You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/10/07 17:25:36 UTC
[5/7] airavata git commit: WIP
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java
deleted file mode 100755
index fc4b33a..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java
+++ /dev/null
@@ -1,541 +0,0 @@
-/**
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- *
-=======
- *
->>>>>>> adding more files
- */
-package org.apache.airavata.grouper.resource;
-
-import edu.internet2.middleware.grouper.*;
-import edu.internet2.middleware.grouper.Stem.Scope;
-import edu.internet2.middleware.grouper.attr.*;
-import edu.internet2.middleware.grouper.attr.assign.AttributeAssignAction;
-import edu.internet2.middleware.grouper.attr.finder.AttributeDefFinder;
-import edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder;
-import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
-import edu.internet2.middleware.grouper.misc.SaveMode;
-import edu.internet2.middleware.grouper.permissions.PermissionAllowed;
-import edu.internet2.middleware.grouper.permissions.PermissionEntry;
-import edu.internet2.middleware.grouper.permissions.PermissionFinder;
-import edu.internet2.middleware.subject.Subject;
-import edu.internet2.middleware.subject.SubjectNotFoundException;
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-import org.apache.airavata.grouper.AiravataGrouperUtil;
-=======
->>>>>>> adding more files
-import org.apache.airavata.grouper.SubjectType;
-import org.apache.airavata.grouper.group.GroupServiceImpl;
-import org.apache.airavata.grouper.permission.PermissionAction;
-import org.apache.airavata.grouper.permission.PermissionServiceImpl;
-import org.apache.airavata.grouper.role.RoleServiceImpl;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import static org.apache.airavata.grouper.AiravataGrouperUtil.*;
-import static org.apache.airavata.grouper.permission.PermissionAction.READ;
-import static org.apache.airavata.grouper.permission.PermissionAction.WRITE;
-import static org.apache.airavata.grouper.resource.ResourceType.*;
-
-/**
- * @author vsachdeva
- *
- */
-public class ResourceServiceImpl {
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-
- //TODO: break this method into smaller methods
- public void createResource(Resource resource) throws ResourceNotFoundException {
-
- validateResource(resource);
-
-=======
-
-
- //TODO: break this method into smaller methods
- public void createResource(Resource resource) throws ResourceNotFoundException {
-
- validateResource(resource);
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- AttributeDefName parentAttributeDefName = null;
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // make sure that the parent resource exists in grouper if it is in the request
- if (resource.getParentResourceId() != null) {
- parentAttributeDefName = AttributeDefNameFinder.findByName(resource.getResourceType().getParentResoruceType()
- .getStemFromResourceType()+COLON+resource.getParentResourceId(), false);
- if (parentAttributeDefName == null) {
- throw new ResourceNotFoundException(resource.getParentResourceId() +" was not found.");
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- Subject subject = SubjectFinder.findByIdAndSource(resource.getOwnerId(), SUBJECT_SOURCE, false);
- if (subject == null) {
- throw new IllegalArgumentException("Resource owner id "+resource.getOwnerId()+" could not be found.");
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // create an attribute def if doesn't exist
- AttributeDef attributeDef = AttributeDefFinder.findByName(PERMISSIONS_ATTRIBUTE_DEF, false);
- if (attributeDef == null) {
- AttributeDefSave attributeDefSave = new AttributeDefSave(grouperSession);
- attributeDef = attributeDefSave.assignAttributeDefType(AttributeDefType.perm).assignToGroup(true)
- .assignToEffMembership(true).assignName(PERMISSIONS_ATTRIBUTE_DEF).assignCreateParentStemsIfNotExist(true)
- .assignSaveMode(SaveMode.INSERT_OR_UPDATE).save();
- AttributeAssignAction read = attributeDef.getAttributeDefActionDelegate().addAction(READ.name());
- AttributeAssignAction write = attributeDef.getAttributeDefActionDelegate().addAction(WRITE.name());
- write.getAttributeAssignActionSetDelegate().addToAttributeAssignActionSet(read);
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // create attribute def name
- AttributeDefNameSave attributeDefNameSave = new AttributeDefNameSave(grouperSession, attributeDef);
- attributeDefNameSave.assignCreateParentStemsIfNotExist(true);
- attributeDefNameSave.assignSaveMode(SaveMode.INSERT_OR_UPDATE);
- attributeDefNameSave.assignAttributeDefNameNameToEdit(resource.getResourceType().getStemFromResourceType()+COLON+resource.getId());
- attributeDefNameSave.assignName(resource.getResourceType().getStemFromResourceType()+COLON+resource.getId());
- attributeDefNameSave.assignDescription(resource.getDescription());
- attributeDefNameSave.assignDisplayName(resource.getName());
- AttributeDefName attributeDefName = attributeDefNameSave.save();
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // set the inheritance if parent attribute def name is not null
- if (parentAttributeDefName != null) {
- parentAttributeDefName.getAttributeDefNameSetDelegate().addToAttributeDefNameSet(attributeDefName);
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- RoleServiceImpl roleService = new RoleServiceImpl();
- //TODO remove the session being passed
- Group readRole = roleService.createRole(resource.getId()+"_"+READ.name(), grouperSession);
- Group writeRole = roleService.createRole(resource.getId()+"_"+WRITE.name(), grouperSession);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- readRole.getPermissionRoleDelegate().assignRolePermission(READ.name(), attributeDefName, PermissionAllowed.ALLOWED);
- writeRole.getPermissionRoleDelegate().assignRolePermission(WRITE.name(), attributeDefName, PermissionAllowed.ALLOWED);
- writeRole.getRoleInheritanceDelegate().addRoleToInheritFromThis(readRole);
-
- // give the write role to ownerId
- roleService.assignRoleToUser(resource.getOwnerId(), resource.getId()+"_"+WRITE.name(), grouperSession);
-
-=======
-
- readRole.getPermissionRoleDelegate().assignRolePermission(READ.name(), attributeDefName, PermissionAllowed.ALLOWED);
- writeRole.getPermissionRoleDelegate().assignRolePermission(WRITE.name(), attributeDefName, PermissionAllowed.ALLOWED);
- writeRole.getRoleInheritanceDelegate().addRoleToInheritFromThis(readRole);
-
- // give the write role to ownerId
- roleService.assignRoleToUser(resource.getOwnerId(), resource.getId()+"_"+WRITE.name(), grouperSession);
-
->>>>>>> adding more files
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- public void deleteResource(String resourceId, ResourceType resourceType) throws ResourceNotFoundException {
- if (resourceId == null || resourceType == null) {
- throw new IllegalArgumentException("resouceId "+resourceId+" is null or resourceType"+resourceType+" is null.");
- }
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- AttributeDefName attributeDefName = AttributeDefNameFinder.findByName(resourceType.getStemFromResourceType()+COLON+resourceId, false);
- if (attributeDefName == null) {
- throw new ResourceNotFoundException(resourceId +" was not found.");
- }
- RoleServiceImpl roleService = new RoleServiceImpl();
- // delete all the children resources and roles
