-
- //invoke Airavata API by the SecureClient, on behalf of the user.
- System.out.println("");
- System.out.println("Invoking Airavata API...");
- System.out.println("Enter the access token to be used: (default:" + accessToken + ", press 'd' to use default value.)");
- String accessTokenInput = scanner.next();
- String acTk = null;
- if (accessTokenInput.trim().equals("d")) {
- acTk = accessToken;
- } else {
- acTk = accessTokenInput.trim();
- }
-
- //obtain as input, the method to be invoked
- System.out.println("");
- System.out.println("Enter the number corresponding to the method to be invoked: ");
- System.out.println("1. getAPIVersion");
- System.out.println("2. getAllAppModules");
- System.out.println("3. addGateway");
- String methodNumberString = scanner.next();
- int methodNumber = Integer.valueOf(methodNumberString.trim());
-
- Airavata.Client client = createAiravataClient(Properties.SERVER_HOST, Properties.SERVER_PORT);
- AuthzToken authzToken = new AuthzToken();
- authzToken.setAccessToken(acTk);
- Map<String, String> claimsMap = new HashMap<>();
- claimsMap.put("userName", userName);
- claimsMap.put("email", "hasini@gmail.com");
- authzToken.setClaimsMap(claimsMap);
- if (methodNumber == 1) {
-
- String version = client.getAPIVersion(authzToken);
- System.out.println("");
- System.out.println("Airavata API version: " + version);
- System.out.println("");
- } else if (methodNumber == 2) {
- System.out.println("");
- System.out.println("Enter the gateway id: ");
- String gatewayId = scanner.next().trim();
-
- List<ApplicationModule> appModules= client.getAllAppModules(authzToken, gatewayId);
- System.out.println("Output of getAllAppModuels: ");
- for (ApplicationModule appModule : appModules) {
- System.out.println(appModule.getAppModuleName());
- }
- System.out.println("");
- System.out.println("");
- } else if (methodNumber == 3) {
- System.out.println("");
- System.out.println("Enter the gateway id: ");
- String gatewayId = scanner.next().trim();
-
- Gateway gateway = new Gateway(gatewayId, GatewayApprovalStatus.REQUESTED);
- gateway.setDomain("airavata.org");
- gateway.setEmailAddress("airavata@apache.org");
- gateway.setGatewayName("airavataGW");
- String output = client.addGateway(authzToken, gateway);
- System.out.println("");
- System.out.println("Output of addGateway: " + output);
- System.out.println("");
-
- }
- } catch (InvalidRequestException e) {
- e.printStackTrace();
- } catch (TException e) {
- e.printStackTrace();
- } catch (AiravataSecurityException e) {
- e.printStackTrace();
- }
-
+ // TODO Implement in keycloak
}
public static Airavata.Client createAiravataClient(String serverHost, int serverPort) throws
@@ -249,7 +39,5 @@ public class SecureClient {
Airavata.Client client = AiravataClientFactory.createAiravataSecureClient(serverHost, serverPort,
Properties.TRUST_STORE_PATH, Properties.TRUST_STORE_PASSWORD, 10000);
return client;
-
-
}
}
\ No newline at end of file
diff --git a/airavata-services/services-security/pom.xml b/airavata-services/services-security/pom.xml
index c488b26..7ac3532 100644
--- a/airavata-services/services-security/pom.xml
+++ b/airavata-services/services-security/pom.xml
@@ -57,36 +57,11 @@
<version>${project.version}</version>
</dependency>
<dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
- <version>4.2.3</version>
- </dependency>
- <dependency>
- <groupId>org.apache.axis2.wso2</groupId>
- <artifactId>axis2</artifactId>
- <version>1.6.1.wso2v4</version>
- </dependency>
- <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.4</version>
</dependency>
<dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.utils</artifactId>
- <version>4.2.0</version>
- </dependency>
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.entitlement.stub</artifactId>
- <version>4.2.1</version>
- </dependency>
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.entitlement.common</artifactId>
- <version>4.2.1</version>
- </dependency>
- <dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>4.0</version>
@@ -106,6 +81,11 @@
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
</dependency>
+ <dependency>
+ <groupId>org.json</groupId>
+ <artifactId>json</artifactId>
+ <version>20131018</version>
+ </dependency>
</dependencies>
</project>
\ No newline at end of file
diff --git a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/DefaultAiravataSecurityManager.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/DefaultAiravataSecurityManager.java
deleted file mode 100644
index 6ff8219..0000000
--- a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/DefaultAiravataSecurityManager.java
+++ /dev/null
@@ -1,272 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.airavata.service.security;
-
-import org.apache.airavata.common.exception.ApplicationSettingsException;
-import org.apache.airavata.common.utils.Constants;
-import org.apache.airavata.common.utils.ServerSettings;
-import org.apache.airavata.credential.store.client.CredentialStoreClientFactory;
-import org.apache.airavata.credential.store.cpi.CredentialStoreService;
-import org.apache.airavata.credential.store.exception.CredentialStoreException;
-import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile;
-import org.apache.airavata.model.credential.store.PasswordCredential;
-import org.apache.airavata.model.security.AuthzToken;
-import org.apache.airavata.registry.api.RegistryService;
-import org.apache.airavata.registry.api.client.RegistryServiceClientFactory;
-import org.apache.airavata.registry.api.exception.RegistryServiceException;
-import org.apache.airavata.security.AiravataSecurityException;
-import org.apache.airavata.security.util.TrustStoreManager;
-import org.apache.airavata.service.security.authzcache.*;
-import org.apache.airavata.service.security.oauth.DefaultOAuthClient;
-import org.apache.airavata.service.security.xacml.DefaultPAPClient;
-import org.apache.airavata.service.security.xacml.DefaultXACMLPEP;
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.context.ConfigurationContextFactory;
-import org.apache.thrift.TException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
-
-import java.io.*;
-import java.util.List;
-import java.util.Map;
-
-/**
- * This enforces authentication and authorization on Airavata API calls.
- */
-public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
- private final static Logger logger = LoggerFactory.getLogger(DefaultAiravataSecurityManager.class);
-
- @Override
- public void initializeSecurityInfra() throws AiravataSecurityException {
- /* in the default security manager, this method checks if the xacml authorization policy is published,
- * and if not, publish the policy to the PDP (of WSO2 Identity Server)
- */
- try {
- if (ServerSettings.isAPISecured()) {
- ConfigurationContext configContext =
- ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
- //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server.
- TrustStoreManager trustStoreManager = new TrustStoreManager();
- trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
- ServerSettings.getTrustStorePassword());
- List<GatewayResourceProfile> gwProfiles = getRegistryServiceClient().getAllGatewayResourceProfiles();
- //read the policy as a string
- BufferedReader bufferedReader = new BufferedReader(new FileReader(new File(
- ServerSettings.getAuthorizationPoliyName() + ".xml")));
- String line;
- StringBuilder stringBuilder = new StringBuilder();
- while ((line = bufferedReader.readLine()) != null) {
- stringBuilder.append(line);
- }
- String defaultXACMLPolicy = stringBuilder.toString();
- CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
-
- for(GatewayResourceProfile gwrp : gwProfiles){
- if(gwrp.getIdentityServerPwdCredToken() != null && gwrp.getIdentityServerTenant() != null){
- PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
- String username = credential.getLoginUserName();
- if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
- username = username + "@" + gwrp.getIdentityServerTenant();
- String password = credential.getPassword();
- DefaultPAPClient PAPClient = new DefaultPAPClient(ServerSettings.getRemoteAuthzServerUrl(),
- username, password, configContext);
- boolean policyAdded = PAPClient.isPolicyAdded(ServerSettings.getAuthorizationPoliyName());
- if (policyAdded) {
- logger.debug("Authorization policy is already added in the authorization server.");
- } else {
- //publish the policy and enable it in a separate thread
- PAPClient.addPolicy(defaultXACMLPolicy);
- logger.debug("Authorization policy is published in the authorization server.");
- }
- }else{
- logger.warn("Identity Server configuration missing for gateway : " + gwrp.getGatewayID());
- }
- }
- }
- } catch (AxisFault axisFault) {
- logger.error(axisFault.getMessage(), axisFault);
- throw new AiravataSecurityException("Error in initializing the configuration context for creating the " +
- "PAP client.");
- } catch (ApplicationSettingsException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in reading configuration when creating the PAP client.");
- } catch (FileNotFoundException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in reading authorization policy.");
- } catch (IOException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in reading the authorization policy.");
- } catch (RegistryServiceException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in reading the Gateway Profiles from App Catalog.");
- } catch (TException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in connecting to Credential Store Service.");
- }
- }
-
- public boolean isUserAuthorized(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException {
- try {
- String subject = authzToken.getClaimsMap().get(Constants.USER_NAME);
- String accessToken = authzToken.getAccessToken();
- String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
- String action = metaData.get(Constants.API_METHOD_NAME);
-
- //if the authz cache is enabled, check in the cache if the authz decision is cached and if so, what the status is
- if (ServerSettings.isAuthzCacheEnabled()) {
- //obtain an instance of AuthzCacheManager implementation.
- AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager();
-
- //check in the cache
- AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus(
- new AuthzCacheIndex(subject, gatewayId, accessToken, action));
-
- if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) {
- logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache.");
- return true;
- } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) {
- logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache.");
- return false;
- } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) {
- logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is not in the cache. " +
- "Obtaining it from the authorization server.");
-
- CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
- GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId);
- PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
- String username = credential.getLoginUserName();
- if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
- username = username + "@" + gwrp.getIdentityServerTenant();
- String password = credential.getPassword();
-
- //talk to Authorization Server, obtain the decision, cache it and return the result.
- ConfigurationContext configContext =
- ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
-
- //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server.
- TrustStoreManager trustStoreManager = new TrustStoreManager();
- trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
- ServerSettings.getTrustStorePassword());
-
- DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(),
- username, password, configContext);
- OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken(
- authzToken.getAccessToken());
- if(validationResponse.getValid()){
- String authorizedUserName = validationResponse.getAuthorizedUser();
- if(authorizedUserName.contains("@")){
- authorizedUserName = authorizedUserName.split("@")[0];
- }
- if(subject.contains("@")){
- subject = subject.split("@")[0];
- }
- //cannot impersonate users
- if(!authorizedUserName.toLowerCase().equals(subject.toLowerCase()))
- return false;
-
- long expiryTimestamp = validationResponse.getExpiryTime();
-
- //check for fine grained authorization for the API invocation, based on XACML.
- DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(),
- username, password, configContext);
- boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken, metaData);
-
- //cache the authorization decision
- authzCacheManager.addToAuthzCache(new AuthzCacheIndex(subject, gatewayId, accessToken, action),
- new AuthzCacheEntry(authorizationDecision, expiryTimestamp, System.currentTimeMillis()));
-
- return authorizationDecision;
- }else {
- return false;
- }
-
-
- } else {
- //undefined status returned from the authz cache manager
- throw new AiravataSecurityException("Error in reading from the authorization cache.");
- }
- } else {
- CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
- GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId);
- PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
- String username = credential.getLoginUserName();
- if(gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
- username = username + "@" + gwrp.getIdentityServerTenant();
- String password = credential.getPassword();
-
- //talk to Authorization Server, obtain the decision and return the result (authz cache is not enabled).
- ConfigurationContext configContext =
- ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
-
- //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server.
- TrustStoreManager trustStoreManager = new TrustStoreManager();
- trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
- ServerSettings.getTrustStorePassword());
-
- DefaultOAuthClient oauthClient = new DefaultOAuthClient(ServerSettings.getRemoteAuthzServerUrl(),
- username, password, configContext);
- OAuth2TokenValidationResponseDTO validationResponse = oauthClient.validateAccessToken(
- authzToken.getAccessToken());
- boolean isOAuthTokenValid = validationResponse.getValid();
- //if XACML based authorization is enabled, check for role based authorization for the API invocation
- DefaultXACMLPEP entitlementClient = new DefaultXACMLPEP(ServerSettings.getRemoteAuthzServerUrl(),
- username, password, configContext);
- boolean authorizationDecision = entitlementClient.getAuthorizationDecision(authzToken, metaData);
-
- return (isOAuthTokenValid && authorizationDecision);
- }
-
- } catch (AxisFault axisFault) {
- logger.error(axisFault.getMessage(), axisFault);
- throw new AiravataSecurityException("Error in initializing the configuration context for creating the OAuth validation client.");
- } catch (ApplicationSettingsException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in reading OAuth server configuration.");
- } catch (RegistryServiceException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in accessing AppCatalog.");
- } catch (TException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in connecting to Credential Store Service.");
- }
- }
-
- private CredentialStoreService.Client getCredentialStoreServiceClient() throws TException, ApplicationSettingsException {
- final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort());
- final String serverHost = ServerSettings.getCredentialStoreServerHost();
- try {
- return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort);
- } catch (CredentialStoreException e) {
- throw new TException("Unable to create credential store client...", e);
- }
- }
-
- private RegistryService.Client getRegistryServiceClient() throws TException, ApplicationSettingsException {
- final int serverPort = Integer.parseInt(ServerSettings.getRegistryServerPort());
- final String serverHost = ServerSettings.getRegistryServerHost();
- try {
- return RegistryServiceClientFactory.createRegistryClient(serverHost, serverPort);
- } catch (RegistryServiceException e) {
- throw new TException("Unable to create registry client...", e);
- }
- }
-}
\ No newline at end of file
diff --git a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/Main.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/Main.java
deleted file mode 100644
index c3ad9d0..0000000
--- a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/Main.java
+++ /dev/null
@@ -1,178 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.airavata.service.security;
-
-import org.apache.airavata.common.utils.Constants;
-import org.apache.airavata.model.error.AuthenticationException;
-import org.apache.airavata.model.security.AuthzToken;
-import org.apache.airavata.security.AiravataSecurityException;
-import org.apache.airavata.service.security.oauth.DefaultOAuthClient;
-import org.apache.airavata.service.security.xacml.DefaultXACMLPEP;
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.context.ConfigurationContextFactory;
-import org.apache.oltu.oauth2.client.URLConnectionClient;
-import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
-import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
-import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.message.types.GrantType;
-import org.codehaus.jackson.map.ObjectMapper;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
-
-import java.util.HashMap;
-import java.util.Map;
-
-public class Main {
- private final static Logger logger = LoggerFactory.getLogger(Main.class);
-
- private static String username = "scigap_admin";
- private static String password = "sci9067@min";
- private static String hostName = "https://idp.scigap.org:7443";
-// private static String clientId = "KUu0a74dFbrwvSxD3C_GhwKeNrQa";
- private static String clientId = "O3iUdkkVYyHgzWPiVTQpY_tb96Ma";
-// private static String clientSecret = "UTKb9nDOPsuWB4lEX39TwhkW8qIa";
- private static String clientSecret = "6Ck1jZoa2oRtrzodSqkUZ2iINkUa";
-
- public static void main(String[] args) throws AuthenticationException, AiravataSecurityException, AxisFault {
- String accessToken = authenticate("master@master.airavata", "master").getAccess_token();
- ConfigurationContext configContext =
- ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
- DefaultOAuthClient defaultOAuthClient = new DefaultOAuthClient(hostName+"/services/",username,password, configContext);
- OAuth2TokenValidationResponseDTO tokenValidationRequestDTO = defaultOAuthClient.validateAccessToken(accessToken);
- String authorizedUser = tokenValidationRequestDTO.getAuthorizedUser();
- AuthzToken authzToken = new AuthzToken();
- authzToken.setAccessToken(accessToken);
- Map<String, String> claimsMap = new HashMap<>();
- claimsMap.put(Constants.USER_NAME, "scigap_admin");
- claimsMap.put(Constants.API_METHOD_NAME, "/airavata/getAPIVersion");
- authzToken.setClaimsMap(claimsMap);
-
- DefaultXACMLPEP defaultXACMLPEP = new DefaultXACMLPEP(hostName+"/services/",username,password,configContext);
- HashMap<String, String> metaDataMap = new HashMap();
- boolean result = defaultXACMLPEP.getAuthorizationDecision(authzToken, metaDataMap);
- System.out.println(result);
- }
-
- public static AuthResponse authenticate(String username,String password) throws AuthenticationException {
- try {
- OAuthClientRequest request = OAuthClientRequest.tokenLocation(hostName+"/oauth2/token").
