You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sm...@apache.org on 2015/08/17 06:09:08 UTC
[06/10] airavata git commit: updated the default-xacml-policy with a
new rule for admin-read-only role,
finished identifying including all admin methods in the policy and updated the
sample client to demonstrate the latest updates to the authorization po
updated the default-xacml-policy with a new rule for admin-read-only role, finished identifying including all admin methods in the policy and updated the sample client to demonstrate the latest updates to the authorization policy.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/c3652607
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/c3652607
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/c3652607
Branch: refs/heads/master
Commit: c3652607aff77da6dc4dd6ab039ada78aa836c79
Parents: 4226a2d
Author: hasinitg <ha...@gmail.com>
Authored: Wed Aug 5 14:04:41 2015 +0530
Committer: hasinitg <ha...@gmail.com>
Committed: Wed Aug 5 14:04:41 2015 +0530
----------------------------------------------------------------------
.../resources/airavata-default-xacml-policy.xml | 98 +++++++++++++++++++-
.../airavata/secure/sample/SecureClient.java | 18 +++-
2 files changed, 113 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/c3652607/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml b/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
index ab3208d..b0ca91e 100644
--- a/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
+++ b/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml
@@ -23,6 +23,64 @@
</Apply>
</Condition>
</Rule>
+ <Rule Effect="Permit" RuleId="admin-read-only-permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^(?:(?!
+/airavata/addGateway|
+/airavata/deleteteway|
+/airavata/updateGateway|
+/airavata/registerApplicationModule|
+/airavata/deleteApplicationModule|
+/airavata/updateApplicationInterface|
+/airavata/deleteApplicationInterface|
+/airavata/updateApplicationDeployment|
+/airavata/registerApplicationDeployment|
+/airavata/deleteApplicationDeployment|
+/airavata/updateComputeResource|
+/airavata/registerComputeResource|
+/airavata/deleteBatchQueue|
+/airavata/updateResourceJobManager|
+/airavata/addLocalSubmissionDetails|
+/airavata/updateResourceJobManager|
+/airavaa/updateSSHJobSubmissionDetails|
+/airavata/addSSHJobSubmissionDetails|
+/airavata/updateUnicoreJobSubmissionDetails|
+/airavata/addUNICOREJobSubmissionDetails|
+/airavata/addLocalDataMovementDetails|
+/airavata/updateSCPDataMovementDetails|
+/airavata/addSCPDataMovementDetails|
+/airavata/updateGridFTPDataMovementDetails|
+/airavata/addGridFTPDataMovementDetails|
+/airavata/updateUnicoreDataMovementDetails|
+/airavata/addUnicoreDataMovementDetails|
+/airavata/deleteJobSubmissionInterface|
+/airavata/deleteDataMovementInterface|
+/airavata/deleteComputeResource|
+/airavata/updateGatewayResourceProfile|
+/airavata/registerGatewayResourceProfile|
+/airavata/addGatewayComputeResourcePreference|
+/airavata/deleteGatewayResourceProfile|
+/airavata/deleteGatewayComputeResourcePreference).)*$\r?\n?
+</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin_read_only</AttributeValue>
+ <AttributeDesignator AttributeId="http://wso2.org/claims/role"
+ Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
+ </Apply>
+ </Condition>
+ </Rule>
<Rule Effect="Permit" RuleId="user-permit">
<Target>
<AnyOf>
@@ -30,6 +88,7 @@
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^(?:(?!
/airavata/addGateway|
+/airavata/getExperimentStatistics|
/airavata/deleteteway|
/airavata/updateGateway|
/airavata/registerApplicationModule|
@@ -46,7 +105,44 @@
/airavata/getApplicationInterface|
/airavata/getApplicationInputs|
/airavata/getApplicationOutputs|
-/airavata/getExperimentStatistics).)*$\r?\n?
