Example 1 with AiravataSecurityException
use of org.apache.airavata.security.AiravataSecurityException in project airavata by apache.
the class AiravataAPIServer method startAiravataServer.
public void startAiravataServer(Airavata.Processor<Airavata.Iface> airavataAPIServer) throws AiravataSystemException {
try {
final String serverHost = ServerSettings.getSetting(Constants.API_SERVER_HOST, null);
if (!ServerSettings.isTLSEnabled()) {
final int serverPort = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_PORT, "8930"));
TServerTransport serverTransport;
if (ServerSettings.isAPIServerTLSEnabled()) {
logger.info("Starting API Server with TLS Security..");
String keystore = ServerSettings.getApiServerKeystore();
String keystorePWD = ServerSettings.getApiServerKeystorePasswd();
TSSLTransportFactory.TSSLTransportParameters tlsParams = new TSSLTransportFactory.TSSLTransportParameters();
tlsParams.setKeyStore(keystore, keystorePWD);
serverTransport = TSSLTransportFactory.getServerSocket(serverPort, 10000, InetAddress.getByName(serverHost), tlsParams);
} else {
if (serverHost == null) {
serverTransport = new TServerSocket(serverPort);
} else {
InetSocketAddress inetSocketAddress = new InetSocketAddress(serverHost, serverPort);
serverTransport = new TServerSocket(inetSocketAddress);
}
}
TThreadPoolServer.Args options = new TThreadPoolServer.Args(serverTransport);
options.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_MIN_THREADS, "50"));
server = new TThreadPoolServer(options.processor(airavataAPIServer));
new Thread() {
public void run() {
server.serve();
setStatus(ServerStatus.STOPPED);
logger.info("Airavata API Server Stopped.");
}
}.start();
new Thread() {
public void run() {
while (!server.isServing()) {
try {
Thread.sleep(500);
} catch (InterruptedException e) {
break;
}
}
if (server.isServing()) {
setStatus(ServerStatus.STARTED);
logger.info("Starting Airavata API Server on Port " + serverPort);
logger.info("Listening to Airavata Clients ....");
}
}
}.start();
logger.info("Started API Server ....");
} else {
/**
********start thrift server over TLS*****************
*/
TSSLTransportFactory.TSSLTransportParameters TLSParams = new TSSLTransportFactory.TSSLTransportParameters();
TLSParams.setKeyStore(ServerSettings.getKeyStorePath(), ServerSettings.getKeyStorePassword());
TServerSocket TLSServerTransport = TSSLTransportFactory.getServerSocket(ServerSettings.getTLSServerPort(), ServerSettings.getTLSClientTimeout(), InetAddress.getByName(serverHost), TLSParams);
TThreadPoolServer.Args settings = new TThreadPoolServer.Args(TLSServerTransport);
settings.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_MIN_THREADS, "50"));
TLSServer = new TThreadPoolServer(settings.processor(airavataAPIServer));
new Thread() {
public void run() {
TLSServer.serve();
setStatus(ServerStatus.STOPPED);
logger.info("Airavata API Server over TLS Stopped.");
}
}.start();
new Thread() {
public void run() {
while (!TLSServer.isServing()) {
try {
Thread.sleep(500);
} catch (InterruptedException e) {
break;
}
}
if (TLSServer.isServing()) {
setStatus(ServerStatus.STARTED);
}
}
}.start();
logger.info("API server started over TLS on Port: " + ServerSettings.getTLSServerPort() + " ...");
}
/*perform any security related initialization at the server startup, according to the underlying security
manager implementation being used.*/
AiravataSecurityManager securityManager = SecurityManagerFactory.getSecurityManager();
securityManager.initializeSecurityInfra();
} catch (TTransportException e) {
logger.error(e.getMessage(), e);
setStatus(ServerStatus.FAILED);
logger.error("Failed to start API server ...");
throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
} catch (ApplicationSettingsException e) {
logger.error(e.getMessage(), e);
throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
} catch (UnknownHostException e) {
logger.error(e.getMessage(), e);
throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
} catch (AiravataSecurityException e) {
logger.error(e.getMessage(), e);
throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
}
}
Also used :
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
UnknownHostException(java.net.UnknownHostException)
InetSocketAddress(java.net.InetSocketAddress)
AiravataSecurityManager(org.apache.airavata.service.security.AiravataSecurityManager)
TTransportException(org.apache.thrift.transport.TTransportException)
TSSLTransportFactory(org.apache.thrift.transport.TSSLTransportFactory)
TServerTransport(org.apache.thrift.transport.TServerTransport)
TServerSocket(org.apache.thrift.transport.TServerSocket)
AiravataSystemException(org.apache.airavata.model.error.AiravataSystemException)
TThreadPoolServer(org.apache.thrift.server.TThreadPoolServer)
AiravataSecurityException(org.apache.airavata.security.AiravataSecurityException)
Example 2 with AiravataSecurityException
use of org.apache.airavata.security.AiravataSecurityException in project airavata by apache.
the class TrustStoreManager method initializeTrustStoreManager.
public SSLContext initializeTrustStoreManager(String trustStorePath, String trustStorePassword) throws AiravataSecurityException {
try {
// load and initialize the trust store
InputStream trustStream = new FileInputStream(new File(trustStorePath));
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
char[] trustPassword = trustStorePassword.toCharArray();
trustStore.load(trustStream, trustPassword);
// initialize a trust manager factory
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
// get the trust managers from the factory
TrustManager[] trustManagers = trustFactory.getTrustManagers();
// initialize an ssl context to use these managers and set as default
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
SSLContext.setDefault(sslContext);
return sslContext;
} catch (CertificateException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in initializing the trust store.");
} catch (NoSuchAlgorithmException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in initializing the trust store.");
} catch (KeyStoreException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in initializing the trust store.");
} catch (KeyManagementException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in initializing the trust store.");
} catch (FileNotFoundException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in initializing the trust store.");
} catch (IOException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in initializing the trust store.");
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
AiravataSecurityException(org.apache.airavata.security.AiravataSecurityException)
Example 3 with AiravataSecurityException
use of org.apache.airavata.security.AiravataSecurityException in project airavata by apache.
the class DefaultOAuthClient method validateAccessToken.