- setClientId(clientId).setClientSecret(clientSecret).
- setGrantType(GrantType.PASSWORD).
- setRedirectURI("").
- setUsername(username).
- setPassword(password).
- setScope("openid").
- buildBodyMessage();
-
-
- URLConnectionClient ucc = new URLConnectionClient();
-
- org.apache.oltu.oauth2.client.OAuthClient oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc);
- OAuthResourceResponse resp = oAuthClient.resource(request, OAuth.HttpMethod.POST, OAuthResourceResponse.class);
-
- //converting JSON to object
- ObjectMapper mapper = new ObjectMapper();
- AuthResponse authResponse;
- try{
- authResponse = mapper.readValue(resp.getBody(), AuthResponse.class);
- }catch (Exception e){
- return null;
- }
-
- String accessToken = authResponse.getAccess_token();
- if(accessToken != null && !accessToken.isEmpty()){
- request = new OAuthBearerClientRequest(hostName + "/oauth2/userinfo?schema=openid").
- buildQueryMessage();
- ucc = new URLConnectionClient();
- request.setHeader("Authorization","Bearer "+accessToken);
- oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc);
- resp = oAuthClient.resource(request, OAuth.HttpMethod.GET,
- OAuthResourceResponse.class);
- Map<String,String> profile = mapper.readValue(resp.getBody(), Map.class);
- return authResponse;
- }
- }catch (Exception ex){
- throw new AuthenticationException(ex.getMessage());
- }
- return null;
- }
-}
-
-class AuthResponse{
-
- private String token_type;
- private int expires_in;
- private String refresh_token;
- private String access_token;
- public String id_token;
- private String scope;
-
-
- public String getToken_type() {
- return token_type;
- }
-
- public void setToken_type(String token_type) {
- this.token_type = token_type;
- }
-
- public int getExpires_in() {
- return expires_in;
- }
-
- public void setExpires_in(int expires_in) {
- this.expires_in = expires_in;
- }
-
- public String getRefresh_token() {
- return refresh_token;
- }
-
- public void setRefresh_token(String refresh_token) {
- this.refresh_token = refresh_token;
- }
-
- public String getAccess_token() {
- return access_token;
- }
-
- public void setAccess_token(String access_token) {
- this.access_token = access_token;
- }
-
- public String getId_token() {
- return id_token;
- }
-
- public void setId_token(String id_token) {
- this.id_token = id_token;
- }
-
- public String getScope() {
- return scope;
- }
-
- public void setScope(String scope) {
- this.scope = scope;
- }
-}
\ No newline at end of file
diff --git a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/oauth/DefaultOAuthClient.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/oauth/DefaultOAuthClient.java
deleted file mode 100644
index b46db10..0000000
--- a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/oauth/DefaultOAuthClient.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.airavata.service.security.oauth;
-
-import org.apache.airavata.security.AiravataSecurityException;
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
-import org.wso2.carbon.utils.CarbonUtils;
-
-import java.rmi.RemoteException;
-
-/**
- * This is the default OAuth Client that talks to WSO2 IS's OAuth Authentication Server
- * to get the OAuth token validated.
- */
-public class DefaultOAuthClient {
-
- private OAuth2TokenValidationServiceStub stub;
- private final static Logger logger = LoggerFactory.getLogger(DefaultOAuthClient.class);
- public static final String BEARER_TOKEN_TYPE = "bearer";
-
- /**
- * OAuth2TokenValidationService Admin Service Client
- *
- * @param auhorizationServerURL
- * @param username
- * @param password
- * @param configCtx
- * @throws Exception
- */
- public DefaultOAuthClient(String auhorizationServerURL, String username, String password,
- ConfigurationContext configCtx) throws AiravataSecurityException {
- try {
- String serviceURL = auhorizationServerURL + "OAuth2TokenValidationService";
- stub = new OAuth2TokenValidationServiceStub(configCtx, serviceURL);
- CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, stub._getServiceClient());
- } catch (AxisFault e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error initializing OAuth client.");
- }
- }
-
- /**
- * Validates the OAuth 2.0 access token
- *
- * @param accessToken
- * @return
- * @throws Exception
- */
- public OAuth2TokenValidationResponseDTO validateAccessToken(String accessToken)
- throws AiravataSecurityException {
-
- try {
- OAuth2TokenValidationRequestDTO oauthReq = new OAuth2TokenValidationRequestDTO();
- OAuth2TokenValidationRequestDTO_OAuth2AccessToken token =
- new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
- token.setIdentifier(accessToken);
- token.setTokenType(BEARER_TOKEN_TYPE);
- oauthReq.setAccessToken(token);
- return stub.validate(oauthReq);
- } catch (RemoteException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in validating the OAuth access token.");
- }
- }
-
-}
diff --git a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/xacml/DefaultPAPClient.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/xacml/DefaultPAPClient.java
deleted file mode 100644
index ae3257d..0000000
--- a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/xacml/DefaultPAPClient.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.airavata.service.security.xacml;
-
-import org.apache.airavata.common.exception.ApplicationSettingsException;
-import org.apache.airavata.common.utils.ServerSettings;
-import org.apache.airavata.security.AiravataSecurityException;
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
-import org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceEntitlementException;
-import org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceStub;
-import org.wso2.carbon.identity.entitlement.stub.dto.PaginatedStatusHolder;
-import org.wso2.carbon.identity.entitlement.stub.dto.PolicyDTO;
-import org.wso2.carbon.identity.entitlement.stub.dto.StatusHolder;
-import org.wso2.carbon.utils.CarbonUtils;
-
-import java.rmi.RemoteException;
-
-/**
- * This publishes the airavata-default-xacml-policy.xml to the PDP via PAP API (of WSO2 Identity Server)
- */
-public class DefaultPAPClient {
-
- private final static Logger logger = LoggerFactory.getLogger(DefaultPAPClient.class);
- private EntitlementPolicyAdminServiceStub entitlementPolicyAdminServiceStub;
-
- public DefaultPAPClient(String auhorizationServerURL, String username, String password,
- ConfigurationContext configCtx) throws AiravataSecurityException {
- try {
-
- String PDPURL = auhorizationServerURL + "EntitlementPolicyAdminService";
- entitlementPolicyAdminServiceStub = new EntitlementPolicyAdminServiceStub(configCtx, PDPURL);
- CarbonUtils.setBasicAccessSecurityHeaders(username, password, true,
- entitlementPolicyAdminServiceStub._getServiceClient());
- } catch (AxisFault e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error initializing XACML PEP client.");
- }
-
- }
-
- public boolean isPolicyAdded(String policyName) {
- try {
- PolicyDTO policyDTO = entitlementPolicyAdminServiceStub.getPolicy(policyName, false);
- } catch (RemoteException e) {
- logger.debug("Error in retrieving the policy.", e);
- return false;
- } catch (EntitlementPolicyAdminServiceEntitlementException e) {
- logger.debug("Error in retrieving the policy.", e);
- return false;
- }
- return true;
- }
-
- public void addPolicy(String policy) throws AiravataSecurityException {
- new Thread() {
- public void run() {
- try {
- PolicyDTO policyDTO = new PolicyDTO();
- policyDTO.setPolicy(policy);
- entitlementPolicyAdminServiceStub.addPolicy(policyDTO);
- entitlementPolicyAdminServiceStub.publishToPDP(new String[]{ServerSettings.getAuthorizationPoliyName()},
- EntitlementConstants.PolicyPublish.ACTION_CREATE, null, false, 0);
-
- //Since policy publishing happens asynchronously, we need to retrieve the status and verify.
- Thread.sleep(2000);
- PaginatedStatusHolder paginatedStatusHolder = entitlementPolicyAdminServiceStub.
