You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2017/04/03 17:50:22 UTC
[1/3] airavata git commit: adding KeyCloak based security manager
Repository: airavata
Updated Branches:
refs/heads/develop 5100c07db -> 048a11bab
adding KeyCloak based security manager
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/4ec28232
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/4ec28232
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/4ec28232
Branch: refs/heads/develop
Commit: 4ec282320f267729c9c8b7138667c092d8f98035
Parents: 6bc536f
Author: scnakandala <su...@gmail.com>
Authored: Mon Apr 3 13:48:59 2017 -0400
Committer: scnakandala <su...@gmail.com>
Committed: Mon Apr 3 13:48:59 2017 -0400
----------------------------------------------------------------------
.../security/KeyCloakSecurityManager.java | 286 +++++++++++++++++++
.../apache/airavata/common/utils/Constants.java | 2 +
.../airavata/common/utils/ServerSettings.java | 9 +
.../main/resources/airavata-server.properties | 5 +
.../src/main/resources/client_truststore.jks | Bin 2423 -> 3740 bytes
5 files changed, 302 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
new file mode 100644
index 0000000..bd1c90b
--- /dev/null
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
@@ -0,0 +1,286 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+*/
+package org.apache.airavata.api.server.security;
+
+import org.apache.airavata.api.server.security.authzcache.*;
+import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.Constants;
+import org.apache.airavata.common.utils.ServerSettings;
+import org.apache.airavata.credential.store.client.CredentialStoreClientFactory;
+import org.apache.airavata.credential.store.cpi.CredentialStoreService;
+import org.apache.airavata.credential.store.exception.CredentialStoreException;
+import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile;
+import org.apache.airavata.model.credential.store.PasswordCredential;
+import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.registry.api.RegistryService;
+import org.apache.airavata.registry.api.client.RegistryServiceClientFactory;
+import org.apache.airavata.registry.api.exception.RegistryServiceException;
+import org.apache.airavata.security.AiravataSecurityException;
+import org.apache.airavata.security.util.TrustStoreManager;
+import org.apache.thrift.TException;
+import org.json.JSONArray;
+import org.json.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class KeyCloakSecurityManager implements AiravataSecurityManager {
+ private final static Logger logger = LoggerFactory.getLogger(KeyCloakSecurityManager.class);
+
+ private HashMap<String, String> rolePermissionConfig = new HashMap<>();
+
+
+ public KeyCloakSecurityManager() throws AiravataSecurityException {
+ rolePermissionConfig.put("admin", "/airavata/.*");
+ rolePermissionConfig.put("gateway-provider", "/airavata/.*");
+ rolePermissionConfig.put("admin-read-only", "/airavata/getSSHPubKey|/airavata/getAllGatewaySSHPubKeys" +
+ "|/airavata/getAllGatewayPWDCredentials|/airavata/getApplicationModule|/airavata/getAllAppModules" +
+ "|/airavata/getApplicationDeployment|/airavata/getAllApplicationDeployments|/airavata/getAppModuleDeployedResources" +
+ "|/airavata/getStorageResource|/airavata/getAllStorageResourceNames|/airavata/getSCPDataMovement" +
+ "|/airavata/getUnicoreDataMovement|/airavata/getGridFTPDataMovement|/airavata/getResourceJobManager" +
+ "|/airavata/deleteResourceJobManager|/airavata/getGatewayResourceProfile|/airavata/getGatewayComputeResourcePreference" +
+ "|/airavata/getGatewayStoragePreference|/airavata/getAllGatewayComputeResourcePreferences" +
+ "|/airavata/getAllGatewayStoragePreferences|/airavata/getAllGatewayResourceProfiles|/airavata/getAPIVersion" +
+ "|/airavata/getNotification|/airavata/getAllNotifications|/airavata/createProject|/airavata/updateProject" +
+ "|/airavata/getProject|/airavata/deleteProject|/airavata/getUserProjects|/airavata/searchProjectsByProjectName" +
