You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sm...@apache.org on 2015/08/17 06:09:04 UTC
[02/10] airavata git commit: adding some missing files from previous
commit.
adding some missing files from previous commit.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/7ef83689
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/7ef83689
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/7ef83689
Branch: refs/heads/master
Commit: 7ef83689624cf135234976b4abb2d3fd7b43499b
Parents: 6ec2a39
Author: hasinitg <ha...@gmail.com>
Authored: Fri Jul 31 17:13:46 2015 +0530
Committer: hasinitg <ha...@gmail.com>
Committed: Fri Jul 31 17:13:46 2015 +0530
----------------------------------------------------------------------
.../server/security/AiravataSecurityManager.java | 2 +-
.../security/DefaultAiravataSecurityManager.java | 2 +-
.../api/server/security/SecurityInterceptor.java | 18 +++++++++++++-----
3 files changed, 15 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/7ef83689/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java
index 5937d3e..348675f 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java
@@ -24,5 +24,5 @@ import org.apache.airavata.model.security.AuthzToken;
import org.apache.airavata.security.AiravataSecurityException;
public interface AiravataSecurityManager {
- public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws AiravataSecurityException;
+ public boolean isUserAuthorized(AuthzToken authzToken) throws AiravataSecurityException;
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/7ef83689/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
index 739a1ec..9d7c959 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java
@@ -37,7 +37,7 @@ import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO
public class DefaultAiravataSecurityManager implements AiravataSecurityManager {
private final static Logger logger = LoggerFactory.getLogger(DefaultAiravataSecurityManager.class);
- public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws AiravataSecurityException {
+ public boolean isUserAuthorized(AuthzToken authzToken) throws AiravataSecurityException {
try {
ConfigurationContext configContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
http://git-wip-us.apache.org/repos/asf/airavata/blob/7ef83689/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
index ac89092..cf8f7e2 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityInterceptor.java
@@ -28,7 +28,6 @@ import org.apache.airavata.model.security.AuthzToken;
import org.apache.airavata.security.AiravataSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.Arrays;
/**
* Interceptor of Airavata API calls for the purpose of applying security.
@@ -37,17 +36,26 @@ public class SecurityInterceptor implements MethodInterceptor{
private final static Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class);
@Override
public Object invoke(MethodInvocation invocation) throws Throwable {
- authenticateNAuthorize((AuthzToken) invocation.getArguments()[0]);
- return invocation.proceed();
+ //obtain the authz token from the input parameters
+ AuthzToken authzToken = (AuthzToken) invocation.getArguments()[0];
+ //authorize the API call
+ authorize(authzToken);
+ //set the user identity info in a thread local to be used in downstream execution.
+ IdentityContext.set(authzToken);
+ //let the method call procees upon successful authorization
+ Object returnObj = invocation.proceed();
+ //clean the identity context before the method call returns
+ IdentityContext.unset();
+ return returnObj;
}
- private void authenticateNAuthorize(AuthzToken authzToken) throws AuthorizationException {
+ private void authorize(AuthzToken authzToken) throws AuthorizationException {
try {
boolean isAPISecured = ServerSettings.isAPISecured();
if (isAPISecured) {
AiravataSecurityManager securityManager = SecurityManagerFactory.getSecurityManager();
- boolean isAuthz = securityManager.isUserAuthenticatedAndAuthorized(authzToken);
+ boolean isAuthz = securityManager.isUserAuthorized(authzToken);
if (!isAuthz) {
throw new AuthorizationException("User is not authenticated or authorized.");
}