Search in sources :

Example 61 with ApplicationSettingsException

use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.

the class UserResource method save.

/**
 * save user to the database
 */
public void save() throws RegistryException {
    EntityManager em = null;
    try {
        em = ExpCatResourceUtils.getEntityManager();
        UserPK userPK = new UserPK();
        userPK.setGatewayId(gatewayId);
        userPK.setUserName(userName);
        Users existingUser = em.find(Users.class, userPK);
        Gateway gateway = em.find(Gateway.class, gatewayId);
        em.close();
        em = ExpCatResourceUtils.getEntityManager();
        em.getTransaction().begin();
        Users user = new Users();
        user.setAiravataInternalUserId(userName + "@" + gatewayId);
        user.setUserName(userName);
        user.setGatewayId(gateway.getGatewayId());
        user.setGateway(gateway);
        if (password != null && !password.equals("")) {
            try {
                user.setPassword(SecurityUtil.digestString(password, ServerSettings.getSetting("default.registry.password.hash.method")));
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("Error hashing default admin password. Invalid hash algorithm.", e);
            } catch (ApplicationSettingsException e) {
                throw new RuntimeException("Error reading hash algorithm from configurations", e);
            }
        }
        if (existingUser != null) {
            if (password != null && !password.equals("")) {
                try {
                    existingUser.setPassword(SecurityUtil.digestString(password, ServerSettings.getSetting("default.registry.password.hash.method")));
                    existingUser.setGatewayId(gateway.getGatewayId());
                    existingUser.setGateway(gateway);
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException("Error hashing default admin password. Invalid hash algorithm.", e);
                } catch (ApplicationSettingsException e) {
                    throw new RuntimeException("Error reading hash algorithm from configurations", e);
                }
            }
            user = em.merge(existingUser);
        } else {
            em.persist(user);
        }
        em.getTransaction().commit();
        em.close();
    } catch (Exception e) {
        logger.error(e.getMessage(), e);
        throw new RegistryException(e);
    } finally {
        if (em != null && em.isOpen()) {
            if (em.getTransaction().isActive()) {
                em.getTransaction().rollback();
            }
            em.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) EntityManager(javax.persistence.EntityManager) UserPK(org.apache.airavata.registry.core.experiment.catalog.model.UserPK) Gateway(org.apache.airavata.registry.core.experiment.catalog.model.Gateway) Users(org.apache.airavata.registry.core.experiment.catalog.model.Users) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RegistryException(org.apache.airavata.registry.cpi.RegistryException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RegistryException(org.apache.airavata.registry.cpi.RegistryException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)

Example 62 with ApplicationSettingsException

use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.

the class IamAdminServicesHandler method setUpGateway.

@Override
@SecurityCheck
public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential();
    try {
        keycloakclient.addTenant(isSuperAdminCredentials, gateway);
        // Load the tenant admin password stored in gateway request
        CredentialStoreService.Client credentialStoreClient = getCredentialStoreServiceClient();
        // Admin password token should already be stored under requested gateway's gatewayId
        PasswordCredential tenantAdminPasswordCredential = credentialStoreClient.getPasswordCredential(gateway.getIdentityServerPasswordToken(), gateway.getGatewayId());
        if (!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials, gateway, tenantAdminPasswordCredential.getPassword())) {
            logger.error("Admin account creation failed !!, please refer error logs for reason");
        }
        Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials, gateway);
        return gatewayWithIdAndSecret;
    } catch (TException | ApplicationSettingsException ex) {
        logger.error("Gateway Setup Failed, reason: " + ex.getMessage(), ex);
        IamAdminServicesException iamAdminServicesException = new IamAdminServicesException(ex.getMessage());
        throw iamAdminServicesException;
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) TException(org.apache.thrift.TException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) Gateway(org.apache.airavata.model.workspace.Gateway) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) CredentialStoreService(org.apache.airavata.credential.store.cpi.CredentialStoreService) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 63 with ApplicationSettingsException

use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.

the class IamAdminServicesHandler method updateUserProfile.

@Override
@SecurityCheck
public void updateUserProfile(AuthzToken authzToken, UserProfile userDetails) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    try {
        String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
        if (!gatewayId.equals(userDetails.getGatewayId())) {
            throw new IamAdminServicesException("gatewayId in user profile doesn't match authorization token!");
        }
        if (!username.equals(userDetails.getUserId())) {
            throw new IamAdminServicesException("userId in user profile doesn't match authorization token!");
        }
        PasswordCredential credential = getTenantAdminPasswordCredential(gatewayId);
        keycloakclient.updateUserProfile(credential, gatewayId, username, userDetails);
    } catch (ApplicationSettingsException e) {
        throw new IamAdminServicesException("Unable to create service clients. Reason: " + e.getMessage());
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 64 with ApplicationSettingsException

use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.

the class IamAdminServicesHandler method registerUser.

// ToDo: Will only be secure when using SSL between PGA and Airavata
@Override
@SecurityCheck
public boolean registerUser(AuthzToken authzToken, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException, AuthorizationException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        if (keycloakclient.createUser(isRealmAdminCredentials, gatewayId, username, emailAddress, firstName, lastName, newPassword))
            return true;
        else
            return false;
    } catch (TException | ApplicationSettingsException ex) {
        String msg = "Error while registering user into Identity Server, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) TException(org.apache.thrift.TException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 65 with ApplicationSettingsException

use of org.apache.airavata.common.exception.ApplicationSettingsException in project airavata by apache.

the class IamAdminServicesHandler method getSuperAdminPasswordCredential.

private PasswordCredential getSuperAdminPasswordCredential() {
    PasswordCredential isSuperAdminCredentials = new PasswordCredential();
    try {
        isSuperAdminCredentials.setLoginUserName(ServerSettings.getIamServerSuperAdminUsername());
        isSuperAdminCredentials.setPassword(ServerSettings.getIamServerSuperAdminPassword());
    } catch (ApplicationSettingsException e) {
        throw new RuntimeException("Unable to get settings for IAM super admin username/password", e);
    }
    return isSuperAdminCredentials;
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential)

Aggregations

ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)263 EntityManager (javax.persistence.EntityManager)193 AppCatalogException (org.apache.airavata.registry.cpi.AppCatalogException)172 Query (javax.persistence.Query)147 AppCatalogQueryGenerator (org.apache.airavata.registry.core.app.catalog.util.AppCatalogQueryGenerator)129 HashMap (java.util.HashMap)71 Map (java.util.Map)69 ArrayList (java.util.ArrayList)47 WorkflowCatalogException (org.apache.airavata.registry.cpi.WorkflowCatalogException)26 IOException (java.io.IOException)23 IamAdminServicesException (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)20 TException (org.apache.thrift.TException)19 WorkflowCatalogQueryGenerator (org.apache.airavata.registry.core.workflow.catalog.utils.WorkflowCatalogQueryGenerator)18 GFacException (org.apache.airavata.gfac.core.GFacException)11 PasswordCredential (org.apache.airavata.model.credential.store.PasswordCredential)11 Keycloak (org.keycloak.admin.client.Keycloak)11 RegistryServiceException (org.apache.airavata.registry.api.exception.RegistryServiceException)7 CompositeIdentifier (org.apache.airavata.registry.cpi.CompositeIdentifier)7 File (java.io.File)6 Connection (java.sql.Connection)6