+ "|/airavata/searchProjectsByProjectDesc|/airavata/searchExperimentsByName|/airavata/searchExperimentsByDesc" +
+ "|/airavata/searchExperimentsByApplication|/airavata/searchExperimentsByStatus|/airavata/searchExperimentsByCreationTime" +
+ "|/airavata/searchExperiments|/airavata/getExperimentStatistics|/airavata/getExperimentsInProject" +
+ "|/airavata/getUserExperiments|/airavata/createExperiment|/airavata/deleteExperiment|/airavata/getExperiment" +
+ "|/airavata/getDetailedExperimentTree|/airavata/updateExperiment|/airavata/updateExperimentConfiguration" +
+ "|/airavata/updateResourceScheduleing|/airavata/validateExperiment|/airavata/launchExperiment" +
+ "|/airavata/getExperimentStatus|/airavata/getExperimentOutputs|/airavata/getIntermediateOutputs" +
+ "|/airavata/getJobStatuses|/airavata/getJobDetails|/airavata/cloneExperiment|/airavata/terminateExperiment" +
+ "|/airavata/getApplicationInterface|/airavata/getAllApplicationInterfaceNames|/airavata/getAllApplicationInterfaces" +
+ "|/airavata/getApplicationInputs|/airavata/getApplicationOutputs|/airavata/getAvailableAppInterfaceComputeResources" +
+ "|/airavata/getComputeResource|/airavata/getAllComputeResourceNames|/airavata/getWorkflow|/airavata/getWorkflowTemplateId" +
+ "|/airavata/isWorkflowExistWithName|/airavata/registerDataProduct|/airavata/getDataProduct|/airavata/registerReplicaLocation" +
+ "|/airavata/getParentDataProduct|/airavata/getChildDataProducts");
+ rolePermissionConfig.put("gateway-user", "/airavata/getAPIVersion|/airavata/getNotification|/airavata/getAllNotifications|" +
+ "/airavata/createProject|/airavata/updateProject|/airavata/getProject|/airavata/deleteProject|/airavata/getUserProjects|" +
+ "/airavata/searchProjectsByProjectName|/airavata/searchProjectsByProjectDesc|/airavata/searchExperimentsByName|" +
+ "/airavata/searchExperimentsByDesc|/airavata/searchExperimentsByApplication|/airavata/searchExperimentsByStatus|" +
+ "/airavata/searchExperimentsByCreationTime|/airavata/searchExperiments|/airavata/getExperimentStatistics|" +
+ "/airavata/getExperimentsInProject|/airavata/getUserExperiments|/airavata/createExperiment|/airavata/deleteExperiment|" +
+ "/airavata/getExperiment|/airavata/getDetailedExperimentTree|/airavata/updateExperiment|/airavata/updateExperimentConfiguration|" +
+ "/airavata/updateResourceScheduleing|/airavata/validateExperiment|/airavata/launchExperiment|/airavata/getExperimentStatus|" +
+ "/airavata/getExperimentOutputs|/airavata/getIntermediateOutputs|/airavata/getJobStatuses|/airavata/getJobDetails|" +
+ "/airavata/cloneExperiment|/airavata/terminateExperiment|/airavata/getApplicationInterface|/airavata/getAllApplicationInterfaceNames|" +
+ "/airavata/getAllApplicationInterfaces|/airavata/getApplicationInputs|/airavata/getApplicationOutputs|" +
+ "/airavata/getAvailableAppInterfaceComputeResources|/airavata/getComputeResource|/airavata/getAllComputeResourceNames|" +
+ "/airavata/getWorkflow|/airavata/getWorkflowTemplateId|/airavata/isWorkflowExistWithName|/airavata/registerDataProduct|" +
+ "/airavata/getDataProduct|/airavata/registerReplicaLocation|/airavata/getParentDataProduct|/airavata/getChildDataProducts");
+
+ initializeSecurityInfra();
+ }
+
+ /**
+ * Implement this method in your SecurityManager to perform necessary initializations at the server startup.
+ *
+ * @throws AiravataSecurityException
+ */
+ @Override
+ public void initializeSecurityInfra() throws AiravataSecurityException {
+ try {
+ //initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server.
+ TrustStoreManager trustStoreManager = new TrustStoreManager();
+ trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
+ ServerSettings.getTrustStorePassword());
+ } catch (Exception e) {
+ throw new AiravataSecurityException(e.getMessage(), e);
+ }
+
+ }
+
+ /**
+ * Implement this method with the user authentication/authorization logic in your SecurityManager.
+ *
+ * @param authzToken : this includes OAuth token and user's claims
+ * @param metaData : this includes other meta data needed for security enforcements.