- getStatusData(EntitlementConstants.Status.ABOUT_POLICY, ServerSettings.getAuthorizationPoliyName(),
- EntitlementConstants.StatusTypes.PUBLISH_POLICY, "*", 1);
- StatusHolder statusHolder = paginatedStatusHolder.getStatusHolders()[0];
- if (statusHolder.getSuccess() && EntitlementConstants.PolicyPublish.ACTION_CREATE.equals(statusHolder.getTargetAction())) {
- logger.info("Authorization policy is published successfully.");
- } else {
- throw new AiravataSecurityException("Failed to publish the authorization policy.");
- }
-
- //enable the published policy
- entitlementPolicyAdminServiceStub.enableDisablePolicy(ServerSettings.getAuthorizationPoliyName(), true);
- //Since policy enabling happens asynchronously, we need to retrieve the status and verify.
- Thread.sleep(2000);
- paginatedStatusHolder = entitlementPolicyAdminServiceStub.
- getStatusData(EntitlementConstants.Status.ABOUT_POLICY, ServerSettings.getAuthorizationPoliyName(),
- EntitlementConstants.StatusTypes.PUBLISH_POLICY, "*", 1);
- statusHolder = paginatedStatusHolder.getStatusHolders()[0];
- if (statusHolder.getSuccess() && EntitlementConstants.PolicyPublish.ACTION_ENABLE.equals(statusHolder.getTargetAction())) {
- logger.info("Authorization policy is enabled successfully.");
- } else {
- throw new AiravataSecurityException("Failed to enable the authorization policy.");
- }
- } catch (RemoteException e) {
- logger.error(e.getMessage(), e);
- } catch (InterruptedException e) {
- logger.error(e.getMessage(), e);
- } catch (ApplicationSettingsException e) {
- logger.error(e.getMessage(), e);
- } catch (AiravataSecurityException e) {
- logger.error(e.getMessage(), e);
- } catch (EntitlementPolicyAdminServiceEntitlementException e) {
- logger.error(e.getMessage(), e);
- }
- }
- }.start();
- }
-}
diff --git a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/xacml/DefaultXACMLPEP.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/xacml/DefaultXACMLPEP.java
deleted file mode 100644
index a4e7f98..0000000
--- a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/xacml/DefaultXACMLPEP.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.airavata.service.security.xacml;
-
-import org.apache.airavata.common.utils.Constants;
-import org.apache.airavata.model.security.AuthzToken;
-import org.apache.airavata.security.AiravataSecurityException;
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceException;
-import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub;
-import org.wso2.carbon.utils.CarbonUtils;
-import org.xml.sax.SAXException;
-
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.rmi.RemoteException;
-import java.util.Map;
-
-/**
- * This enforces XACML based fine grained authorization on the API calls, by authorizing the API calls
- * through default PDP which is WSO2 Identity Server.
- */
-public class DefaultXACMLPEP {
-
- private final static Logger logger = LoggerFactory.getLogger(DefaultXACMLPEP.class);
- private EntitlementServiceStub entitlementServiceStub;
-
- public DefaultXACMLPEP(String auhorizationServerURL, String username, String password,
- ConfigurationContext configCtx) throws AiravataSecurityException {
- try {
-
- String PDPURL = auhorizationServerURL + "EntitlementService";
- entitlementServiceStub = new EntitlementServiceStub(configCtx, PDPURL);
- CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, entitlementServiceStub._getServiceClient());
- } catch (AxisFault e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error initializing XACML PEP client.");
- }
-
- }
-
- /**
- * Send the XACML authorization request to XAML PDP and return the authorization decision.
- *
- * @param authzToken
- * @param metaData
- * @return
- */
- public boolean getAuthorizationDecision(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException {
- String decision;
- try {
- String subject = authzToken.getClaimsMap().get(Constants.USER_NAME);
- //FIXME hacky way to fix OpenID -> CILogon issue in WSO2 IS
- if(subject.startsWith("http://")){
- subject = subject.substring(6);
- }
- String action = "/airavata/" + metaData.get(Constants.API_METHOD_NAME);
- String decisionString = entitlementServiceStub.getDecisionByAttributes(subject, null, action, null);
- //parse the XML decision string and obtain the decision
- decision = parseDecisionString(decisionString);
- if (Constants.PERMIT.equals(decision)) {
- return true;
- } else {
- logger.error("Authorization decision is: " + decision);
- return false;
- }
- } catch (RemoteException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in authorizing the user.");
- } catch (EntitlementServiceException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in authorizing the user.");
- }
- }
-
- /**
- * This parses the XML based authorization response by the PDP and returns the decision string.
- *
- * @param decisionString
- * @return
- * @throws AiravataSecurityException
- */
- private String parseDecisionString(String decisionString) throws AiravataSecurityException {
- try {
- DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
- InputStream inputStream = new ByteArrayInputStream(decisionString.getBytes("UTF-8"));
- Document doc = docBuilderFactory.newDocumentBuilder().parse(inputStream);
- Node resultNode = doc.getDocumentElement().getFirstChild();
- Node decisionNode = resultNode.getFirstChild();
- String decision = decisionNode.getTextContent();
- return decision;
- } catch (ParserConfigurationException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in parsing XACML authorization response.");
- } catch (UnsupportedEncodingException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in parsing XACML authorization response.");
- } catch (SAXException e) {
- logger.error(e.getMessage(), e);
- throw new AiravataSecurityException("Error in parsing XACML authorization response.");
- } catch (IOException e) {
- logger.error("Error in parsing XACML authorization response.");
- throw new AiravataSecurityException("Error in parsing XACML authorization response.");
- }
- }
-}
diff --git a/dev-tools/ansible/roles/wso2_is/tasks/main.yml b/dev-tools/ansible/roles/wso2_is/tasks/main.yml
deleted file mode 100644
index a6b7573..0000000
--- a/dev-tools/ansible/roles/wso2_is/tasks/main.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-- name: install role pre-requireties
- yum: name=unzip state=latest update_cache=yes
- become: yes
-
-# downlaod wso2 is
-# extract it
-# - name: Download and unarchive wso2 is
-# unarchive: src="{{ zookeeper_url }}" dest="{{ user_home }}" copy=no owner="{{ user }}" group="{{ group }}"
-# for now wso2is from localhost
-
-- name: copy WSO2 IS
- unarchive: >
- src="{{ wso2_is_dist }}"
- dest="{{ user_home }}/"
- owner="{{ user }}"
- group="{{ group }}"
- creates="{{ user_home }}/{{ wso2_is_dir }}/bin/wso2server.sh"
-
-- name: copy carbon.xml
- template: >
- src=carbon.xml.j2
- dest="{{ user_home }}/{{ wso2_is_dir }}/repository/conf/carbon.xml"
- owner="{{ user }}"
- group="{{ group }}"
- mode="u=rw,g=r,o=r"
-
-- name: open carabon management console port
- firewalld: port=9443/tcp zone=public permanent=true state=enabled immediate=yes
- become: yes
-
-# start wso2 is server
-- name: start wso2 is
- command: ./bin/wso2server.sh start chdir="{{ user_home }}/{{ wso2_is_dir }}/" creates="{{ user_home }}/{{ wso2_is_dir }}/wso2carbon.pid"
- environment:
- JAVA_HOME: "{{ java_home }}"
-
-# - name: stop wso2 is
- # command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
-
-...
diff --git a/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2 b/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2
deleted file mode 100755
index 5f421f2..0000000
--- a/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2
+++ /dev/null
@@ -1,688 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
- Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<!--
- This is the main server configuration file
-
- ${carbon.home} represents the carbon.home system property.
- Other system properties can be specified in a similar manner.
--->
-<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
-
- <!--
- Product Name
- -->
- <Name>WSO2 Identity Server</Name>
-
- <!--
- machine readable unique key to identify each product
- -->
- <ServerKey>IS</ServerKey>
-
- <!--
- Product Version
- -->
- <Version>5.1.0</Version>
-
- <!--
- Host name or IP address of the machine hosting this server
- e.g. www.wso2.org, 192.168.1.10
- This is will become part of the End Point Reference of the
- services deployed on this server instance.