- for (AttributeDefName childAttributeDefName: attributeDefName.getAttributeDefNameSetDelegate().getAttributeDefNamesImpliedByThis()) {
- childAttributeDefName.delete();
- // don't change the order since write inherits read
- roleService.deleteRole(childAttributeDefName.getExtension()+"_"+WRITE.name(), grouperSession);
- roleService.deleteRole(childAttributeDefName.getExtension()+"_"+READ.name(), grouperSession);
- }
- attributeDefName.delete();
- // don't change the order since write inherits read
- roleService.deleteRole(resourceId+"_"+WRITE.name(), grouperSession);
- roleService.deleteRole(resourceId+"_"+READ.name(), grouperSession);
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- public Resource getResource(String resourceId, ResourceType resourceType) throws ResourceNotFoundException {
- if (resourceId == null || resourceType == null) {
- throw new IllegalArgumentException("resouceId "+resourceId+" is null or resourceType"+resourceType+" is null.");
- }
- GrouperSession grouperSession = null;
- Resource resource = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- AttributeDefName attributeDefName = AttributeDefNameFinder.findByName(resourceType.getStemFromResourceType()+COLON+resourceId, false);
- if (attributeDefName == null) {
- throw new ResourceNotFoundException(resourceId +" was not found.");
- }
- resource = new Resource(resourceId, resourceType);
- resource.setDescription(attributeDefName.getDescription());
- resource.setName(attributeDefName.getDisplayExtension());
- Set<AttributeDefName> parentAttributeDefNames = attributeDefName.getAttributeDefNameSetDelegate().getAttributeDefNamesThatImplyThisImmediate();
- if (parentAttributeDefNames != null && parentAttributeDefNames.size() > 0) {
- resource.setParentResourceId(parentAttributeDefNames.iterator().next().getExtension());
- }
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- return resource;
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- /**
- *
-=======
-
- /**
- *
->>>>>>> adding more files
- * @param userId
- * @param resourceType
- * @param actions - write or read
- * @param pageNumber - 1 index based
- * @param pageSize - items to fetch
- * @return
- * @throws SubjectNotFoundException
- */
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- public Set<Resource> getAccessibleResourcesForUser(String userId, ResourceType resourceType,
- PermissionAction action, boolean pagination, Integer pageNumber, Integer pageSize) throws SubjectNotFoundException {
-
-=======
- public Set<Resource> getAccessibleResourcesForUser(String userId, ResourceType resourceType,
- PermissionAction action, boolean pagination, Integer pageNumber, Integer pageSize) throws SubjectNotFoundException {
-
->>>>>>> adding more files
- if (userId == null || resourceType == null || action == null) {
- throw new IllegalArgumentException("Invalid input");
- }
- if (pagination && (pageNumber < 0 || pageSize < 1)) {
- throw new IllegalArgumentException("Invalid pagination properties");
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
-
-=======
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
-
->>>>>>> adding more files
- PermissionFinder permissionFinder = new PermissionFinder();
- permissionFinder.addPermissionDef(PERMISSIONS_ATTRIBUTE_DEF);
- permissionFinder.addAction(action.name());
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false);
- if (subject == null) {
- throw new SubjectNotFoundException("userId "+userId+" was not found.");
- }
- permissionFinder.addSubject(subject);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- Stem stem = StemFinder.findByName(grouperSession, resourceType.getStemFromResourceType(), true);
- permissionFinder.assignPermissionNameFolder(stem);
- permissionFinder.assignPermissionNameFolderScope(Scope.ONE);
- if (pagination) {
- QueryOptions queryOptions = new QueryOptions();
- queryOptions.paging(pageSize, pageNumber, false);
- permissionFinder.assignQueryOptions(queryOptions);
- }
- Set<PermissionEntry> permissions = permissionFinder.findPermissions();
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- Set<Resource> resources = new HashSet<Resource>();
- for (PermissionEntry entry: permissions) {
- Resource resource = new Resource(entry.getAttributeDefName().getExtension(), resourceType);
- resource.setName(entry.getAttributeDefNameDispName());
- resources.add(resource);
- }
- return resources;
-
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
- // action can be read or write only
- public Set<String> getAllAccessibleUsers(String resourceId, ResourceType resourceType, PermissionAction action) {
-
- if (resourceId == null || resourceType == null || action == null) {
- throw new IllegalArgumentException("Invalid input");
- }
-
-=======
-
- Set<Resource> resources = new HashSet<Resource>();
- for (PermissionEntry entry: permissions) {
- Resource resource = new Resource(entry.getAttributeDefNameDispName(), resourceType);
- resource.setName(entry.getAttributeDefName().getDisplayExtension());
-
- //TODO: Discuss it with Suresh and Supun. It might cause some performance issues. We probably should not populate the parent id since caller will already have it.
-// Set<AttributeDefName> parentAttributeDefNames = entry.getAttributeDefName().getAttributeDefNameSetDelegate().getAttributeDefNamesThatImplyThisImmediate();
-// if (parentAttributeDefNames != null && parentAttributeDefNames.size() > 0) {
-// resource.setParentResourceId(parentAttributeDefNames.iterator().next().getExtension());
-// }
-
- resources.add(resource);
-
- }
-
- return resources;
-
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
- // action can be read or write only
- public Set<String> getAllAccessibleUsers(String resourceId, ResourceType resourceType, PermissionAction action) {
-
- if (resourceId == null || resourceType == null || action == null) {
- throw new IllegalArgumentException("Invalid input");
- }
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- Set<String> userIds = new HashSet<String>();
- try {
- grouperSession = GrouperSession.startRootSession();
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- PermissionFinder permissionFinder = new PermissionFinder();
- permissionFinder.addPermissionDef(PERMISSIONS_ATTRIBUTE_DEF);
- permissionFinder.addAction(action.name());
-
- Stem stem = StemFinder.findByName(grouperSession, resourceType.getStemFromResourceType(), true);
- permissionFinder.assignPermissionNameFolder(stem);
- permissionFinder.assignPermissionNameFolderScope(Scope.ONE);
- permissionFinder.addRole(AiravataGrouperUtil.ROLES_STEM_NAME+ ":" + resourceId + "_" + action.toString());
- Set<PermissionEntry> permissions = permissionFinder.findPermissions();
-
-=======
-
- PermissionFinder permissionFinder = new PermissionFinder();
- permissionFinder.addPermissionDef(PERMISSIONS_ATTRIBUTE_DEF);
- permissionFinder.addAction(action.name());
-
- Stem stem = StemFinder.findByName(grouperSession, resourceType.getStemFromResourceType(), true);
- permissionFinder.assignPermissionNameFolder(stem);
- permissionFinder.assignPermissionNameFolderScope(Scope.ONE);
- Set<PermissionEntry> permissions = permissionFinder.findPermissions();
-
->>>>>>> adding more files
- for (PermissionEntry entry: permissions) {
- if (entry.getSubjectSourceId().equals(SUBJECT_SOURCE)) {
- userIds.add(entry.getSubjectId());
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- return userIds;
-
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
-=======
-
- return userIds;