+ * @return
+ * @throws AiravataSecurityException
+ */
+ @Override
+ public boolean isUserAuthorized(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException {
+ String subject = authzToken.getClaimsMap().get(Constants.USER_NAME);
+ String accessToken = authzToken.getAccessToken();
+ String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ String action = metaData.get(Constants.API_METHOD_NAME);
+ try {
+ if (!ServerSettings.isAPISecured()) {
+ return true;
+ }
+
+ if (ServerSettings.isAuthzCacheEnabled()) {
+ //obtain an instance of AuthzCacheManager implementation.
+ AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager();
+
+ //check in the cache
+ AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus(
+ new AuthzCacheIndex(subject, gatewayId, accessToken, action));
+
+ if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) {
+ logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache.");
+ return true;
+ } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) {
+ logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is retrieved from cache.");
+ return false;
+ } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) {
+ logger.debug("Authz decision for: (" + subject + ", " + accessToken + ", " + action + ") is not in the cache. " +
+ "Obtaining it from the authorization server.");
+ String[] roles = getUserRolesFromOAuthToken(subject, accessToken, gatewayId);
+ boolean authorizationDecision = hasPermission(roles, action);
+ //cache the authorization decision
+ long currentTime = System.currentTimeMillis();
+ //TODO get the actual token expiration time
+ authzCacheManager.addToAuthzCache(new AuthzCacheIndex(subject, gatewayId, accessToken, action),
+ new AuthzCacheEntry(authorizationDecision, currentTime + 1000 * 60 * 60, currentTime));
+ return authorizationDecision;
+ } else {
+ //undefined status returned from the authz cache manager
+ throw new AiravataSecurityException("Error in reading from the authorization cache.");
+ }
+ } else {
+ String[] roles = getUserRolesFromOAuthToken(subject, accessToken, gatewayId);
+ return hasPermission(roles, action);
+ }
+
+ } catch (ApplicationSettingsException e) {
+ e.printStackTrace();
+ throw new AiravataSecurityException(e.getMessage(), e);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new AiravataSecurityException(e.getMessage(), e);
+ }
+ }
+
+ private String[] getUserRolesFromOAuthToken(String username, String token, String gatewayId) throws Exception {
+ String openIdConnectUrl = ServerSettings.getRemoteOpenIdDiscoveryUrl();
+ JSONObject openIdConnectConfig = new JSONObject(getFromUrl(openIdConnectUrl, token));
+ String userInfoEndPoint = openIdConnectConfig.getString("userinfo_endpoint");
+ JSONObject userInfo = new JSONObject(getFromUrl(userInfoEndPoint, token));
+ if (!username.equals(userInfo.get("preferred_username"))) {
+ throw new AiravataSecurityException("Subject name and username for the token doesn't match");
+ }
+ String userId = userInfo.getString("sub");
+
+ GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId);
+ String identityServerRelam = gwrp.getIdentityServerTenant();
+ String userRoleMappingUrl = ServerSettings.getRemoteIDPServiceUrl() + "/admin/realms/"
+ + identityServerRelam + "/users/"
+ + userId + "/role-mappings/realm";
+ JSONArray roleMappings = new JSONArray(getFromUrl(userRoleMappingUrl, getAdminAccessToken(gatewayId)));
+ String[] roles = new String[roleMappings.length()];
+ for (int i = 0; i < roleMappings.length(); i++) {
+ roles[i] = (new JSONObject(roleMappings.get(i).toString())).get("name").toString();
+ }
+
+ return roles;
+ }
+
+ public String getFromUrl(String urlToRead, String token) throws Exception {
+ StringBuilder result = new StringBuilder();
+ URL url = new URL(urlToRead);
+ HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+ conn.setRequestMethod("GET");
+ String bearerAuth = "Bearer " + token;
+ conn.setRequestProperty("Authorization", bearerAuth);
+ BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
+ String line;
+ while ((line = rd.readLine()) != null) {
+ result.append(line);
+ }
+ rd.close();
+ return result.toString();
+ }
+
+ private String getAdminAccessToken(String gatewayId) throws TException, ApplicationSettingsException, IOException {
+ CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
+ GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId);
+ PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
+ String username = credential.getLoginUserName();
+ String password = credential.getPassword();
+ String urlString = ServerSettings.getRemoteIDPServiceUrl() + "/realms/master/protocol/openid-connect/token";
+ StringBuilder result = new StringBuilder();
+ URL url = new URL(urlString);
+ HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+ conn.setRequestMethod("POST");
+ conn.setDoOutput(true);
+ String postFields = "client_id=admin-cli&username=" + username + "&password=" + password + "&grant_type=password";
+ conn.getOutputStream().write(postFields.getBytes());
+ BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
+ String line;
+ while ((line = rd.readLine()) != null) {
+ result.append(line);
+ }
+ rd.close();
+ JSONObject tokenInfo = new JSONObject(result.toString());
+ return tokenInfo.get("access_token").toString();
+ }
+
+
+ private boolean hasPermission(String[] roles, String apiMethod) {
+ for (int i = 0; i < roles.length; i++) {
+ String role = roles[i];
+ if (this.rolePermissionConfig.keySet().contains(role)) {
+ Pattern pattern = Pattern.compile(this.rolePermissionConfig.get(role));
+ Matcher matcher = pattern.matcher(apiMethod);
+ if (matcher.matches())
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private RegistryService.Client getRegistryServiceClient() throws TException, ApplicationSettingsException {
+ final int serverPort = Integer.parseInt(ServerSettings.getRegistryServerPort());
+ final String serverHost = ServerSettings.getRegistryServerHost();
+ try {
+ return RegistryServiceClientFactory.createRegistryClient(serverHost, serverPort);
+ } catch (RegistryServiceException e) {
+ throw new TException("Unable to create registry client...", e);
+ }
+ }
+
+ private CredentialStoreService.Client getCredentialStoreServiceClient() throws TException, ApplicationSettingsException {
+ final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort());
+ final String serverHost = ServerSettings.getCredentialStoreServerHost();
+ try {
+ return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort);
+ } catch (CredentialStoreException e) {
+ throw new TException("Unable to create credential store client...", e);
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ KeyCloakSecurityManager keyCloakSecurityManager = new KeyCloakSecurityManager();
+ keyCloakSecurityManager.getUserRolesFromOAuthToken("supun.nakandala@gmail.com", "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJKd1pob2pURlJHaVVCaGh3aFBWUFBVeHpUNmFmTmllZ0lnejZqbHhmR1BRIn0.eyJqdGkiOiIxMjhjMjBhZC1hNTUxLTQ2MWYtODYzNS02NjA1MDkzM2IzOTEiLCJleHAiOjE0OTEyNDE3MzcsIm5iZiI6MCwiaWF0IjoxNDkxMjQxNDM3LCJpc3MiOiJodHRwczovL2lhbS5zY2lnYXAub3JnL2F1dGgvcmVhbG1zL2FpcmF2YXRhIiwiYXVkIjoicGdhIiwic3ViIjoiY2Y2ZDUyNzMtMGEzNC00MTUzLWEyZDktZmMzMWUyMzFiODY4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicGdhIiwiYXV0aF90aW1lIjoxNDkxMjM5OTgwLCJzZXNzaW9uX3N0YXRlIjoiNGIzNDRhNGUtNDU3Ny00NDgzLTk0OTItYTJkMjhiYzVmY2E4IiwiYWNyIjoiMCIsImNsaWVudF9zZXNzaW9uIjoiMDhlMjkzOTEtMTRkYS00ZGJmLWI5NzAtMDliNDYwZGM2YmQ2IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJTdXB1biBOYWthbmRhbGEiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzdXB1bi5uYWthbmRhbGFAZ21haWwuY29tIiwiZ2l2ZW5fbmFtZSI6