- -->
- <HostName>{{ ansible_fqdn }}</HostName>
-
- <!--
- Host name to be used for the Carbon management console
- -->
- <MgtHostName>localhost</MgtHostName>
-
- <!--
- The URL of the back end server. This is where the admin services are hosted and
- will be used by the clients in the front end server.
- This is required only for the Front-end server. This is used when seperating BE server from FE server
- -->
- <ServerURL>local:/${carbon.context}/services/</ServerURL>
- <!--
- <ServerURL>https://localhost:${carbon.management.port}${carbon.context}/services/</ServerURL>
- -->
- <!--
- The URL of the index page. This is where the user will be redirected after signing in to the
- carbon server.
- -->
- <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
-
- <!--
- For cApp deployment, we have to identify the roles that can be acted by the current server.
- The following property is used for that purpose. Any number of roles can be defined here.
- Regular expressions can be used in the role.
- Ex : <Role>.*</Role> means this server can act any role
- -->
- <ServerRoles>
- <Role>IdentityServer</Role>
- </ServerRoles>
-
- <!-- uncommnet this line to subscribe to a bam instance automatically -->
- <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
-
- <!--
- The fully qualified name of the server
- -->
- <Package>org.wso2.carbon</Package>
-
- <!--
- Webapp context root of WSO2 Carbon management console.
- -->
- <WebContextRoot>/</WebContextRoot>
-
- <!--
- Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion
- to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
- URL of the Carbon server -> https://10.100.1.1:9443/carbon
- URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
-
- appserver - proxy context path. This specially required whenever you are generating URLs to displace in
- Carbon UI components.
- -->
- <!--
- <MgtProxyContextPath></MgtProxyContextPath>
- <ProxyContextPath></ProxyContextPath>
- -->
-
- <!-- In-order to get the registry http Port from the back-end when the default http transport is not the same-->
- <!--RegistryHttpPort>9763</RegistryHttpPort-->
-
- <!--
- Number of items to be displayed on a management console page. This is used at the
- backend server for pagination of various items.
- -->
- <ItemsPerPage>15</ItemsPerPage>
-
- <!-- The endpoint URL of the cloud instance management Web service -->
- <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
-
- <!--
- Ports used by this server
- -->
- <Ports>
-
- <!-- Ports offset. This entry will set the value of the ports defined below to
- the define value + Offset.
- e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
- -->
- <Offset>0</Offset>
-
- <!-- The JMX Ports -->
- <JMX>
- <!--The port RMI registry is exposed-->
- <RMIRegistryPort>9999</RMIRegistryPort>
- <!--The port RMI server should be exposed-->
- <RMIServerPort>11111</RMIServerPort>
- </JMX>
-
- <!-- Embedded LDAP server specific ports -->
- <EmbeddedLDAP>
- <!-- Port which embedded LDAP server runs -->
- <LDAPServerPort>10389</LDAPServerPort>
- <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
- <KDCServerPort>8000</KDCServerPort>
- </EmbeddedLDAP>
-
- <!--
- Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
- -->
- <!--<JNDIProviderPort>2199</JNDIProviderPort>-->
- <!--Override receive port of thrift based entitlement service.-->
- <ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
-
- <!--
- This is the proxy port of the worker cluster. These need to be configured in a scenario where
- manager node is not exposed through the load balancer through which the workers are exposed
- therefore doesn't have a proxy port.
- <WorkerHttpProxyPort>80</WorkerHttpProxyPort>
- <WorkerHttpsProxyPort>443</WorkerHttpsProxyPort>
- -->
-
- </Ports>
-
- <!--
- JNDI Configuration
- -->
- <JNDI>
- <!--
- The fully qualified name of the default initial context factory
- -->
- <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
- <!--
- The restrictions that are done to various JNDI Contexts in a Multi-tenant environment
- -->
- <Restrictions>
- <!--
- Contexts that will be available only to the super-tenant
- -->
- <!-- <SuperTenantOnly>
- <UrlContexts>
- <UrlContext>
- <Scheme>foo</Scheme>
- </UrlContext>
- <UrlContext>
- <Scheme>bar</Scheme>
- </UrlContext>
- </UrlContexts>
- </SuperTenantOnly> -->
- <!--
- Contexts that are common to all tenants
- -->
- <AllTenants>
- <UrlContexts>
- <UrlContext>
- <Scheme>java</Scheme>
- </UrlContext>
- <!-- <UrlContext>
- <Scheme>foo</Scheme>
- </UrlContext> -->
- </UrlContexts>
- </AllTenants>
- <!--
- All other contexts not mentioned above will be available on a per-tenant basis
- (i.e. will not be shared among tenants)
- -->
- </Restrictions>
- </JNDI>
-
- <!--
- Property to determine if the server is running an a cloud deployment environment.
- This property should only be used to determine deployment specific details that are
- applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
- -->
- <IsCloudDeployment>false</IsCloudDeployment>
-
- <!--
- Property to determine whether usage data should be collected for metering purposes
- -->
- <EnableMetering>false</EnableMetering>
-
- <!-- The Max time a thread should take for execution in seconds -->
- <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
-
- <!--
- A flag to enable or disable Ghost Deployer. By default this is set to false. That is
- because the Ghost Deployer works only with the HTTP/S transports. If you are using
- other transports, don't enable Ghost Deployer.
- -->
- <GhostDeployment>
- <Enabled>false</Enabled>
- </GhostDeployment>
-
-
- <!--
- Eager loading or lazy loading is a design pattern commonly used in computer programming which
- will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to
- load tenant when a request is received only. Similarly Eager loading is used to enable load
- existing tenants after carbon server starts up. Using this feature, you will be able to include
- or exclude tenants which are to be loaded when server startup.
-
- We can enable only one LoadingPolicy at a given time.
-
- 1. Tenant Lazy Loading
- This is the default behaviour and enabled by default. With this policy, tenants are not loaded at
- server startup, but loaded based on-demand (i.e when a request is received for a tenant).
- The default tenant idle time is 30 minutes.
-
- 2. Tenant Eager Loading
- This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section.
- The eager loading configurations supported are as below. These configurations can be given as the
- value for <Include> element with eager loading.
- (i)Load all tenants when server startup - *
- (ii)Load all tenants except foo.com & bar.com - *,!foo.com,!bar.com
- (iii)Load only foo.com & bar.com to be included - foo.com,bar.com
- -->
- <Tenant>
- <LoadingPolicy>
- <LazyLoading>
- <IdleTime>30</IdleTime>
- </LazyLoading>
- <!-- <EagerLoading>
- <Include>*,!foo.com,!bar.com</Include>
- </EagerLoading>-->
- </LoadingPolicy>
- </Tenant>
-
- <!--
- Caching related configurations
- -->
- <Cache>
- <!-- Default cache timeout in minutes -->
- <DefaultCacheTimeout>15</DefaultCacheTimeout>
- </Cache>
-
- <!--
- Axis2 related configurations
- -->
- <Axis2Config>
- <!--
- Location of the Axis2 Services & Modules repository
-
- This can be a directory in the local file system, or a URL.
-
- e.g.
- 1. /home/wso2wsas/repository/ - An absolute path
- 2. repository - In this case, the path is relative to CARBON_HOME
- 3. file:///home/wso2wsas/repository/
- 4. http://wso2wsas/repository/
- -->
- <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
-
- <!--
- Deployment update interval in seconds. This is the interval between repository listener
- executions.
- -->
- <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
-
- <!--
- Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
-
- This can be a file on the local file system, or a URL
-
- e.g.
- 1. /home/repository/axis2.xml - An absolute path
- 2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
- 3. file:///home/carbon/repository/axis2.xml
- 4. http://repository/conf/axis2.xml
- -->
- <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
-
- <!--
- ServiceGroupContextIdleTime, which will be set in ConfigurationContex
- for multiple clients which are going to access the same ServiceGroupContext
- Default Value is 30 Sec.
- -->
- <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
-
- <!--
- This repository location is used to crete the client side configuration
- context used by the server when calling admin services.
- -->
- <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
- <!-- This axis2 xml is used in createing the configuration context by the FE server
- calling to BE server -->
- <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
- <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
- <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
-
- <!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
- With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks.
- Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
- <!--HttpAdminServices>*</HttpAdminServices-->
-
- </Axis2Config>
-
- <!--
- The default user roles which will be created when the server
- is started up for the first time.
- -->
- <ServiceUserRoles>
- <Role>
- <Name>admin</Name>
- <Description>Default Administrator Role</Description>
- </Role>
- <Role>
- <Name>user</Name>
- <Description>Default User Role</Description>
- </Role>
- </ServiceUserRoles>
-
- <!--
- Enable following config to allow Emails as usernames.
- -->
- <!--EnableEmailUserName>true</EnableEmailUserName-->
-
- <!--
- Security configurations
- -->
- <Security>
- <!--
- KeyStore which will be used for encrypting/decrypting passwords
- and other sensitive information.
- -->
- <KeyStore>
- <!-- Keystore file location-->
- <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
- <!-- Keystore type (JKS/PKCS12 etc.)-->
- <Type>JKS</Type>
- <!-- Keystore password-->
- <Password>wso2carbon</Password>
- <!-- Private Key alias-->
- <KeyAlias>wso2carbon</KeyAlias>
- <!-- Private Key password-->
- <KeyPassword>wso2carbon</KeyPassword>
- </KeyStore>
-
- <!--
- System wide trust-store which is used to maintain the certificates of all
- the trusted parties.
- -->
- <TrustStore>
- <!-- trust-store file location -->
- <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
- <!-- trust-store type (JKS/PKCS12 etc.) -->
- <Type>JKS</Type>
- <!-- trust-store password -->
- <Password>wso2carbon</Password>
- </TrustStore>
-
- <!--
- The Authenticator configuration to be used at the JVM level. We extend the
- java.net.Authenticator to make it possible to authenticate to given servers and
- proxies.
- -->
- <NetworkAuthenticatorConfig>
- <!--
- Below is a sample configuration for a single authenticator. Please note that
- all child elements are mandatory. Not having some child elements would lead to
- exceptions at runtime.
- -->
- <!-- <Credential> -->
- <!--
- the pattern that would match a subset of URLs for which this authenticator
- would be used
- -->
- <!-- <Pattern>regularExpression</Pattern> -->
- <!--
- the type of this authenticator. Allowed values are:
- 1. server
- 2. proxy
- -->
- <!-- <Type>proxy</Type> -->
- <!-- the username used to log in to server/proxy -->
- <!-- <Username>username</Username> -->
- <!-- the password used to log in to server/proxy -->
- <!-- <Password>password</Password> -->
- <!-- </Credential> -->
- </NetworkAuthenticatorConfig>
-
- <!--
- The Tomcat realm to be used for hosted Web applications. Allowed values are;
- 1. UserManager
- 2. Memory
-
- If this is set to 'UserManager', the realm will pick users & roles from the system's
- WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
- CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
- -->
- <TomcatRealm>UserManager</TomcatRealm>
-
- <!--Option to disable storing of tokens issued by STS-->
- <DisableTokenStore>false</DisableTokenStore>
-
- <!--
- Security token store class name. If this is not set, default class will be
- org.wso2.carbon.security.util.SecurityTokenStore
- -->
- <TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName>
-
-
-
- <!-- Configurations to avoid Cross Site Request Forgery vulnerabilities -->
- <CSRFPreventionConfig>
- <!-- CSRFPreventionFilter configurations that adopts Synchronizer Token Pattern -->
- <CSRFPreventionFilter>
- <!-- Set below to true to enable the CSRFPreventionFilter -->
- <Enabled>false</Enabled>
- <!-- Url Pattern to skip application of CSRF protection-->
- <SkipUrlPattern>(.*)(/images|/css|/js|/docs)(.*)</SkipUrlPattern>
- </CSRFPreventionFilter>
- </CSRFPreventionConfig>
-
- <!-- Configuration to enable or disable CR and LF sanitization filter-->
- <CRLFPreventionConfig>
- <!--Set below to true to enable the CRLFPreventionFilter-->
- <Enabled>true</Enabled>
- </CRLFPreventionConfig>
- </Security>
-
- <!--
- The temporary work directory
- -->
- <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
-
- <!--
- House-keeping configuration
- -->
- <HouseKeeping>
-
- <!--
- true - Start House-keeping thread on server startup
- false - Do not start House-keeping thread on server startup.
- The user will run it manually as and when he wishes.
- -->
- <AutoStart>true</AutoStart>
-
- <!--
- The interval in *minutes*, between house-keeping runs
- -->
- <Interval>10</Interval>
-
- <!--
- The maximum time in *minutes*, temp files are allowed to live
- in the system. Files/directories which were modified more than
- "MaxTempFileLifetime" minutes ago will be removed by the
- house-keeping task
- -->
- <MaxTempFileLifetime>30</MaxTempFileLifetime>
- </HouseKeeping>
-
- <!--
- Configuration for handling different types of file upload & other file uploading related
- config parameters.
- To map all actions to a particular FileUploadExecutor, use
- <Action>*</Action>
- -->
- <FileUploadConfig>
- <!--
- The total file upload size limit in MB
- -->
- <TotalFileSizeLimit>100</TotalFileSizeLimit>
-
- <Mapping>
- <Actions>
- <Action>keystore</Action>
- <Action>certificate</Action>
- <Action>*</Action>
- </Actions>
- <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
- </Mapping>
-
- <Mapping>
- <Actions>
- <Action>jarZip</Action>
- </Actions>
- <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
- </Mapping>
- <Mapping>
- <Actions>
- <Action>dbs</Action>
- </Actions>
- <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
- </Mapping>
- <Mapping>
- <Actions>
- <Action>tools</Action>
- </Actions>
- <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
- </Mapping>
- <Mapping>
- <Actions>
- <Action>toolsAny</Action>
- </Actions>
- <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
- </Mapping>
- </FileUploadConfig>
-
- <!-- FileNameRegEx is used to validate the file input/upload/write-out names.
- e.g.
- <FileNameRegEx>^(?!(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])(?:\.[^.])?$)[^<>:"/\\|?*\x00-\x1F][^<>:"/\\|?*\x00-\x1F\ .]$</FileNameRegEx>
- -->
- <!--<FileNameRegEx></FileNameRegEx>-->
-
- <!--
- Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
-
- In order to plug in a processor to handle a special request, simply add an entry to this
- section.
-
- The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
- which needs special processing
-
- The value of the Class element is a class which implements
- org.wso2.carbon.transport.HttpGetRequestProcessor
- -->
- <HttpGetRequestProcessors>
- <Processor>
- <Item>info</Item>
- <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
- </Processor>
- <Processor>
- <Item>wsdl</Item>
- <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
- </Processor>
- <Processor>
- <Item>wsdl2</Item>
- <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
- </Processor>
- <Processor>
- <Item>xsd</Item>
- <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
- </Processor>
- </HttpGetRequestProcessors>
-
- <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
- In master nodes you need to set both AutoCommit and AutoCheckout to true
- and in worker nodes set only AutoCheckout to true.
- -->
- <DeploymentSynchronizer>
- <Enabled>false</Enabled>
- <AutoCommit>false</AutoCommit>
- <AutoCheckout>true</AutoCheckout>
- <RepositoryType>svn</RepositoryType>
- <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
- <SvnUser>username</SvnUser>
- <SvnPassword>password</SvnPassword>
- <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
- </DeploymentSynchronizer>
-
- <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
- In master nodes you need to set both AutoCommit and AutoCheckout to true
- and in worker nodes set only AutoCheckout to true.
- -->
- <!--<DeploymentSynchronizer>
- <Enabled>true</Enabled>
- <AutoCommit>false</AutoCommit>
- <AutoCheckout>true</AutoCheckout>
- </DeploymentSynchronizer>-->
-
- <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
- <!--<MediationConfig>
- <LoadFromRegistry>false</LoadFromRegistry>
- <SaveToFile>false</SaveToFile>
- <Persistence>enabled</Persistence>
- <RegistryPersistence>enabled</RegistryPersistence>
- </MediationConfig>-->
-
- <!--
- Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
- This code will be run when the Carbon server is initialized
- -->
- <ServerInitializers>
- <!--<Initializer></Initializer>-->
- </ServerInitializers>
-
- <!--
- Indicates whether the Carbon Servlet is required by the system, and whether it should be
- registered
- -->
- <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
-
- <!--
- Carbon H2 OSGI Configuration
- By default non of the servers start.