-
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
->>>>>>> adding more files
- private void validateResource(Resource resource) {
- if (resource.getResourceType() == null) {
- throw new IllegalArgumentException("Resource type is a required field");
- }
- if ((resource.getResourceType().equals(EXPERIMENT) || resource.getResourceType().equals(DATA)) && resource.getParentResourceId() == null) {
- throw new IllegalArgumentException("Resource type Experiment or Data must provide valid parent resource id");
- }
- if (resource.getOwnerId() == null) {
- throw new IllegalArgumentException("Resource ownerId is a required field.");
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public static void main(String[] args) {
- ResourceServiceImpl resourceService = new ResourceServiceImpl();
-
-=======
-
- public static void main(String[] args) {
- ResourceServiceImpl resourceService = new ResourceServiceImpl();
-
->>>>>>> adding more files
- // create a Project resource
- Resource projectResource = new Resource("project resource id", PROJECT);
- projectResource.setDescription("project resource description");
- projectResource.setName("project resource name");
- projectResource.setOwnerId("airavata_id_1");
- resourceService.createResource(projectResource);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // create an Experiment resource
- Resource experimentResource = new Resource("experiment resource id", EXPERIMENT);
- experimentResource.setDescription("experiment resource description");
- experimentResource.setName("experiment resource name");
- experimentResource.setParentResourceId("project resource id");
- experimentResource.setOwnerId("airavata_id_1");
- resourceService.createResource(experimentResource);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- //create another experiment resource within the same project resource
- Resource experimentResource1 = new Resource("experiment resource id1", ResourceType.EXPERIMENT);
- experimentResource1.setDescription("experiment resource description1");
- experimentResource1.setName("experiment resource name1");
- experimentResource1.setParentResourceId("project resource id");
- experimentResource1.setOwnerId("airavata_id_1");
- resourceService.createResource(experimentResource1);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // create a data file resource
- Resource dataResource = new Resource("data resource id", ResourceType.DATA);
- dataResource.setDescription("data resource description");
- dataResource.setName("data resource name");
- dataResource.setParentResourceId("experiment resource id1");
- dataResource.setOwnerId("airavata_id_1");
- resourceService.createResource(dataResource);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- // get the experiment resource and it should have parent set to project
- Resource resource = resourceService.getResource("experiment resource id1", EXPERIMENT);
- System.out.println(resource);
-
- Set<Resource> accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, WRITE, true, 1, 2);
- System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size());
-
-
- //share the experiment with airavata_id_2
- PermissionServiceImpl permissionService = new PermissionServiceImpl();
- permissionService.grantPermission("airavata_id_2", SubjectType.PERSON, "experiment resource id1", EXPERIMENT, WRITE);
-
- // create a group of users
- GroupServiceImpl groupService = new GroupServiceImpl();
- org.apache.airavata.grouper.group.Group group = new org.apache.airavata.grouper.group.Group("airavata test group id", "airavata_id_1");
-=======
-
- // get the experiment resource and it should have parent set to project
- Resource resource = resourceService.getResource("experiment resource id1", EXPERIMENT);
- System.out.println(resource);
-
- Set<Resource> accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, WRITE, true, 1, 2);
- System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size());
-
-
- //share the experiment with airavata_id_2
- PermissionServiceImpl permissionService = new PermissionServiceImpl();
- permissionService.grantPermission("airavata_id_2", SubjectType.PERSON, "experiment resource id1", EXPERIMENT, WRITE);
-
- // create a group of users
- GroupServiceImpl groupService = new GroupServiceImpl();
- org.apache.airavata.grouper.group.Group group = new org.apache.airavata.grouper.group.Group();
- group.setId("airavata test group id");
->>>>>>> adding more files
- group.setName("airavata test group name");
- group.setDescription("airavata test group description");
- List<String> members = new ArrayList<String>();
- members.add("airavata_id_3");
- members.add("airavata_id_4");
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- group.setMembers(members);
- groupService.createGroup(group);
-
- // now share the same experiment with this group as well
- permissionService.grantPermission("airavata test group id", SubjectType.GROUP, "experiment resource id1", EXPERIMENT, READ);
-
- accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_3", EXPERIMENT, READ, true, 1, 2);
- System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size());
-
- // get all resources, or no pagination
- accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, READ, false, 1, 2);
- System.out.println("accessible resources without pagination are "+accessibleResourcesForUser.size());
-
-=======
- group.setUsers(members);
- groupService.createOrUpdateGroup(group);
-
- // now share the same experiment with this group as well
- permissionService.grantPermission("airavata test group id", SubjectType.GROUP, "experiment resource id1", EXPERIMENT, READ);
-
- accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_3", EXPERIMENT, READ, true, 1, 2);
- System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size());
-
- // get all resources, or no pagination
- accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, READ, false, 1, 2);
- System.out.println("accessible resources without pagination are "+accessibleResourcesForUser.size());
-
->>>>>>> adding more files
- Set<String> allAccessibleUsers = resourceService.getAllAccessibleUsers("experiment resource id1", EXPERIMENT, READ);
- System.out.println("users who have read access on experiment resource id1 are "+allAccessibleUsers);
-
- //delete the project resource, it will delete all the children/experiment resources and roles as well
- resourceService.deleteResource("project resource id", PROJECT);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceType.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceType.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceType.java
deleted file mode 100755
index 5b80bfa..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceType.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper.resource;
-
-import static org.apache.airavata.grouper.AiravataGrouperUtil.DATA_STEM_NAME;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.EXPERIMENT_STEM_NAME;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.OTHER_STEM_NAME;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.PROJECT_STEM_NAME;
-
-/**
- * @author vsachdeva
- *
- */
-public enum ResourceType {
-
- PROJECT,
- EXPERIMENT,
- DATA,
- OTHER;
-
- public ResourceType getParentResoruceType() {
-
- switch (this) {
- case EXPERIMENT:
- return PROJECT;
- case DATA:
- return EXPERIMENT;
- default:
- return null;
- }
- }
-
- public String getStemFromResourceType() {
