use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.
the class UserResource method save.
/**
* save user to the database
*/
public void save() throws RegistryException {
EntityManager em = null;
try {
em = ExpCatResourceUtils.getEntityManager();
UserPK userPK = new UserPK();
userPK.setGatewayId(gatewayId);
userPK.setUserName(userName);
Users existingUser = em.find(Users.class, userPK);
Gateway gateway = em.find(Gateway.class, gatewayId);
em.close();
em = ExpCatResourceUtils.getEntityManager();
em.getTransaction().begin();
Users user = new Users();
user.setAiravataInternalUserId(userName + "@" + gatewayId);
user.setUserName(userName);
user.setGatewayId(gateway.getGatewayId());
user.setGateway(gateway);
if (password != null && !password.equals("")) {
try {
user.setPassword(SecurityUtil.digestString(password, ServerSettings.getSetting("default.registry.password.hash.method")));
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Error hashing default admin password. Invalid hash algorithm.", e);
} catch (ApplicationSettingsException e) {
throw new RuntimeException("Error reading hash algorithm from configurations", e);
}
}
if (existingUser != null) {
if (password != null && !password.equals("")) {
try {
existingUser.setPassword(SecurityUtil.digestString(password, ServerSettings.getSetting("default.registry.password.hash.method")));
existingUser.setGatewayId(gateway.getGatewayId());
existingUser.setGateway(gateway);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Error hashing default admin password. Invalid hash algorithm.", e);
} catch (ApplicationSettingsException e) {
throw new RuntimeException("Error reading hash algorithm from configurations", e);
}
}
user = em.merge(existingUser);
} else {
em.persist(user);
}
em.getTransaction().commit();
em.close();
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RegistryException(e);
} finally {
if (em != null && em.isOpen()) {
if (em.getTransaction().isActive()) {
em.getTransaction().rollback();
}
em.close();
}
}
}
use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.
the class IamAdminServicesHandler method setUpGateway.
@Override
@SecurityCheck
public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential();
try {
keycloakclient.addTenant(isSuperAdminCredentials, gateway);
// Load the tenant admin password stored in gateway request
CredentialStoreService.Client credentialStoreClient = getCredentialStoreServiceClient();
// Admin password token should already be stored under requested gateway's gatewayId
PasswordCredential tenantAdminPasswordCredential = credentialStoreClient.getPasswordCredential(gateway.getIdentityServerPasswordToken(), gateway.getGatewayId());
if (!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials, gateway, tenantAdminPasswordCredential.getPassword())) {
logger.error("Admin account creation failed !!, please refer error logs for reason");
}
Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials, gateway);
return gatewayWithIdAndSecret;
} catch (TException | ApplicationSettingsException ex) {
logger.error("Gateway Setup Failed, reason: " + ex.getMessage(), ex);
IamAdminServicesException iamAdminServicesException = new IamAdminServicesException(ex.getMessage());
throw iamAdminServicesException;
}
}
use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.
the class IamAdminServicesHandler method updateUserProfile.
@Override
@SecurityCheck
public void updateUserProfile(AuthzToken authzToken, UserProfile userDetails) throws IamAdminServicesException, AuthorizationException, TException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
try {
String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
if (!gatewayId.equals(userDetails.getGatewayId())) {
throw new IamAdminServicesException("gatewayId in user profile doesn't match authorization token!");
}
if (!username.equals(userDetails.getUserId())) {
throw new IamAdminServicesException("userId in user profile doesn't match authorization token!");
}
PasswordCredential credential = getTenantAdminPasswordCredential(gatewayId);
keycloakclient.updateUserProfile(credential, gatewayId, username, userDetails);
} catch (ApplicationSettingsException e) {
throw new IamAdminServicesException("Unable to create service clients. Reason: " + e.getMessage());
}
}
use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.
the class IamAdminServicesHandler method registerUser.
// ToDo: Will only be secure when using SSL between PGA and Airavata
@Override
@SecurityCheck
public boolean registerUser(AuthzToken authzToken, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException, AuthorizationException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
try {
PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
if (keycloakclient.createUser(isRealmAdminCredentials, gatewayId, username, emailAddress, firstName, lastName, newPassword))
return true;
else
return false;
} catch (TException | ApplicationSettingsException ex) {
String msg = "Error while registering user into Identity Server, reason: " + ex.getMessage();
logger.error(msg, ex);
throw new IamAdminServicesException(msg);
}
}
use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.
the class IamAdminServicesHandler method getSuperAdminPasswordCredential.
private PasswordCredential getSuperAdminPasswordCredential() {
PasswordCredential isSuperAdminCredentials = new PasswordCredential();
try {
isSuperAdminCredentials.setLoginUserName(ServerSettings.getIamServerSuperAdminUsername());
isSuperAdminCredentials.setPassword(ServerSettings.getIamServerSuperAdminPassword());
} catch (ApplicationSettingsException e) {
throw new RuntimeException("Unable to get settings for IAM super admin username/password", e);
}
return isSuperAdminCredentials;
}
Aggregations