- name="web" - Start the web server with the H2 Console
- name="webPort" - The port (default: 8082)
- name="webAllowOthers" - Allow other computers to connect
- name="webSSL" - Use encrypted (HTTPS) connections
- name="tcp" - Start the TCP server
- name="tcpPort" - The port (default: 9092)
- name="tcpAllowOthers" - Allow other computers to connect
- name="tcpSSL" - Use encrypted (SSL) connections
- name="pg" - Start the PG server
- name="pgPort" - The port (default: 5435)
- name="pgAllowOthers" - Allow other computers to connect
- name="trace" - Print additional trace information; for all servers
- name="baseDir" - The base directory for H2 databases; for all servers
- -->
- <!--H2DatabaseConfiguration>
- <property name="web" />
- <property name="webPort">8082</property>
- <property name="webAllowOthers" />
- <property name="webSSL" />
- <property name="tcp" />
- <property name="tcpPort">9092</property>
- <property name="tcpAllowOthers" />
- <property name="tcpSSL" />
- <property name="pg" />
- <property name="pgPort">5435</property>
- <property name="pgAllowOthers" />
- <property name="trace" />
- <property name="baseDir">${carbon.home}</property>
- </H2DatabaseConfiguration-->
- <!--Disabling statistics reporter by default-->
- <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
-
- <!-- Enable accessing Admin Console via HTTP -->
- <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
-
- <!--
- Default Feature Repository of WSO2 Carbon.
- -->
- <FeatureRepository>
- <RepositoryName>default repository</RepositoryName>
- <RepositoryURL>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</RepositoryURL>
- </FeatureRepository>
-
- <!--
- Configure API Management
- -->
- <APIManagement>
-
- <!--Uses the embedded API Manager by default. If you want to use an external
- API Manager instance to manage APIs, configure below externalAPIManager-->
-
- <Enabled>true</Enabled>
-
- <!--Uncomment and configure API Gateway and
- Publisher URLs to use external API Manager instance-->
-
- <!--ExternalAPIManager>
-
- <APIGatewayURL>http://localhost:8281</APIGatewayURL>
- <APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
-
- </ExternalAPIManager-->
-
- <LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
- </APIManagement>
-</Server>
diff --git a/dev-tools/ansible/roles/wso2_is/vars/main.yml b/dev-tools/ansible/roles/wso2_is/vars/main.yml
deleted file mode 100644
index d82fd44..0000000
--- a/dev-tools/ansible/roles/wso2_is/vars/main.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-#Variables associated with this role
-# Oracle Java 8
-java_dir_source: "/usr/local/src"
-
-java_version: 8
-java_version_update: 91
-java_version_build: '14'
-java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}"
-java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}"
-
-java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm"
-java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}"
-
-wso2_is_rul: http://wso2.com/products/identity-server/#download
-wso2_is_dist: wso2is-5.1.0.zip
-wso2_is_dir: wso2is-5.1.0
-...
diff --git a/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml b/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
deleted file mode 100644
index b575aa5..0000000
--- a/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
+++ /dev/null
@@ -1,211 +0,0 @@
-<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="airavata-default-xacml-policy"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
- <Target/>
- <Rule Effect="Permit" RuleId="admin-permit">
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/airavata/*</AttributeValue>
- <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue>
- <AttributeDesignator AttributeId="http://wso2.org/claims/role"
- Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
- </Apply>
- </Condition>
- </Rule>
- <Rule Effect="Permit" RuleId="admin-read-only-permit">
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^(?:(?!
-/airavata/getAllGateways|
-/airavata/getGateway|
-/airavata/getSSHPubKey|
-/airavata/getAllGatewaySSHPubKeys|
-/airavata/getAllGatewayPWDCredentials|
-/airavata/getApplicationModule|
-/airavata/getAllAppModules|
-/airavata/getApplicationDeployment|
-/airavata/getAllApplicationDeployments|
-/airavata/getAppModuleDeployedResources|
-/airavata/getStorageResource|
-/airavata/getAllStorageResourceNames|
-/airavata/getSCPDataMovement|
-/airavata/getUnicoreDataMovement|
-/airavata/getGridFTPDataMovement|
-/airavata/getResourceJobManager|
-/airavata/deleteResourceJobManager|
-/airavata/getGatewayResourceProfile|
-/airavata/getGatewayComputeResourcePreference|
-/airavata/getGatewayStoragePreference|
-/airavata/getAllGatewayComputeResourcePreferences|
-/airavata/getAllGatewayStoragePreferences|
-/airavata/getAllGatewayResourceProfiles|
-/airavata/getAPIVersion|
-/airavata/getNotification|
-/airavata/getAllNotifications|
-/airavata/createProject|
-/airavata/updateProject|
-/airavata/getProject|
-/airavata/deleteProject|
-/airavata/getUserProjects|
-/airavata/searchProjects|
-/airavata/searchExperiments|
-/airavata/getExperimentStatistics|
-/airavata/getExperimentsInProject|
-/airavata/getUserExperiments|
-/airavata/createExperiment|
-/airavata/deleteExperiment|
-/airavata/getExperiment|
-/airavata/getExperimentByAdmin|
-/airavata/getDetailedExperimentTree|
-/airavata/updateExperiment|
-/airavata/updateExperimentConfiguration|
-/airavata/updateResourceScheduleing|
-/airavata/validateExperiment|
-/airavata/launchExperiment|
-/airavata/getExperimentStatus|
-/airavata/getExperimentOutputs|
-/airavata/getIntermediateOutputs|
-/airavata/getJobStatuses|
-/airavata/getJobDetails|
-/airavata/cloneExperiment|
-/airavata/cloneExperimentByAdmin|
-/airavata/terminateExperiment|
-/airavata/getApplicationInterface|
-/airavata/getAllApplicationInterfaceNames|
-/airavata/getAllApplicationInterfaces|
-/airavata/getApplicationInputs|
-/airavata/getApplicationOutputs|
-/airavata/getAvailableAppInterfaceComputeResources|
-/airavata/getComputeResource|
-/airavata/getAllComputeResourceNames|
-/airavata/getWorkflow|
-/airavata/getWorkflowTemplateId|
-/airavata/isWorkflowExistWithName|
-/airavata/getAllUsersInGateway|
-/airavata/shareResourceWithUsers|
-/airavata/revokeSharingOfResourceFromUsers|
-/airavata/getAllAccessibleUsers|
-/airavata/registerDataProduct|
-/airavata/getDataProduct|
-/airavata/registerReplicaLocation|
-/airavata/getParentDataProduct|
-/airavata/getChildDataProducts|
-/airavata/addUserProfile|
-/airavata/updateUserProfile|
-/airavata/getUserProfileById|
-/airavata/deleteUserProfile|
-/airavata/getAllUserProfilesInGateway|
-/airavata/getUserProfileByName|
-/airavata/doesUserProfileExist).)*$\r?\n?
-</AttributeValue>
- <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin-read-only</AttributeValue>
- <AttributeDesignator AttributeId="http://wso2.org/claims/role"
- Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
- </Apply>
- </Condition>
- </Rule>
- <Rule Effect="Permit" RuleId="user-permit">
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^(?:(?!