-
- switch (this) {
- case PROJECT:
- return PROJECT_STEM_NAME;
- case EXPERIMENT:
- return EXPERIMENT_STEM_NAME;
- case DATA:
- return DATA_STEM_NAME;
- case OTHER:
- return OTHER_STEM_NAME;
- default:
- return null;
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java
deleted file mode 100755
index 0351e35..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/**
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- *
-=======
- *
->>>>>>> adding more files
- */
-package org.apache.airavata.grouper.role;
-
-import edu.internet2.middleware.grouper.*;
-import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
-import edu.internet2.middleware.grouper.group.TypeOfGroup;
-import edu.internet2.middleware.grouper.misc.SaveMode;
-import edu.internet2.middleware.subject.Subject;
-import edu.internet2.middleware.subject.SubjectNotFoundException;
-
-import static org.apache.airavata.grouper.AiravataGrouperUtil.*;
-
-/**
- * @author vsachdeva
- *
- */
-public class RoleServiceImpl {
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-
- public Group createRole(String roleId, GrouperSession session) {
-
-=======
-
-
- public Group createRole(String roleId, GrouperSession session) {
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- Group role = null;
- try {
- grouperSession = session != null? session : GrouperSession.startRootSession();
- GroupSave groupSave = new GroupSave(grouperSession);
- groupSave.assignTypeOfGroup(TypeOfGroup.role);
- groupSave.assignGroupNameToEdit(ROLES_STEM_NAME+COLON+roleId);
- groupSave.assignName(ROLES_STEM_NAME+COLON+roleId);
- groupSave.assignDisplayExtension(roleId);
- groupSave.assignDescription(roleId);
- groupSave.assignSaveMode(SaveMode.INSERT_OR_UPDATE);
- groupSave.assignCreateParentStemsIfNotExist(true);
- role = groupSave.save();
- } finally {
- if (session == null) {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
- return role;
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- public void deleteRole(String roleId, GrouperSession session) {
- GrouperSession grouperSession = null;
- try {
- grouperSession = session != null? session : GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group role = GroupFinder.findByName(grouperSession, ROLES_STEM_NAME+COLON+roleId, false);
- if (role != null) {
- role.delete();
- }
- } finally {
- if (session == null) {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public void assignRoleToUser(String userId, String roleId, GrouperSession session) throws GroupNotFoundException, SubjectNotFoundException {
-
-=======
-
- public void assignRoleToUser(String userId, String roleId, GrouperSession session) throws GroupNotFoundException, SubjectNotFoundException {
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- try {
- grouperSession = session != null? session : GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group role = GroupFinder.findByName(grouperSession, ROLES_STEM_NAME+COLON+roleId, false);
- if (role == null) {
- throw new GroupNotFoundException("Role "+roleId+" was not found.");
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- Subject subject = SubjectFinder.findById(userId, false);
-=======
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false);
->>>>>>> adding more files
- if (subject == null) {
- throw new SubjectNotFoundException("userId "+userId+" was not found.");
- }
- role.addMember(subject, false);
- } finally {
- if (session == null) {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- }
-
-=======
-
- }
-
->>>>>>> adding more files
- public void removeRoleFromUser(String userId, String roleId, GrouperSession session) throws GroupNotFoundException, SubjectNotFoundException {
- GrouperSession grouperSession = null;
- try {
- grouperSession = session != null? session : GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group role = GroupFinder.findByName(grouperSession, ROLES_STEM_NAME+COLON+roleId, false);
- if (role == null) {
- throw new GroupNotFoundException("Role "+roleId+" was not found.");
- }
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false);
- if (subject == null) {
- throw new SubjectNotFoundException("userId "+userId+" was not found.");
- }
- role.deleteMember(subject, false);
- } finally {
- if (session == null) {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public static void main(String[] args) {
- RoleServiceImpl roleServiceImpl = new RoleServiceImpl();
-
- roleServiceImpl.createRole("test_role", null);
-
- roleServiceImpl.assignRoleToUser("test.subject.3", "test_role", null);
-
-=======
-
- public static void main(String[] args) {
- RoleServiceImpl roleServiceImpl = new RoleServiceImpl();
-
- roleServiceImpl.createRole("test_role", null);
-
- roleServiceImpl.assignRoleToUser("test.subject.3", "test_role", null);
-
->>>>>>> adding more files
- //roleServiceImpl.deleteRole("test_role", null);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties b/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
deleted file mode 100755
index fb7f668..0000000
--- a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
+++ /dev/null
@@ -1,78 +0,0 @@
-org.owasp.csrfguard.Logger=edu.internet2.middleware.grouper.grouperUi.csrf.CsrfGuardLogger
-
-org.owasp.csrfguard.TokenPerPage=false
-
-org.owasp.csrfguard.action.Redirect.Page=%servletContext%/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf
-
-org.owasp.csrfguard.configuration.provider.factory=org.owasp.csrfguard.config.overlay.ConfigurationOverlayProviderFactory
-
-org.owasp.csrfguard.Config.Print = false
-
-# to see how error handling works, edit grouperUi.js
-org.owasp.csrfguard.Ajax=true
-
-
-org.owasp.csrfguard.unprotected.DefaultGrouper=%servletContext%/
-org.owasp.csrfguard.unprotected.GrouperHome=%servletContext%/home.do
-org.owasp.csrfguard.unprotected.GrouperDir=%servletContext%/grouper/*
-org.owasp.csrfguard.unprotected.GrouperExternal=%servletContext%/grouperExternal/index.html
-org.owasp.csrfguard.unprotected.GrouperExternalAppHtml=%servletContext%/grouperExternal/appHtml/*
-org.owasp.csrfguard.unprotected.GrouperExternalPublicAssets=%servletContext%/grouperExternal/public/assets/*
-org.owasp.csrfguard.unprotected.GrouperExternalPublicNetworkGraph=%servletContext%/grouperExternal/public/networkGraph/*
-org.owasp.csrfguard.unprotected.GrouperGifs=^/grouper/grouperExternal/public/.*\\.gif$
-org.owasp.csrfguard.unprotected.GrouperJpgs=^/grouper/grouperExternal/public/.*\\.jpg$
-org.owasp.csrfguard.unprotected.GrouperPngs=^/grouper/grouperExternal/public/.*\\.png$
-org.owasp.csrfguard.unprotected.GrouperUi=%servletContext%/grouperUi/
-org.owasp.csrfguard.unprotected.GrouperUiIndex=%servletContext%/grouperUi/index.html
-org.owasp.csrfguard.unprotected.GrouperUiAppHtml=%servletContext%/grouperUi/appHtml/*
-org.owasp.csrfguard.unprotected.GrouperI2mi=%servletContext%/i2mi/*
-org.owasp.csrfguard.unprotected.GrouperScripts=%servletContext%/scripts/*
-org.owasp.csrfguard.unprotected.GrouperStatus=%servletContext%/status
-org.owasp.csrfguard.unprotected.GrouperIndex=%servletContext%/index.jsp
-org.owasp.csrfguard.unprotected.GrouperOwaspJavascript=%servletContext%/grouperExternal/public/OwaspJavaScriptServlet
-
-org.owasp.csrfguard.unprotected.GrouperStrutsAddSaved=^%servletContext%/addSaved[^.]+\\.do$
-org.owasp.csrfguard.unprotected.GrouperStrutsBrowse=^%servletContext%/browse[^.]+\\.do$
-org.owasp.csrfguard.unprotected.GrouperStrutsCancel=^%servletContext%/cancel[^.]+\\.do$
