You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by mp...@apache.org on 2011/08/19 23:12:05 UTC
svn commit: r1159789 - in /incubator/rave/sandbox/science-gateways:
gridshib-extensions/ gridshib-extensions/gridshib-endorsed-lib/
rave-gateway-extensions/
rave-gateway-extensions/src/main/java/org/apache/rave/portal/service/impl/
rave-gateway-extensi...
Author: mpierce
Date: Fri Aug 19 21:12:05 2011
New Revision: 1159789
URL: http://svn.apache.org/viewvc?rev=1159789&view=rev
Log:
(RAVE-205) Initial commit for UserService to get and decorate a community credential.
Added:
incubator/rave/sandbox/science-gateways/gridshib-extensions/
incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/
incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xalan.jar (with props)
incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xercesImpl.jar (with props)
incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xml-apis.jar (with props)
incubator/rave/sandbox/science-gateways/gridshib-extensions/pom.xml
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/portal/service/impl/CommunityUserService.java
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/CommunityCredentialException.java
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/GridShibException.java
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/CommunityCredentialUtils.java
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/GridShibUtils.java
Modified:
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/pom.xml
incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/webapp/WEB-INF/applicationContext-security.xml
Added: incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xalan.jar
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xalan.jar?rev=1159789&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xalan.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xercesImpl.jar
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xercesImpl.jar?rev=1159789&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xercesImpl.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xml-apis.jar
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xml-apis.jar?rev=1159789&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/rave/sandbox/science-gateways/gridshib-extensions/gridshib-endorsed-lib/xml-apis.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/rave/sandbox/science-gateways/gridshib-extensions/pom.xml
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/gridshib-extensions/pom.xml?rev=1159789&view=auto
==============================================================================
--- incubator/rave/sandbox/science-gateways/gridshib-extensions/pom.xml (added)
+++ incubator/rave/sandbox/science-gateways/gridshib-extensions/pom.xml Fri Aug 19 21:12:05 2011
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>cgl.shindig</groupId>
+ <artifactId>gridshib-extensions</artifactId>
+ <packaging>pom</packaging>
+ <version>1.0</version>
+ <name>gridshib-extensions</name>
+
+ <properties>
+ <!-- This must match the cargo path used in rave-merger -->
+ <catalina.home>${project.basedir}/../rave-portal/target/tomcat6x/</catalina.home>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>Clean</id>
+ <phase>clean</phase>
+ <configuration>
+ <tasks>
+ <echo message="Cleaning up gridshib extensions"/>
+ <delete includeemptydirs="true"
+ dir="${catalina.home}/endorsed"/>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>Install</id>
+ <phase>install</phase>
+ <configuration>
+ <tasks>
+ <echo message="Installing gridshib extension:${basedir}/${catalina.home}/endorsed"/>
+ <mkdir dir="${catalina.home}/endorsed"/>
+ <copy todir="${catalina.home}/endorsed">
+ <fileset dir="./gridshib-endorsed-lib"/>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
+
Modified: incubator/rave/sandbox/science-gateways/rave-gateway-extensions/pom.xml
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/rave-gateway-extensions/pom.xml?rev=1159789&r1=1159788&r2=1159789&view=diff
==============================================================================
--- incubator/rave/sandbox/science-gateways/rave-gateway-extensions/pom.xml (original)
+++ incubator/rave/sandbox/science-gateways/rave-gateway-extensions/pom.xml Fri Aug 19 21:12:05 2011
@@ -90,6 +90,39 @@
<scope>provided</scope>
</dependency>
+ <!-- Gridshib dependencies -->
+ <dependency>
+ <groupId>edu.ncsa</groupId>
+ <artifactId>gridshib-saml-tools</artifactId>
+ <version>0_5_0</version>
+ </dependency>
+ <dependency>
+ <groupId>edu.ncsa</groupId>
+ <artifactId>gridshib-common</artifactId>
+ <version>0_5_0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>edu.ncsa</groupId>
+ <artifactId>globus-opensaml</artifactId>
+ <version>1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>edu.ncsa</groupId>
+ <artifactId>shib-util</artifactId>
+ <version>1.0-OGCE</version>
+ </dependency>
+ <dependency>
+ <groupId>edu.ncsa</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.13</version>
+ </dependency>
+
<!-- These are needed for Grid authentication -->
<dependency>
<groupId>cog-jglobus</groupId>
Added: incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/portal/service/impl/CommunityUserService.java