/**
* Validates the OAuth 2.0 access token
*
* @param accessToken
* @return
* @throws Exception
*/
public OAuth2TokenValidationResponseDTO validateAccessToken(String accessToken) throws AiravataSecurityException {
try {
OAuth2TokenValidationRequestDTO oauthReq = new OAuth2TokenValidationRequestDTO();
OAuth2TokenValidationRequestDTO_OAuth2AccessToken token = new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
token.setIdentifier(accessToken);
token.setTokenType(BEARER_TOKEN_TYPE);
oauthReq.setAccessToken(token);
return stub.validate(oauthReq);
} catch (RemoteException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in validating the OAuth access token.");
}
}
Also used :
OAuth2TokenValidationRequestDTO_OAuth2AccessToken(org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken)
RemoteException(java.rmi.RemoteException)
AiravataSecurityException(org.apache.airavata.security.AiravataSecurityException)
OAuth2TokenValidationRequestDTO(org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO)
Example 4 with AiravataSecurityException
use of org.apache.airavata.security.AiravataSecurityException in project airavata by apache.
the class DefaultXACMLPEP method getAuthorizationDecision.
/**
* Send the XACML authorization request to XAML PDP and return the authorization decision.
*
* @param authzToken
* @param metaData
* @return
*/
public boolean getAuthorizationDecision(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException {
String decision;
try {
String subject = authzToken.getClaimsMap().get(Constants.USER_NAME);
// FIXME hacky way to fix OpenID -> CILogon issue in WSO2 IS
if (subject.startsWith("http://")) {
subject = subject.substring(6);
}
String action = "/airavata/" + metaData.get(Constants.API_METHOD_NAME);
String decisionString = entitlementServiceStub.getDecisionByAttributes(subject, null, action, null);
// parse the XML decision string and obtain the decision
decision = parseDecisionString(decisionString);
if (Constants.PERMIT.equals(decision)) {
return true;
} else {
logger.error("Authorization decision is: " + decision);
return false;
}
} catch (RemoteException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in authorizing the user.");
} catch (EntitlementServiceException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in authorizing the user.");
}
}
Also used :
EntitlementServiceException(org.wso2.carbon.identity.entitlement.stub.EntitlementServiceException)
RemoteException(java.rmi.RemoteException)
AiravataSecurityException(org.apache.airavata.security.AiravataSecurityException)
Example 5 with AiravataSecurityException
use of org.apache.airavata.security.AiravataSecurityException in project airavata by apache.
the class DefaultXACMLPEP method parseDecisionString.
/**
* This parses the XML based authorization response by the PDP and returns the decision string.
*
* @param decisionString
* @return
* @throws AiravataSecurityException
*/
private String parseDecisionString(String decisionString) throws AiravataSecurityException {
try {
DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
InputStream inputStream = new ByteArrayInputStream(decisionString.getBytes("UTF-8"));
Document doc = docBuilderFactory.newDocumentBuilder().parse(inputStream);
Node resultNode = doc.getDocumentElement().getFirstChild();
Node decisionNode = resultNode.getFirstChild();
String decision = decisionNode.getTextContent();
return decision;
} catch (ParserConfigurationException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in parsing XACML authorization response.");
} catch (UnsupportedEncodingException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in parsing XACML authorization response.");
} catch (SAXException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in parsing XACML authorization response.");
} catch (IOException e) {
logger.error("Error in parsing XACML authorization response.");
throw new AiravataSecurityException("Error in parsing XACML authorization response.");
}
}
Also used :
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
Node(org.w3c.dom.Node)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
IOException(java.io.IOException)
Document(org.w3c.dom.Document)
AiravataSecurityException(org.apache.airavata.security.AiravataSecurityException)
SAXException(org.xml.sax.SAXException)
Aggregations
AiravataSecurityException (org.apache.airavata.security.AiravataSecurityException)16
ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)8
TrustStoreManager (org.apache.airavata.security.util.TrustStoreManager)5
TException (org.apache.thrift.TException)5
RegistryServiceException (org.apache.airavata.registry.api.exception.RegistryServiceException)4
RemoteException (java.rmi.RemoteException)3
GatewayResourceProfile (org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile)3
AxisFault (org.apache.axis2.AxisFault)3
ConfigurationContext (org.apache.axis2.context.ConfigurationContext)3
IOException (java.io.IOException)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
SSLContext (javax.net.ssl.SSLContext)2
CredentialStoreService (org.apache.airavata.credential.store.cpi.CredentialStoreService)2
CredentialStoreException (org.apache.airavata.credential.store.exception.CredentialStoreException)2
PasswordCredential (org.apache.airavata.model.credential.store.PasswordCredential)2
AiravataSecurityManager (org.apache.airavata.service.security.AiravataSecurityManager)2
BufferedReader (java.io.BufferedReader)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
InputStream (java.io.InputStream)1
InputStreamReader (java.io.InputStreamReader)1