-org.owasp.csrfguard.unprotected.GrouperStrutserror=%servletContext%/error.do
-org.owasp.csrfguard.unprotected.GrouperStrutsfilterError=%servletContext%/filterError.do
-org.owasp.csrfguard.unprotected.GrouperStrutshelp=%servletContext%/help.do
-org.owasp.csrfguard.unprotected.GrouperStrutslogin=%servletContext%/login.do
-org.owasp.csrfguard.unprotected.GrouperStrutsCallLogin=%servletContext%/callLogin.do
-org.owasp.csrfguard.unprotected.GrouperStrutslogout=%servletContext%/logout.do
-org.owasp.csrfguard.unprotected.GrouperStrutsPopulate=^%servletContext%/populate[^.]+\\.do$
-org.owasp.csrfguard.unprotected.GrouperStrutsuserAudit=%servletContext%/userAudit.do
-#http://localhost:8090/grouper/populateSearchSubjects.do
-
-
-org.owasp.csrfguard.unprotected.GrouperSimpleMembershipUpdateImportExportExportSubjectIdsCsv=%servletContext%/grouperUi/app/SimpleMembershipUpdateImportExport.exportSubjectIdsCsv/*
-org.owasp.csrfguard.unprotected.GrouperSimpleMembershipUpdateImportExportExportAllCsv=%servletContext%/grouperUi/app/SimpleMembershipUpdateImportExport.exportAllCsv/*
-
-org.owasp.csrfguard.unprotected.GrouperUiV2MainIndex=%servletContext%/grouperUi/app/UiV2Main.index
-org.owasp.csrfguard.unprotected.GrouperUiV2MainIndexMain=%servletContext%/grouperUi/app/UiV2Main.indexMain
-org.owasp.csrfguard.unprotected.GrouperUiV2MainFolderMenu=%servletContext%/grouperUi/app/UiV2Main.folderMenu
-org.owasp.csrfguard.unprotected.GrouperUiV2GroupAddMemberFilter=%servletContext%/grouperUi/app/UiV2Group.addMemberFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2GroupImportGroupExportSubmit=%servletContext%/grouperUi/app/UiV2GroupImport.groupExportSubmit
-org.owasp.csrfguard.unprotected.GrouperUiV2StemCopyParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.stemCopyParentFolderFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2StemCreateGroupParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.createGroupParentFolderFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2StemCreateStemParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.createStemParentFolderFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToGroupFilter=%servletContext%/grouperUi/app/UiV2Subject.addToGroupFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2GroupUpdateFilter=%servletContext%/grouperUi/app/UiV2Group.groupUpdateFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2GroupCompositeFilter=%servletContext%/grouperUi/app/UiV2Group.groupCompositeFactorFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2StemAddMemberFilter=%servletContext%/grouperUi/app/UiV2Stem.addMemberFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2ExternalEntitiesAddGroupFilter=%servletContext%/grouperUi/app/UiV2ExternalEntities.addGroupFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToStemFilter=%servletContext%/grouperUi/app/UiV2Subject.addToStemFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToAttributeDefFilter=%servletContext%/grouperUi/app/UiV2Subject.addToAttributeDefFilter
-org.owasp.csrfguard.unprotected.GrouperExternalPublicIndex=%servletContext%/grouperExternal/public/UiV2Public.index
-# TODO take this out and error page should not be post
-org.owasp.csrfguard.unprotected.GrouperExternalPublicPostIndex=%servletContext%/grouperExternal/public/UiV2Public.postIndex
-org.owasp.csrfguard.unprotected.GrouperUiV2Export=^%servletContext%/grouperUi/app/UiV2GroupImport\\.groupExportSubmit/.*$
-
-
-
-# Allows the developer to specify the value of the Cache-Control header in the HTTP response
-# when serving the dynamic JavaScript file. The default value is private, maxage=28800.
-# Caching of the dynamic JavaScript file is intended to minimize traffic and improve performance.
-# Note that the Cache-Control header is always set to "no-store" when either the "Rotate"
-# "TokenPerPage" options is set to true in Owasp.CsrfGuard.properties.
-org.owasp.csrfguard.JavascriptServlet.cacheControl = private, maxage=1800
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties b/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
deleted file mode 100755
index 97e655e..0000000
--- a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
+++ /dev/null
@@ -1,403 +0,0 @@
-# The OWASP CSRFGuard Project, BSD License
-# Eric Sheridan (eric@infraredsecurity.com), Copyright (c) 2011
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# 3. Neither the name of OWASP nor the names of its contributors may be used
-# to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# From: https://github.com/esheri3/OWASP-CSRFGuard/blob/master/csrfguard-test/src/main/webapp/WEB-INF/csrfguard.properties
-
-# Common substitutions
-# %servletContext% is the servlet context (e.g. the configured app prefix or war file name, or blank.
-# e.g. if you deploy a default warfile as someApp.war, then %servletContext% will be /someApp
-# if there isnt a context it will be the empty string. So to use this in the configuration, use e.g. %servletContext%/something.html
-# which will translate to e.g. /someApp/something.html
-
-# Logger
-#
-# The logger property (org.owasp.csrfguard.Logger) defines the qualified class name of
-# the object responsible for processing all log messages produced by CSRFGuard. The default
-# CSRFGuard logger is org.owasp.csrfguard.log.ConsoleLogger. This class logs all messages
-# to System.out which JavaEE application servers redirect to a vendor specific log file.
-# Developers can customize the logging behavior of CSRFGuard by implementing the
-# org.owasp.csrfguard.log.ILogger interface and setting the logger property to the new
-# logger's qualified class name. The following configuration snippet instructs OWASP CSRFGuard
-# to capture all log messages to the console:
-#
-# org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
-org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.JavaLogger
-
-# Which configuration provider factory you want to use. The default is org.owasp.csrfguard.config.PropertiesConfigurationProviderFactory
-# Another configuration provider has more features including config overlays: org.owasp.csrfguard.config.overlay.ConfigurationOverlayProviderFactory
-# The default configuration provider is: org.owasp.csrfguard.config.overlay.ConfigurationAutodetectProviderFactory
-# which will look for an overlay file, it is there, and the factory inside that file is set it will use it, otherwise will be PropertiesConfigurationProviderFactory
-# it needs to implement org.owasp.csrfguard.config.ConfigurationProviderFactory
-org.owasp.csrfguard.configuration.provider.factory = org.owasp.csrfguard.config.overlay.ConfigurationAutodetectProviderFactory
-
-
-# If csrfguard filter is enabled
-org.owasp.csrfguard.Enabled = true
-
-# If csrf guard filter should check even if there is no session for the user
-# Note: this changed around 2014/04, the default behavior used to be to
-# not check if there is no session. If you want the legacy behavior (if your app
-# is not susceptible to CSRF if the user has no session), set this to false
-org.owasp.csrfguard.ValidateWhenNoSessionExists = true
-
-# New Token Landing Page
-#
-# The new token landing page property (org.owasp.csrfguard.NewTokenLandingPage) defines where
-# to send a user if the token is being generated for the first time, and the use new token landing
-# page boolean property (org.owasp.csrfguard.UseNewTokenLandingPage) determines if any redirect happens.