+/airavata/updateComputeResource|
+/airavata/getComputeResource|
+/airavata/registerComputeResource|
+/airavata/deleteBatchQueue|
+/airavata/getLocalJobSubmission|
+/airavata/updateResourceJobManager|
+/airavata/addLocalSubmissionDetails|
+/airavata/getSSHJobSubmission|
+/airavata/updateResourceJobManager|
+/airavata/getresourceJobManager|
+/airavaa/updateSSHJobSubmissionDetails|
+/airavata/addSSHJobSubmissionDetails|
+/airavata/getUnicoreJobSubmission|
+/airavata/updateUnicoreJobSubmissionDetails|
+/airavata/addUNICOREJobSubmissionDetails|
+/airavata/addLocalDataMovementDetails|
+/airavata/updateSCPDataMovementDetails|
+/airavata/addSCPDataMovementDetails|
+/airavata/updateGridFTPDataMovementDetails|
+/airavata/addGridFTPDataMovementDetails|
+/airavata/updateUnicoreDataMovementDetails|
+/airavata/addUnicoreDataMovementDetails|
+/airavata/getCloudJobSubmission|
+/airavata/getSCPDataMovement|
+/airavata/getGridFTPDataMovement|
+/airavata/getUnicoreDataMovement|
+/airavata/deleteJobSubmissionInterface|
+/airavata/deleteDataMovementInterface|
+/airavata/deleteComputeResource|
+/airavata/updateGatewayResourceProfile|
+/airavata/registerGatewayResourceProfile|
+/airavata/getAllGateways|
+/airavata/getGateway|
+/airavata/getAllGatewayComputeResources|
+/airavata/addGatewayComputeResourcePreference|
+/airavata/deleteGatewayResourceProfile|
+/airavata/deleteGatewayComputeResourcePreference|
+/airavata/getAvailableAppInterfaceComputeResources).)*$\r?\n?
</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
http://git-wip-us.apache.org/repos/asf/airavata/blob/c3652607/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
----------------------------------------------------------------------
diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
index 890aa99..992d17d 100644
--- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
+++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java
@@ -21,6 +21,7 @@
package org.apache.airavata.secure.sample;
import org.apache.airavata.api.client.AiravataClientFactory;
+import org.apache.airavata.model.appcatalog.appdeployment.ApplicationModule;
import org.apache.airavata.model.error.*;
import org.apache.airavata.api.Airavata;
import org.apache.airavata.model.security.AuthzToken;
@@ -35,6 +36,7 @@ import org.slf4j.LoggerFactory;
import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.Scanner;
@@ -185,7 +187,8 @@ public class SecureClient {
System.out.println("");
System.out.println("Enter the number corresponding to the method to be invoked: ");
System.out.println("1. getAPIVersion");
- System.out.println("2. addGateway");
+ System.out.println("2. getAllAppModules");
+ System.out.println("3. addGateway");
String methodNumberString = scanner.next();
int methodNumber = Integer.valueOf(methodNumberString.trim());
@@ -202,12 +205,23 @@ public class SecureClient {
System.out.println("");
System.out.println("Airavata API version: " + version);
System.out.println("");
-
} else if (methodNumber == 2) {
System.out.println("");
System.out.println("Enter the gateway id: ");
String gatewayId = scanner.next().trim();
+ List<ApplicationModule> appModules= client.getAllAppModules(authzToken, gatewayId);
+ System.out.println("Output of getAllAppModuels: ");
+ for (ApplicationModule appModule : appModules) {
+ System.out.println(appModule.getAppModuleName());
+ }
+ System.out.println("");
+ System.out.println("");
+ } else if (methodNumber == 3) {
+ System.out.println("");
+ System.out.println("Enter the gateway id: ");
+ String gatewayId = scanner.next().trim();
+
Gateway gateway = new Gateway(gatewayId);
gateway.setDomain("airavata.org");
gateway.setEmailAddress("airavata@apache.org");