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/portal/service/impl/CommunityUserService.java?rev=1159789&view=auto
==============================================================================
--- incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/portal/service/impl/CommunityUserService.java (added)
+++ incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/portal/service/impl/CommunityUserService.java Fri Aug 19 21:12:05 2011
@@ -0,0 +1,185 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.portal.service.impl;
+
+import java.util.Date;
+
+import org.apache.rave.portal.model.User;
+import org.apache.rave.portal.repository.UserRepository;
+import org.apache.rave.portal.service.UserService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataAccessException;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+//GSI security imports
+import java.security.cert.X509Certificate;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.globus.gridshib.security.saml.GlobusSAMLException;
+import org.globus.gsi.CertUtil;
+import org.globus.gsi.GlobusCredential;
+import org.globus.gsi.GlobusCredentialException;
+import org.globus.gsi.TrustedCertificates;
+import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
+import org.globus.myproxy.MyProxy;
+import org.globus.myproxy.MyProxyException;
+import org.globus.opensaml11.saml.SAMLAuthenticationStatement;
+
+//Local utility and exception imports
+import org.apache.rave.security.util.CommunityCredentialUtils;
+import org.apache.rave.security.util.GridShibUtils;
+import org.apache.rave.security.exceptions.CommunityCredentialException;
+import org.apache.rave.security.exceptions.GridShibException;
+
+//ProxyManager imports
+import xportlets.proxymanager.ProxyManager;
+import xportlets.proxymanager.ProxyStorageException;
+
+
+/**
+ * This service implementation is used to fetch community credentials during
+ * login. It assumes the credentials are located in a standard file location
+ * (such as /tmp/x509up_501), placed there by the portal administrator via
+ * myproxy-logon or similar.
+ */
+@Service(value = "communityUserService")
+public class CommunityUserService extends DefaultUserService {
+ private static final String COMMUNITY_CREDENTIAL_LOCATION="community.credential.location";
+ private static int defaultPort = 7512;
+ private static int defaultLifeTime = 60*24*100;
+ private static String defaultServer="myproxy.teragrid.org";
+
+ protected static final Logger logger = LoggerFactory.getLogger(CommunityUserService.class);
+ private UserRepository userRepository;
+
+ // public static String trustedCertsFile = "trustedCAs";
+ private String trustedCertsFile;
+ private X509Certificate[] trustedCertificates = null;
+ private GSSCredential gssCredential = null;
+ protected String myproxyHostname;
+ protected String myproxyUserName;
+ protected String myproxyPassword;
+ protected int myproxyPortNumber;
+ protected int myproxyLifeTime ;
+ private String communityCredFile=null;
+
+ @Autowired
+ public CommunityUserService(UserRepository userRepository) {
+ super(userRepository);
+ this.userRepository = userRepository;
+ myproxyHostname=defaultServer;
+ myproxyLifeTime=defaultLifeTime;
+ myproxyPortNumber=defaultPort;
+
+ communityCredFile="";
+ }
+
+ @Override
+ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
+ log.debug("loadUserByUsername called with: " + username);
+ logger.info("Running GSI login");
+ System.out.println("Running GSI login");
+ final User user = userRepository.getByUsername(username);
+ if(user == null) {
+ throw new UsernameNotFoundException("User with username '" + username + "' was not found!");
+ }
+
+ fetchCommunityCredential(user);
+ return user;
+ }
+
+ /**
+ * This method attempts to load the community credential and decorates it with
+ * additional attributes. This can result in several exceptions. We catch these internally
+ * but do not throw them. Failure to get a community credential shouldn't prevent
+ * a user's login to the portal.
+ */
+ private void fetchCommunityCredential(User user) {
+ try {
+ logger.info("Decorating the credential");
+ //First, retrieve the community credential.
+ GlobusCredential communityCred=
+ CommunityCredentialUtils.readGlobusCredentialFromFile(communityCredFile);
+
+ //Second, decorate the credential
+ String userName=user.getUsername();
+ String userEmail="" ;//user.getEmail(); not implemented in User.java yet.
+
+ //This is the authentication instant for the user's portal session.
+ Date authnInstant=new Date();
+ String ipAddress = ((ServletRequestAttributes)RequestContextHolder.currentRequestAttributes())
+ .getRequest().getRemoteAddr();
+ logger.info("SAMLAttributes to assign:"+userName+" "+userEmail+" "+authnInstant
+ +" "+ipAddress);
+ String authnMethod=SAMLAuthenticationStatement.AuthenticationMethod_Password;
+ GSSCredential decoratedGssCred=GridShibUtils.decorateGSSCred(communityCred,
+ userName,
+ userEmail,
+ ipAddress,
+ authnInstant,
+ authnMethod);
+ logger.info("Result: "+decoratedGssCred.toString());
+ //This is a test method, will spit out the credential.