-# UseNewTokenLandingPage defaults to false if NewTokenLandingPage is not specified, and to true
-# if it is specified.. If UseNewTokenLandingPage is set true then this request is generated
-# using auto-posting forms and will only contain the CSRF prevention token parameter, if
-# applicable. All query-string or form parameters sent with the original request will be
-# discarded. If this property is not defined, CSRFGuard will instead auto-post the user to the
-# original context and servlet path. The following configuration snippet instructs OWASP CSRFGuard to
-# redirect the user to %servletContext%/index.html when the user visits a protected resource
-# without having a corresponding CSRF token present in the HttpSession object:
-#
-# org.owasp.csrfguard.NewTokenLandingPage=%servletContext%/index.html
-
-
-# Protected Methods
-#
-# The protected methods property (org.owasp.csrfguard.ProtectedMethods) defines a comma
-# separated list of HTTP request methods that should be protected by CSRFGuard. The default
-# list is an empty list which will cause all HTTP methods to be protected, thus preserving
-# legacy behavior. This setting allows the user to inform CSRFGuard that only requests of the
-# given types should be considered for protection. All HTTP methods not in the list will be
-# considered safe (i.e. view only / unable to modify data). This should be used only when the
-# user has concrete knowledge that all requests made via methods not in the list
-# are safe (i.e. do not apply an action to any data) since it can actually introduce new
-# security vulnerabilities. For example: the user thinks that all actionable requests are
-# only available by POST requests when in fact some are available via GET requests. If the
-# user has excluded GET requests from the list then they have introduced a vulnerability.
-# The following configuration snippet instructs OWASP CSRFGuard to protect only the POST,
-# PUT, and DELETE HTTP methods.
-#
-# org.owasp.csrfguard.ProtectedMethods=POST,PUT,DELETE
-
-# or you can configure all to be protected, and specify which is unprotected. This is the preferred approach
-
-# org.owasp.csrfguard.UnprotectedMethods=GET
-
-# Unique Per-Page Tokens
-#
-# The unique token per-page property (org.owasp.csrfguard.TokenPerPage) is a boolean value that
-# determines if CSRFGuard should make use of unique per-page (i.e. URI) prevention tokens as
-# opposed to unique per-session prevention tokens. When a user requests a protected resource,
-# CSRFGuard will determine if a page specific token has been previously generated. If a page
-# specific token has not yet been previously generated, CSRFGuard will verify the request was
-# submitted with the per-session token intact. After verifying the presence of the per-session token,
-# CSRFGuard will create a page specific token that is required for all subsequent requests to the
-# associated resource. The per-session CSRF token can only be used when requesting a resource for
-# the first time. All subsequent requests must have the per-page token intact or the request will
-# be treated as a CSRF attack. This behavior can be changed with the org.owasp.csrfguard.TokenPerPagePrecreate
-# property. Enabling this property will make CSRFGuard calculate the per page token prior to a first
-# visit. This option only works with JSTL token injection and is useful for preserving the validity of
-# links if the user pushes the back button. There may be a performance impact when enabling this option
-# if the .jsp has a large number of proctected links that need tokens to be calculated.
-# Use of the unique token per page property is currently experimental
-# but provides a significant amount of improved security. Consider the exposure of a CSRF token using
-# the legacy unique per-session model. Exposure of this token facilitates the attacker's ability to
-# carry out a CSRF attack against the victim's active session for any resource exposed by the web
-# application. Now consider the exposure of a CSRF token using the experimental unique token per-page
-# model. Exposure of this token would only allow the attacker to carry out a CSRF attack against the
-# victim's active session for a small subset of resources exposed by the web application. Use of the
-# unique token per-page property is a strong defense in depth strategy significantly reducing the
-# impact of exposed CSRF prevention tokens. The following configuration snippet instructs OWASP
-# CSRFGuard to utilize the unique token per-page model:
-#
-# org.owasp.csrfguard.TokenPerPage=true
-# org.owasp.csrfguard.TokenPerPagePrecreate=false
-org.owasp.csrfguard.TokenPerPage=true
-org.owasp.csrfguard.TokenPerPagePrecreate=false
-
-# Token Rotation
-#
-# The rotate token property (org.owasp.csrfguard.Rotate) is a boolean value that determines if
-# CSRFGuard should generate and utilize a new token after verifying the previous token. Rotation
-# helps minimize the window of opportunity an attacker has to leverage the victim's stolen token
-# in a targeted CSRF attack. However, this functionality generally causes navigation problems in
-# most applications. Specifically, the 'Back' button in the browser will often cease to function
-# properly. When a user hits the 'Back' button and interacts with the HTML, the browser may submit
-# an old token causing CSRFGuard to incorrectly believe this request is a CSRF attack in progress
-# (i.e. a 'false positive'). Users can prevent this scenario by preventing the caching of HTML pages
-# containing FORM submissions using the cache-control header. However, this may also introduce
-# performance problems as the browser will have to request HTML on a more frequent basis. The following
-# configuration snippet enables token rotation:
-#
-# org.owasp.csrfguard.Rotate=true
-
-# Ajax and XMLHttpRequest Support
-#
-# The Ajax property (org.owasp.csrfguard.Ajax) is a boolean value that indicates whether or not OWASP
-# CSRFGuard should support the injection and verification of unique per-session prevention tokens for
-# XMLHttpRequests. To leverage Ajax support, the user must not only set this property to true but must
-# also reference the JavaScript DOM Manipulation code using a script element. This dynamic script will
-# override the send method of the XMLHttpRequest object to ensure the submission of an X-Requested-With
-# header name value pair coupled with the submission of a custom header name value pair for each request.
-# The name of the custom header is the value of the token name property and the value of the header is
-# always the unique per-session token value. This custom header is analogous to the HTTP parameter name
-# value pairs submitted via traditional GET and POST requests. If the X-Requested-With header was sent
-# in the HTTP request, then CSRFGuard will look for the presence and ensure the validity of the unique
-# per-session token in the custom header name value pair. Note that verification of these headers takes
-# precedence over verification of the CSRF token supplied as an HTTP parameter. More specifically,
-# CSRFGuard does not verify the presence of the CSRF token if the Ajax support property is enabled and
-# the corresponding X-Requested-With and custom headers are embedded within the request. The following
-# configuration snippet instructs OWASP CSRFGuard to support Ajax requests by verifying the presence and
-# correctness of the X-Requested-With and custom headers:
-#
-# org.owasp.csrfguard.Ajax=true
-org.owasp.csrfguard.Ajax=true
-
-# The default behavior of CSRFGuard is to protect all pages. Pages marked as unprotected will not be protected.
-# If the Protect property is enabled, this behavior is reversed. Pages must be marked as protected to be protected.
-# All other pages will not be protected. This is useful when the CsrfGuardFilter is aggressively mapped (ex: /*),
-# but you only want to protect a few pages.