IlN1cHVuIiwiZmFtaWx5X25hbWUiOiJOYWthbmRhbGEiLCJlbWFpbCI6InN1cHVuLm5ha2FuZGFsYUBnbWFpbC5jb20ifQ.I93re0YweCBhAAgOVFGbBPEsF7nRjeXQHut8NOdpXiVbeDe1BrcoS5Y86DOPZBWUQBg9GfUF7ZGt4xSatu3aHOOkiANRAAWucwZxuYD8-IXnnrF2ao8lUD94mpORszz_G4ZFcCP6cV6qG9SptdqhvHCYIdH8LvfMCBgjGTe7Um-7RHRrTavaN9b52Wsz-1CQeAcEQkwsGOoyVWUQ_3Cyo2aXpua34DLVJrkSsrSZxIQm5ojq8H3YJzKsssAhMuaIrh5oaDKRr7NjZvzV7aheMt-NwEgKc85Rqk-765tsICBbAjmw7r-cGxlvE32g7HI0-cNjuCVdNOEawoOeD3jH-Q", "airavata");
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
----------------------------------------------------------------------
diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
index b5fbd4b..59b2d96 100644
--- a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
+++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
@@ -35,6 +35,8 @@ public final class Constants {
public static final String IS_API_SECURED = "api.secured";
public static final String SECURITY_MANAGER_CLASS = "security.manager.class";
public static final String REMOTE_OAUTH_SERVER_URL = "remote.oauth.authorization.server";
+ public static final String REMOTE_OPENID_DISCOVERY_URL = "remote.openid.connect.discovery.url";
+ public static final String REMOTE_IDP_SERVICE_URL = "remote.idp.service.url";
public static final String IS_TLS_ENABLED = "TLS.enabled";
public static final String TLS_SERVER_PORT = "TLS.api.server.port";
public static final String KEYSTORE_PATH = "keystore.path";
http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
----------------------------------------------------------------------
diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
index 49fdc54..559d44d 100644
--- a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
+++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
@@ -329,6 +329,15 @@ public class ServerSettings extends ApplicationSettings {
return getSetting(Constants.REMOTE_OAUTH_SERVER_URL);
}
+ public static String getRemoteOpenIdDiscoveryUrl() throws ApplicationSettingsException {
+ return getSetting(Constants.REMOTE_OPENID_DISCOVERY_URL);
+ }
+
+ public static String getRemoteIDPServiceUrl() throws ApplicationSettingsException {
+ return getSetting(Constants.REMOTE_IDP_SERVICE_URL);
+ }
+
+
public static String getAuthorizationPoliyName() throws ApplicationSettingsException {
return getSetting(Constants.AUTHORIZATION_POLICY_NAME);
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/modules/configuration/server/src/main/resources/airavata-server.properties
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties
index fd1449f..5450fc4 100644
--- a/modules/configuration/server/src/main/resources/airavata-server.properties
+++ b/modules/configuration/server/src/main/resources/airavata-server.properties
@@ -325,6 +325,11 @@ authz.cache.enabled=true
authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager
in.memory.cache.size=1000
+#### remote idp service url for KeyCloak based setup####
+remote.idp.service.url=https://iam.scigap.org/auth
+#### remote openid connect discovery url for KeyCloak based setup ####
+remote.openid.connect.discovery.url=https://iam.scigap.org/auth/realms/airavata/.well-known/openid-configuration
+
# Kafka Logging related configuration
isRunningOnAws=false
kafka.broker.list=localhost:9092
http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/modules/configuration/server/src/main/resources/client_truststore.jks
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/client_truststore.jks b/modules/configuration/server/src/main/resources/client_truststore.jks
index 21e4e62..f9805a3 100644
Binary files a/modules/configuration/server/src/main/resources/client_truststore.jks and b/modules/configuration/server/src/main/resources/client_truststore.jks differ
[2/3] airavata git commit: removing the public method
Posted by sc...@apache.org.