+ // GSIUtil.printCredential(GSIUtil.toGlobusCredential(decoratedGssCred));
+
+ //Third, put the credential in the proxy manager
+ // String sessionId=request.getSession().getId();
+ // String hash=String.valueOf((decoratedGssCred.getName()).hashCode());
+ try {
+ logger.info("Removing expired proxies");
+ ProxyManager.removeExpiredProxies(userName);
+ }
+ catch (Exception ex) {
+ logger.info("Non-fatal error removing expired credentials. Probably there were none to remove.");
+ logger.error(ex.getMessage());
+ }
+ ProxyManager.addProxy(userName,decoratedGssCred);
+ ProxyManager.setDefaultProxy(userName,decoratedGssCred);
+
+ logger.info("Decorated credential successfully created and added to proxy store.");
+ }
+ catch(GlobusSAMLException ex1) {
+ logger.warn(ex1.getMessage());
+ }
+ catch(GSSException ex2){
+ logger.warn(ex2.getMessage());
+ }
+ catch(GlobusCredentialException gce){
+ logger.warn(gce.getMessage());
+ }
+ //Something unforeseen happened.
+ catch (Exception ex3){
+ logger.warn("Unexpected GridShib error:" +ex3.getMessage());
+ ex3.printStackTrace();
+ }
+ }
+}
\ No newline at end of file
Added: incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/CommunityCredentialException.java
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/CommunityCredentialException.java?rev=1159789&view=auto
==============================================================================
--- incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/CommunityCredentialException.java (added)
+++ incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/CommunityCredentialException.java Fri Aug 19 21:12:05 2011
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.security.exceptions;
+
+/**
+ * Exception class used for errors loading community credentials.
+ */
+public class CommunityCredentialException extends Exception {
+
+ public CommunityCredentialException(String message) {
+ super(message);
+ }
+
+ public CommunityCredentialException(String message, Exception cause) {
+ super(message, cause);
+ }
+
+ public CommunityCredentialException(Exception cause) {
+ super(cause);
+ }
+}
+
Added: incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/GridShibException.java
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/GridShibException.java?rev=1159789&view=auto
==============================================================================
--- incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/GridShibException.java (added)
+++ incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/exceptions/GridShibException.java Fri Aug 19 21:12:05 2011
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.security.exceptions;
+
+/**
+ * Exception class used for authentication errors.
+ */
+public class GridShibException extends Exception {
+
+ public GridShibException(String message) {
+ super(message);
+ }
+
+ public GridShibException(String message, Exception cause) {
+ super(message, cause);
+ }
+
+ public GridShibException(Exception cause) {
+ super(cause);
+ }
+}
+
Added: incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/CommunityCredentialUtils.java
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/CommunityCredentialUtils.java?rev=1159789&view=auto
==============================================================================
--- incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/CommunityCredentialUtils.java (added)
+++ incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/CommunityCredentialUtils.java Fri Aug 19 21:12:05 2011
@@ -0,0 +1,51 @@
+/**
+ * A utility class for managing community credentials.