-#
-# org.owasp.csrfguard.Protect=true
-
-# Unprotected Pages:
-#
-# The unprotected pages property (org.owasp.csrfguard.unprotected.*) defines a series of pages that
-# should not be protected by CSRFGuard. Such configurations are useful when the CsrfGuardFilter is
-# aggressively mapped (ex: /*). The syntax of the property name is org.owasp.csrfguard.unprotected.[PageName],
-# where PageName is some arbitrary identifier that can be used to reference a resource. The syntax of
-# defining the uri of unprotected pages is the same as the syntax used by the JavaEE container for uri mapping.
-# Specifically, CSRFGuard will identify the first match (if any) between the requested uri and an unprotected
-# page in order of declaration. Match criteria is as follows:
-#
-# Case 1: exact match between request uri and unprotected page
-# Case 2: longest path prefix match, beginning / and ending /*
-# Case 3: extension match, beginning *.
-# Case 4: if the value starts with ^ and ends with $, it will be evaulated as a regex. Note that before the
-# regex is compiled, any common variables will be substituted (e.g. %servletContext%)
-# Default: requested resource must be validated by CSRFGuard
-#
-# The following code snippet illustrates the four use cases over four examples. The first two examples
-# (Tag and JavaScriptServlet) look for direct URI matches. The third example (Html) looks for all resources
-# ending in a .html extension. The next example (Public) looks for all resources prefixed with the URI path /MySite/Public/*.
-# The last example looks for resources that end in Public.do
-#
-# org.owasp.csrfguard.unprotected.Tag=%servletContext%/tag.jsp
-# org.owasp.csrfguard.unprotected.JavaScriptServlet=%servletContext%/JavaScriptServlet
-# org.owasp.csrfguard.unprotected.Html=*.html
-# org.owasp.csrfguard.unprotected.Public=%servletContext%/Public/*
-# regex example starts with ^ and ends with $, and the %servletContext% is evaluated before the regex
-# org.owasp.csrfguard.unprotected.PublicServlet=^%servletContext%/.*Public\.do$
-org.owasp.csrfguard.unprotected.Default=%servletContext%/
-org.owasp.csrfguard.unprotected.Upload=%servletContext%/upload.html
-org.owasp.csrfguard.unprotected.JavaScriptServlet=%servletContext%/JavaScriptServlet
-org.owasp.csrfguard.unprotected.Ajax=%servletContext%/ajax.html
-org.owasp.csrfguard.unprotected.Error=%servletContext%/error.html
-org.owasp.csrfguard.unprotected.Index=%servletContext%/index.html
-org.owasp.csrfguard.unprotected.JavaScript=%servletContext%/javascript.html
-org.owasp.csrfguard.unprotected.Tag=%servletContext%/tag.jsp
-org.owasp.csrfguard.unprotected.Redirect=%servletContext%/redirect.jsp
-org.owasp.csrfguard.unprotected.Forward=%servletContext%/forward.jsp
-org.owasp.csrfguard.unprotected.Session=%servletContext%/session.jsp
-
-# Actions: Responding to Attacks
-#
-# The actions directive (org.owasp.csrfguard.action.*) gives the user the ability to specify one or more
-# actions that should be invoked when a CSRF attack is detected. Every action must implement the
-# org.owasp.csrfguard.action.IAction interface either directly or indirectly through the
-# org.owasp.csrfguard.action.AbstractAction helper class. Many actions accept parameters that can be specified
-# along with the action class declaration. These parameters are consumed at runtime and impact the behavior of
-# the associated action.
-#
-# The syntax for defining and configuring CSRFGuard actions is relatively straight forward. Let us assume we wish
-# to redirect the user to a default page when a CSRF attack is detected. A redirect action already exists within
-# the CSRFGuard bundle and is available via the class name org.owasp.csrfguard.actions.Redirect. In order to enable
-# this action, we capture the following declaration in the Owasp.CsrfGuard.properties file:
-#
-# syntax: org.owasp.csrfguard.action.[actionName]=[className]
-# example: org.owasp.csrfguard.action.class.Redirect=org.owasp.csrfguard.actions.Redirect
-#
-# The aforementioned directive declares an action called "Redirect" (i.e. [actionName]) referencing the Java class
-# "org.owasp.csrfguard.actions.Redirect" (i.e. [className]). Anytime a CSRF attack is detected, the Redirect action
-# will be executed. You may be asking yourself, "but how do I specify where the user is redirected?"; this is where
-# action parameters come into play. In order to specify the redirect location, we capture the following declaration
-# in the Owasp.CsrfGuard.properties file:
-#
-# syntax: org.owasp.csrfguard.action.[actionName].[parameterName]=[parameterValue]
-# example: org.owasp.csrfguard.action.Redirect.ErrorPage=%servletContext%/error.html
-#
-# The aforementioned directive declares an action parameter called "ErrorPage" (i.e. [parameterName]) with the value
-# of "%servletContext%/error.html" (i.e. [parameterValue]) for the action "Redirect" (i.e. [actionName]). The
-# Redirect action expects the "ErrorPage" parameter to be defined and will redirect the user to this location when
-# an attack is detected.
-#
-#org.owasp.csrfguard.action.Empty=org.owasp.csrfguard.action.Empty
-org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
-org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, method:%request_method%, uri:%request_uri%, error:%exception_message%)
-#org.owasp.csrfguard.action.Invalidate=org.owasp.csrfguard.action.Invalidate
-org.owasp.csrfguard.action.Redirect=org.owasp.csrfguard.action.Redirect
-org.owasp.csrfguard.action.Redirect.Page=%servletContext%/error.html
-#org.owasp.csrfguard.action.RequestAttribute=org.owasp.csrfguard.action.RequestAttribute
-#org.owasp.csrfguard.action.RequestAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key
-org.owasp.csrfguard.action.Rotate=org.owasp.csrfguard.action.Rotate
-#org.owasp.csrfguard.action.SessionAttribute=org.owasp.csrfguard.action.SessionAttribute
-#org.owasp.csrfguard.action.SessionAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key
-#org.owasp.csrfguard.action.Error=org.owasp.csrfguard.action.Error
-#org.owasp.csrfguard.action.Error.Code=403
-#org.owasp.csrfguard.action.Error.Message=Security violation.
-
-# Token Name
-#
-# The token name property (org.owasp.csrfguard.TokenName) defines the name of the HTTP parameter
-# to contain the value of the OWASP CSRFGuard token for each request. The following configuration
-# snippet sets the CSRFGuard token parameter name to the value OWASP_CSRFTOKEN:
-#
-# org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
-org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
-
-# Session Key
-#
-# The session key property (org.owasp.csrfguard.SessionKey) defines the string literal used to save
-# and lookup the CSRFGuard token from the session. This value is used by the filter and the tag
-# libraries to retrieve and set the token value in the session. Developers can use this key to
-# programmatically lookup the token within their own code. The following configuration snippet sets
-# the session key to the value OWASP_CSRFTOKEN:
-#
-# org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
-org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
-
-# Token Length
-#
-# The token length property (org.owasp.csrfguard.TokenLength) defines the number of characters that
-# should be found within the CSRFGuard token. Note that characters are delimited by dashes (-) in groups
-# of four. For cosmetic reasons, users are encourage to ensure the token length is divisible by four.