removing the public method
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/f0d83311
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/f0d83311
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/f0d83311
Branch: refs/heads/develop
Commit: f0d833113d7a211d2d7344b30406a657515d5989
Parents: 4ec2823
Author: scnakandala <su...@gmail.com>
Authored: Mon Apr 3 13:49:53 2017 -0400
Committer: scnakandala <su...@gmail.com>
Committed: Mon Apr 3 13:49:53 2017 -0400
----------------------------------------------------------------------
.../airavata/api/server/security/KeyCloakSecurityManager.java | 5 -----
1 file changed, 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/f0d83311/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
index bd1c90b..c40980e 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
@@ -278,9 +278,4 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager {
throw new TException("Unable to create credential store client...", e);
}
}
-
- public static void main(String[] args) throws Exception {
- KeyCloakSecurityManager keyCloakSecurityManager = new KeyCloakSecurityManager();
- keyCloakSecurityManager.getUserRolesFromOAuthToken("supun.nakandala@gmail.com", "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJKd1pob2pURlJHaVVCaGh3aFBWUFBVeHpUNmFmTmllZ0lnejZqbHhmR1BRIn0.eyJqdGkiOiIxMjhjMjBhZC1hNTUxLTQ2MWYtODYzNS02NjA1MDkzM2IzOTEiLCJleHAiOjE0OTEyNDE3MzcsIm5iZiI6MCwiaWF0IjoxNDkxMjQxNDM3LCJpc3MiOiJodHRwczovL2lhbS5zY2lnYXAub3JnL2F1dGgvcmVhbG1zL2FpcmF2YXRhIiwiYXVkIjoicGdhIiwic3ViIjoiY2Y2ZDUyNzMtMGEzNC00MTUzLWEyZDktZmMzMWUyMzFiODY4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicGdhIiwiYXV0aF90aW1lIjoxNDkxMjM5OTgwLCJzZXNzaW9uX3N0YXRlIjoiNGIzNDRhNGUtNDU3Ny00NDgzLTk0OTItYTJkMjhiYzVmY2E4IiwiYWNyIjoiMCIsImNsaWVudF9zZXNzaW9uIjoiMDhlMjkzOTEtMTRkYS00ZGJmLWI5NzAtMDliNDYwZGM2YmQ2IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJTdXB1biBOYWthbmRhbGEiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzdXB1bi5uYWthbmRhbGFAZ21haWwuY29tIiwiZ2l2ZW5fbmFtZSI6
IlN1cHVuIiwiZmFtaWx5X25hbWUiOiJOYWthbmRhbGEiLCJlbWFpbCI6InN1cHVuLm5ha2FuZGFsYUBnbWFpbC5jb20ifQ.I93re0YweCBhAAgOVFGbBPEsF7nRjeXQHut8NOdpXiVbeDe1BrcoS5Y86DOPZBWUQBg9GfUF7ZGt4xSatu3aHOOkiANRAAWucwZxuYD8-IXnnrF2ao8lUD94mpORszz_G4ZFcCP6cV6qG9SptdqhvHCYIdH8LvfMCBgjGTe7Um-7RHRrTavaN9b52Wsz-1CQeAcEQkwsGOoyVWUQ_3Cyo2aXpua34DLVJrkSsrSZxIQm5ojq8H3YJzKsssAhMuaIrh5oaDKRr7NjZvzV7aheMt-NwEgKc85Rqk-765tsICBbAjmw7r-cGxlvE32g7HI0-cNjuCVdNOEawoOeD3jH-Q", "airavata");
- }
}
\ No newline at end of file
[3/3] airavata git commit: merge remote branch
Posted by sc...@apache.org.
merge remote branch
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/048a11ba
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/048a11ba
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/048a11ba
Branch: refs/heads/develop
Commit: 048a11babe3a078898eb723c6d3bd19a98a91af5
Parents: f0d8331 5100c07
Author: scnakandala <su...@gmail.com>
Authored: Mon Apr 3 13:50:15 2017 -0400
Committer: scnakandala <su...@gmail.com>
Committed: Mon Apr 3 13:50:15 2017 -0400
----------------------------------------------------------------------
dev-tools/ansible/ansible.cfg | 2 +
.../inventories/testing-0.17/files/airavata.jks | 76 ++++++++++++++++++++
.../testing-0.17/files/airavata_sym.jks | 30 ++++++++
.../testing-0.17/group_vars/all/vars.yml | 7 +-
.../templates/airavata-server.properties.j2 | 6 +-
.../ansible/roles/common/defaults/main.yml | 3 +
dev-tools/ansible/roles/common/tasks/main.yml | 12 ++--
.../templates/airavata-server.properties.j2 | 6 +-
.../monitor/email/parser/LSFEmailParser.java | 1 -
.../catalog/impl/UsrResourceProfileImpl.java | 4 +-
.../model/UserComputeResourcePreference.java | 6 +-
.../model/UserComputeResourcePreferencePK.java | 24 +++++--
.../catalog/model/UserStoragePreference.java | 6 +-
.../catalog/model/UserStoragePreferencePK.java | 22 +++++-
.../UserComputeHostPreferenceResource.java | 10 ++-
.../UserStoragePreferenceResource.java | 14 ++--
.../main/resources/workflowcatalog-mysql.sql | 3 +-
.../registry/cpi/CompositeIdentifier.java | 12 +++-
.../DeltaScripts/appCatalog_schema_delta.sql | 6 +-
19 files changed, 208 insertions(+), 42 deletions(-)
----------------------------------------------------------------------