+ */
+
+package org.apache.rave.security.util;
+
+//Java standard package imports
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import javax.servlet.ServletConfig;
+
+//GSS and related imports
+import org.globus.gsi.GlobusCredential;
+import org.globus.gsi.GlobusCredentialException;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+
+//Logger imports
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class CommunityCredentialUtils {
+ private static GlobusCredential communityCred;
+ private static final String COMMUNITY_CREDENTIAL_LOCATION="community.credential.location";
+
+ public static GlobusCredential readGlobusCredentialFromFile(String filename)
+ throws Exception{
+ communityCred=getGlobusCredential(new FileInputStream(filename));
+ return communityCred;
+ }
+
+ public static GlobusCredential readGlobusCredentialFromFile(File file)
+ throws Exception {
+ communityCred=getGlobusCredential(new FileInputStream(file));
+ return communityCred;
+ }
+
+ public static GlobusCredential getGlobusCredentialFromConfig(ServletConfig config)
+ throws Exception {
+ String communityCredFile=config.getServletContext().getInitParameter(COMMUNITY_CREDENTIAL_LOCATION);
+ return getGlobusCredential(new FileInputStream(communityCredFile));
+ }
+
+ protected static GlobusCredential getGlobusCredential(InputStream inputStream)
+ throws Exception {
+ GlobusCredential newCred=new GlobusCredential(inputStream);
+ return newCred;
+ }
+
+}
\ No newline at end of file
Added: incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/GridShibUtils.java
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/GridShibUtils.java?rev=1159789&view=auto
==============================================================================
--- incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/GridShibUtils.java (added)
+++ incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/java/org/apache/rave/security/utils/GridShibUtils.java Fri Aug 19 21:12:05 2011
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * This class is used to decorate a credential with GridShib attributes
+ */
+package org.apache.rave.security.util;
+
+//GridShib imports
+import org.teragrid.ncsa.gridshib.security.x509.GatewayCredential;
+import org.globus.gridshib.security.x509.GlobusSAMLCredential;
+import org.globus.gridshib.security.saml.SelfIssuedAssertion;
+import org.globus.gridshib.security.saml.GlobusSAMLException;
+import org.globus.gridshib.security.util.GSIUtil;
+import org.globus.opensaml11.saml.SAMLAuthenticationStatement;
+
+//Credentials
+import org.globus.gsi.GlobusCredential;
+import org.globus.gsi.GlobusCredentialException;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+
+//Logger imports
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+//Standard Java classes
+import java.io.*;
+import java.util.Date;
+
+public class GridShibUtils {
+
+ public static GSSCredential decorateGSSCred(GlobusCredential vanillaCred,
+ String userName,
+ String emailAddress,
+ String ipAddress,
+ Date authnInstant,
+ String authMethod)
+ throws GlobusSAMLException,GSSException,GlobusCredentialException {
+
+ GatewayCredential gatewayCred=
+ createGatewayCredential(vanillaCred,userName,emailAddress,ipAddress,authnInstant,authMethod);
+ GSSCredential decoratedCred=GSIUtil.toGSSCredential(gatewayCred.issue());
+ return decoratedCred;
+ }
+
+ public static GlobusCredential decorateCred(GlobusCredential vanillaCred,
+ String userName,
+ String emailAddress,
+ String ipAddress,
+ Date authnInstant,
+ String authMethod)
+ throws GlobusSAMLException,GSSException,GlobusCredentialException {
+
+
+
+ GatewayCredential gatewayCred=
+ createGatewayCredential(vanillaCred,userName,emailAddress,ipAddress,authnInstant,authMethod);
+ GlobusCredential decoratedCred=gatewayCred.issue();
+ return decoratedCred;
+ }
+
+ protected static GatewayCredential createGatewayCredential(GlobusCredential vanillaCred,
+ String userName,
+ String emailAddress,
+ String ipAddress,
+ Date authnInstant,
+ String authMethod)
+ throws GlobusSAMLException,GSSException,GlobusCredentialException {
+
+ GatewayCredential gatewayCred=new GatewayCredential(userName);
+ gatewayCred.addEmailAddress(emailAddress);
+ gatewayCred.setAuthnContext(authMethod, authnInstant, ipAddress);
+ gatewayCred.setCredential(vanillaCred);
+ return gatewayCred;
+ }
+
+}
Modified: incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/webapp/WEB-INF/applicationContext-security.xml
URL: http://svn.apache.org/viewvc/incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/webapp/WEB-INF/applicationContext-security.xml?rev=1159789&r1=1159788&r2=1159789&view=diff
==============================================================================
--- incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/webapp/WEB-INF/applicationContext-security.xml (original)
+++ incubator/rave/sandbox/science-gateways/rave-gateway-extensions/src/main/webapp/WEB-INF/applicationContext-security.xml Fri Aug 19 21:12:05 2011
@@ -37,7 +37,10 @@
<!-- all urls must be authenticated -->
<security:intercept-url pattern="/**"
access="isAuthenticated()"/>
- <security:openid-login user-service-ref="gsiUserService">
+ <!-- Set the user service ref here to the implementation you want to use. The name is
+ defined in the @Service annotation of the corresponding service source code.
+ -->
+ <security:openid-login user-service-ref="communityUserService">
<security:attribute-exchange>
<!-- Supported by MyOpenID.com -->
<security:openid-attribute name="firstName" type="http://schema.openid.net/namePerson/first"/>
@@ -56,8 +59,10 @@
</security:http>
<security:authentication-manager>
- <security:authentication-provider
- user-service-ref="gsiUserService">
+ <!-- Set the user service ref here to the implementation you want to use. The name is
+ defined in the @Service annotation of the corresponding service source code.
+ -->
+ <security:authentication-provider user-service-ref="communityUserService">
<security:password-encoder ref="passwordEncoder">
<security:salt-source ref="saltSource"/>
</security:password-encoder>