-# The following configuration snippet sets the token length property to 32 characters:
-#
-# org.owasp.csrfguard.TokenLength=32
-org.owasp.csrfguard.TokenLength=32
-
-# Pseudo-random Number Generator
-#
-# The pseudo-random number generator property (org.owasp.csrfguard.PRNG) defines what PRNG should be used
-# to generate the OWASP CSRFGuard token. Always ensure this value references a cryptographically strong
-# pseudo-random number generator algorithm. The following configuration snippet sets the pseudo-random number
-# generator to SHA1PRNG:
-#
-# org.owasp.csrfguard.PRNG=SHA1PRNG
-org.owasp.csrfguard.PRNG=SHA1PRNG
-
-# Pseudo-random Number Generator Provider
-
-# The pseudo-random number generator provider property (org.owasp.csrfguard.PRNG.Provider) defines which
-# provider's implementation of org.owasp.csrfguard.PRNG we should utilize. The following configuration
-# snippet instructs the JVM to leverage SUN's implementation of the algorithm denoted by the
-# org.owasp.csrfguard.PRNG property:
-
-# org.owasp.csrfguard.PRNG.Provider=SUN
-org.owasp.csrfguard.PRNG.Provider=SUN
-
-# If not specifying the print config option in the web.xml, you can specify it here, to print the config
-# on startup
-org.owasp.csrfguard.Config.Print = true
-
-###########################
-## Javascript servlet settings if not set in web.xml
-## https://www.owasp.org/index.php/CSRFGuard_3_Token_Injection
-###########################
-
-# leave this blank and blank in web.xml and it will read from META-INF/csrfguard.js from the jarfile
-# Denotes the location of the JavaScript template file that should be consumed and dynamically
-# augmented by the JavaScriptServlet class. The default value is WEB-INF/Owasp.CsrfGuard.js.
-# Use of this property and the existence of the specified template file is required.
-org.owasp.csrfguard.JavascriptServlet.sourceFile =
-
-# Boolean value that determines whether or not the dynamic JavaScript code should be strict
-# with regards to what links it should inject the CSRF prevention token. With a value of true,
-# the JavaScript code will only place the token in links that point to the same exact domain
-# from which the HTML originated. With a value of false, the JavaScript code will place the
-# token in links that not only point to the same exact domain from which the HTML originated,
-# but sub-domains as well.
-org.owasp.csrfguard.JavascriptServlet.domainStrict = true
-
-# Allows the developer to specify the value of the Cache-Control header in the HTTP response
-# when serving the dynamic JavaScript file. The default value is private, maxage=28800.
-# Caching of the dynamic JavaScript file is intended to minimize traffic and improve performance.
-# Note that the Cache-Control header is always set to "no-store" when either the "Rotate"
-# "TokenPerPage" options is set to true in Owasp.CsrfGuard.properties.
-org.owasp.csrfguard.JavascriptServlet.cacheControl = private, maxage=28800
-
-# Allows the developer to specify a regular expression describing the required value of the
-# Referer header. Any attempts to access the servlet with a Referer header that does not
-# match the captured expression is discarded. Inclusion of referer header checking is to
-# help minimize the risk of JavaScript Hijacking attacks that attempt to steal tokens from
-# the dynamically generated JavaScript. While the primary defenses against JavaScript
-# Hijacking attacks are implemented within the dynamic JavaScript itself, referer header
-# checking is implemented to achieve defense in depth.
-org.owasp.csrfguard.JavascriptServlet.refererPattern = .*
-
-# Similar to javascript servlet referer pattern, but this will make sure the referer of the
-# javascript servlet matches the domain of the request. If there is no referer (proxy strips it?)
-# then it will not fail. Generally this is a good idea to be true.
-org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = true
-
-# Boolean value that determines whether or not the dynamic JavaScript code should
-# inject the CSRF prevention token as a hidden field into HTML forms. The default
-# value is true. Developers are strongly discouraged from disabling this property
-# as most server-side state changing actions are triggered via a POST request.
-org.owasp.csrfguard.JavascriptServlet.injectIntoForms = true
-
-# Boolean value that determines whether or not the dynamic JavaScript code should
-# inject the CSRF prevention token in the query string of src and href attributes.
-# Injecting the CSRF prevention token in a URL resource increases its general risk
-# of exposure to unauthorized parties. However, most JavaEE web applications respond
-# in the exact same manner to HTTP requests and their associated parameters regardless
-# of the HTTP method. The risk associated with not protecting GET requests in this
-# situation is perceived greater than the risk of exposing the token in protected GET
-# requests. As a result, the default value of this attribute is set to true. Developers
-# that are confident their server-side state changing controllers will only respond to
-# POST requests (i.e. discarding GET requests) are strongly encouraged to disable this property.
-org.owasp.csrfguard.JavascriptServlet.injectIntoAttributes = true
-
-
-org.owasp.csrfguard.JavascriptServlet.xRequestedWith = OWASP CSRFGuard Project
-
-###########################
-## Config overlay settings if you have the provider above set to ConfigurationOverlayProvider
-## This CSRF config provider uses Internet2 Configuration Overlays (documented on Internet2 wiki)
-## By default the configuration is read from the Owasp.CsrfGuard.properties
-## (which should not be edited), and the Owasp.CsrfGuard.overlay.properties overlays
-## the base settings. See the Owasp.CsrfGuard.properties for the possible
-## settings that can be applied to the Owasp.CsrfGuard.overlay.properties
-###########################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:Owasp.CsrfGuard.properties, file:c:/temp/myFile.properties
-org.owasp.csrfguard.configOverlay.hierarchy = classpath:Owasp.CsrfGuard.properties, classpath:Owasp.CsrfGuard.overlay.properties
-
-# seconds between checking to see if the config files are updated
-org.owasp.csrfguard.configOverlay.secondsBetweenUpdateChecks = 60
-
-
-###########################
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/README.txt
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/README.txt b/modules/group-manager/src/main/resources/README.txt
deleted file mode 100755
index 5fd8001..0000000
--- a/modules/group-manager/src/main/resources/README.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-====
- Copyright 2014 Internet2
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-====
-
-- All of the config files which have ".example" in them are examples of the real config files, with the same name without the ".example" in the name
-- So copy each of the *.example* files to a name without .example in it, and customize to your environment.
-- e.g. copy sources.example.xml to sources.xml, then customize
-- the .example shows you which files need customization, and will not prompt you to commit the real file to CVS (since it is ignored and not stored in CVS)
-- note some files without .example also might need customization (e.g. grouper.properties)
\ No newline at end of file