-/airavata/getAPIVersion|
-/airavata/getAllGateways|
-/airavata/getGateway|
-/airavata/getNotification|
-/airavata/getAllNotifications|
-/airavata/createProject|
-/airavata/updateProject|
-/airavata/getProject|
-/airavata/deleteProject|
-/airavata/getUserProjects|
-/airavata/searchsearchProjects|
-/airavata/searchExperiments|
-/airavata/getExperimentsInProject|
-/airavata/getUserExperiments|
-/airavata/createExperiment|
-/airavata/deleteExperiment|
-/airavata/getExperiment|
-/airavata/updateExperiment|
-/airavata/updateExperimentConfiguration|
-/airavata/updateResourceScheduleing|
-/airavata/validateExperiment|
-/airavata/launchExperiment|
-/airavata/getExperimentStatus|
-/airavata/getExperimentOutputs|
-/airavata/getIntermediateOutputs|
-/airavata/getJobStatuses|
-/airavata/getJobDetails|
-/airavata/cloneExperiment|
-/airavata/terminateExperiment|
-/airavata/getApplicationInterface|
-/airavata/getAllApplicationInterfaceNames|
-/airavata/getAllApplicationInterfaces|
-/airavata/getApplicationInputs|
-/airavata/getApplicationOutputs|
-/airavata/getAvailableAppInterfaceComputeResources|
-/airavata/getComputeResource|
-/airavata/getAllComputeResourceNames|
-/airavata/getWorkflow|
-/airavata/getWorkflowTemplateId|
-/airavata/isWorkflowExistWithName|
-/airavata/getAllUsersInGateway|
-/airavata/shareResourceWithUsers|
-/airavata/revokeSharingOfResourceFromUsers|
-/airavata/getAllAccessibleUsers|
-/airavata/registerDataProduct|
-/airavata/getDataProduct|
-/airavata/registerReplicaLocation|
-/airavata/getParentDataProduct|
-/airavata/getChildDataProducts|
-/airavata/addUserProfile|
-/airavata/updateUserProfile|
-/airavata/getUserProfileById|
-/airavata/deleteUserProfile|
-/airavata/getAllUserProfilesInGateway|
-/airavata/getUserProfileByName|
-/airavata/doesUserProfileExist).)*$\r?\n?
-</AttributeValue>
- <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">gateway-user</AttributeValue>
- <AttributeDesignator AttributeId="http://wso2.org/claims/role"
- Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
- </Apply>
- </Condition>
- </Rule>
- <Rule Effect="Deny" RuleId="deny-rule"/>
-</Policy>
-
diff --git a/modules/configuration/server/src/main/resources/gfac-config.yaml b/modules/configuration/server/src/main/resources/gfac-config.yaml
deleted file mode 100644
index 109af97..0000000
--- a/modules/configuration/server/src/main/resources/gfac-config.yaml
+++ /dev/null
@@ -1,121 +0,0 @@
-##################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-################################################################
-
-jobSubmitters:
- - submissionProtocol: SSH
- taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
-# properties:
-# - userName: airavata
-# passPhrase: airavata
-# privateKeyPath: /path/to/the/privatekey
-# publicKeyPath: /path/to/the/publickey
-# hostName: remote.client.hostName
-
- - submissionProtocol: SSH_FORK
- taskClass: org.apache.airavata.gfac.impl.task.ForkJobSubmissionTask
-
- - submissionProtocol: LOCAL
- taskClass: org.apache.airavata.gfac.impl.task.LocalJobSubmissionTask
-
- - submissionProtocol: CLOUD
- taskClass: org.apache.airavata.gfac.impl.task.AuroraJobSubmissionTask
-
-# Following job subbmitters are not yet implemented.
-
- # - submissionProtocol: GSISSH
- # taskClass: org.apache.airavata.task.adapters.GSISSHJobSubmissionTask
-commonTasks:
- - type: SETUP
- taskClass: org.apache.airavata.task.common.SetupTask
-
- - type: CLEANUP
- taskClass: org.apache.airavata.task.common.CleanupTask
-
-fileTransferTasks:
- - transferProtocol: SCP
- taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask
- - transferProtocol: LOCAL
- taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask
-
-# If your client doen't run the same instance where airavata server is running then you need to comment above
-# DataStageTask and uncomment SCPDataStageTask. To work with SCPDataStageTask, you either need to
-# provide ssh keys or password.
-
-# - transferProtocol: SCP
-# taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask
-# properties:
-# - userName: airavata
-# passPhrase: airavata
-# privateKeyPath: /path/to/the/privatekey
-# publicKeyPath: /path/to/the/publickey
-# hostName: remote.client.hostName
-# inputPath: /path/to/data/dir
-## password: password
-
-# Following transfer tasks are not yet implemented.
- #- transferProtocol: SFTP
- # taskClass: org.apache.airavata.task.adapters.SFTPFileTransferTask
-
- #- transferProtocol: GRIDFTP
- # taskClass: org.apache.airavata.task.adapters.GRIDFTPFileTransferTask
-
- #- transferProtocol: LOCAL
- # taskClass: org.apache.airavata.task.adapters.LocalFileTransferTask
-
-resources:
- - jobManagerType: PBS
- commandOutputParser: org.apache.airavata.gfac.impl.job.PBSOutputParser
- emailParser: org.apache.airavata.gfac.monitor.email.parser.PBSEmailParser
- resourceEmailAddresses:
- - pbsconsult@sdsc.edu # gordon
- - adm@trident.bigred2.uits.iu.edu # Bigred2
- - root <ad...@trident.bigred2.uits.iu.edu> # Bigred2
- - root <ad...@scyld.localdomain> # alamo
- - gordon-fe2.local # Gordon
-
- - jobManagerType: SLURM
- commandOutputParser: org.apache.airavata.gfac.impl.job.SlurmOutputParser
- emailParser: org.apache.airavata.gfac.monitor.email.parser.SLURMEmailParser
- resourceEmailAddresses:
- - slurm@comet # comet
- - slurm@batch1.stampede.tacc.utexas.edu # stampede
- - root@master.ls5.tacc.utexas.edu # Lonestar 5
- - slurm@jurecab01.zam.kfa-juelich.de # Jureca
-
- - jobManagerType: UGE
- commandOutputParser: org.apache.airavata.gfac.impl.job.UGEOutputParser
- emailParser: org.apache.airavata.gfac.monitor.email.parser.UGEEmailParser
- resourceEmailAddresses:
- - ls4.tacc.utexas.edu # contain Lonestar
-
- - jobManagerType: LSF
- commandOutputParser: org.apache.airavata.gfac.impl.job.LSFOutputParser
- emailParser: org.apache.airavata.gfac.monitor.email.parser.LSFEmailParser
- resourceEmailAddresses:
- - iu.xsede.edu # test resource mail address
-
- - jobManagerType: FORK
- commandOutputParser: org.apache.airavata.gfac.impl.job.ForkOutputParser
-
- - jobManagerType: AIRAVATA_CUSTOM
- commandOutputParser: org.apache.airavata.gfac.impl.job.AiravataCustomCommandOutputParser
- emailParser: org.apache.airavata.gfac.monitor.email.parser.AiravataCustomMailParser
- resourceEmailAddresses:
- - gw56jobs@scigap.org
diff --git a/modules/configuration/server/src/main/resources/wso2carbon.pem b/modules/configuration/server/src/main/resources/wso2carbon.pem
deleted file mode 100644
index 8c02f03..0000000
Binary files a/modules/configuration/server/src/main/resources/wso2carbon.pem and /dev/null differ
diff --git a/modules/configuration/server/src/main/resources/zoo.cfg b/modules/configuration/server/src/main/resources/zoo.cfg
deleted file mode 100644
index add0758..0000000
--- a/modules/configuration/server/src/main/resources/zoo.cfg
+++ /dev/null
@@ -1,22 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-tickTime=2000
-initLimit=10
-syncLimit=5
-dataDir=data
-clientPort=2181
\ No newline at end of file
diff --git a/modules/distribution/pom.xml b/modules/distribution/pom.xml
index 3af2cce..6b6e2c0 100644
--- a/modules/distribution/pom.xml
+++ b/modules/distribution/pom.xml
@@ -208,13 +208,6 @@
<groupId>org.apache.airavata</groupId>
<artifactId>airavata-api-server</artifactId>
<version>${project.version}</version>
- <!-- This httpcore version prevents IamAdminServices Keycloak REST client from working -->
- <exclusions>
- <exclusion>
- <groupId>org.apache.httpcomponents.wso2</groupId>
- <artifactId>httpcore</artifactId>
- </exclusion>
- </exclusions>
</dependency>
<dependency>
<groupId>org.apache.airavata</groupId>