Examples with SecurityCheck org.apache.airavata.service.security.interceptor.SecurityCheck used on opensource projects

Example 11 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class AiravataServerHandler method getExperimentStatus.

/**
 * Fetch the previously configured experiment configuration information.
 *
 * @param airavataExperimentId The identifier for the requested experiment. This is returned during the create experiment step.
 * @return This method returns the previously configured experiment configuration data.
 * @throws org.apache.airavata.model.error.InvalidRequestException     For any incorrect forming of the request itself.
 * @throws org.apache.airavata.model.error.ExperimentNotFoundException If the specified experiment is not previously created, then an Experiment Not Found Exception is thrown.
 * @throws org.apache.airavata.model.error.AiravataClientException     The following list of exceptions are thrown which Airavata Client can take corrective actions to resolve:
 *<p/>
 *UNKNOWN_GATEWAY_ID - If a Gateway is not registered with Airavata as a one time administrative
 *step, then Airavata Registry will not have a provenance area setup. The client has to follow
 *gateway registration steps and retry this request.
 *<p/>
 *AUTHENTICATION_FAILURE - How Authentication will be implemented is yet to be determined.
 *For now this is a place holder.
 *<p/>
 *INVALID_AUTHORIZATION - This will throw an authorization exception. When a more robust security hand-shake
 *is implemented, the authorization will be more substantial.
 * @throws org.apache.airavata.model.error.AiravataSystemException     This exception will be thrown for any
 *          Airavata Server side issues and if the problem cannot be corrected by the client
 *         rather an Airavata Administrator will be notified to take corrective action.
 */
@Override
@SecurityCheck
public ExperimentStatus getExperimentStatus(AuthzToken authzToken, String airavataExperimentId) throws TException {
    RegistryService.Client regClient = registryClientPool.getResource();
    try {
        ExperimentStatus result = regClient.getExperimentStatus(airavataExperimentId);
        registryClientPool.returnResource(regClient);
        return result;
    } catch (Exception e) {
        AiravataSystemException exception = new AiravataSystemException();
        exception.setMessage(e.getMessage());
        registryClientPool.returnBrokenResource(regClient);
        throw exception;
    }
}

Example 12 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class AiravataServerHandler method createExperiment.

/**
 * Create an experiment for the specified user belonging to the gateway. The gateway identity is not explicitly passed
 * but inferred from the authentication header. This experiment is just a persistent place holder. The client
 * has to subsequently configure and launch the created experiment. No action is taken on Airavata Server except
 * registering the experiment in a persistent store.
 *
 * @param experiment@return The server-side generated.airavata.registry.core.experiment.globally unique identifier.
 * @throws org.apache.airavata.model.error.InvalidRequestException For any incorrect forming of the request itself.
 * @throws org.apache.airavata.model.error.AiravataClientException The following list of exceptions are thrown which Airavata Client can take corrective actions to resolve:
 *                                                               <p/>
 *                                                               UNKNOWN_GATEWAY_ID - If a Gateway is not registered with Airavata as a one time administrative
 *                                                               step, then Airavata Registry will not have a provenance area setup. The client has to follow
 *                                                               gateway registration steps and retry this request.
 *                                                               <p/>
 *                                                               AUTHENTICATION_FAILURE - How Authentication will be implemented is yet to be determined.
 *                                                               For now this is a place holder.
 *                                                               <p/>
 *                                                               INVALID_AUTHORIZATION - This will throw an authorization exception. When a more robust security hand-shake
 *                                                               is implemented, the authorization will be more substantial.
 * @throws org.apache.airavata.model.error.AiravataSystemException This exception will be thrown for any Airavata Server side issues and if the problem cannot be corrected by the client
 *                                                               rather an Airavata Administrator will be notified to take corrective action.
 */
@Override
@SecurityCheck
public String createExperiment(AuthzToken authzToken, String gatewayId, ExperimentModel experiment) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException {
    RegistryService.Client regClient = registryClientPool.getResource();
    SharingRegistryService.Client sharingClient = sharingClientPool.getResource();
    try {
        String experimentId = regClient.createExperiment(gatewayId, experiment);
        if (ServerSettings.isEnableSharing()) {
            try {
                Entity entity = new Entity();
                entity.setEntityId(experimentId);
                entity.setDomainId(experiment.getGatewayId());
                entity.setEntityTypeId(experiment.getGatewayId() + ":" + "EXPERIMENT");
                entity.setOwnerId(experiment.getUserName() + "@" + experiment.getGatewayId());
                entity.setName(experiment.getExperimentName());
                entity.setDescription(experiment.getDescription());
                entity.setParentEntityId(experiment.getProjectId());
                sharingClient.createEntity(entity);
            } catch (Exception ex) {
                logger.error(ex.getMessage(), ex);
                logger.error("Rolling back experiment creation Exp ID : " + experimentId);
                regClient.deleteExperiment(experimentId);
                AiravataSystemException ase = new AiravataSystemException();
                ase.setMessage("Failed to create sharing registry record");
                throw ase;
            }
        }
        ExperimentStatusChangeEvent event = new ExperimentStatusChangeEvent(ExperimentState.CREATED, experimentId, gatewayId);
        String messageId = AiravataUtils.getId("EXPERIMENT");
        MessageContext messageContext = new MessageContext(event, MessageType.EXPERIMENT, messageId, gatewayId);
        messageContext.setUpdatedTime(AiravataUtils.getCurrentTimestamp());
        if (statusPublisher != null) {
            statusPublisher.publish(messageContext);
        }
        logger.debug(experimentId, "Created new experiment with experiment name {}", experiment.getExperimentName());
        registryClientPool.returnResource(regClient);
        sharingClientPool.returnResource(sharingClient);
        return experimentId;
    } catch (Exception e) {
        logger.error("Error while creating the experiment with experiment name {}", experiment.getExperimentName());
        AiravataSystemException exception = new AiravataSystemException();
        exception.setAiravataErrorType(AiravataErrorType.INTERNAL_ERROR);
        exception.setMessage("Error while creating the experiment. More info : " + e.getMessage());
        registryClientPool.returnBrokenResource(regClient);
        sharingClientPool.returnBrokenResource(sharingClient);
        throw exception;
    }
}

Example 13 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class AiravataServerHandler method getUserStoragePreference.

@Override
@SecurityCheck
public UserStoragePreference getUserStoragePreference(AuthzToken authzToken, String userId, String gatewayID, String userStorageId) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException {
    RegistryService.Client regClient = registryClientPool.getResource();
    try {
        UserStoragePreference result = regClient.getUserStoragePreference(userId, gatewayID, userStorageId);
        registryClientPool.returnResource(regClient);
        return result;
    } catch (Exception e) {
        logger.error(userId, "Error while reading user data storage preference...", e);
        AiravataSystemException exception = new AiravataSystemException();
        exception.setAiravataErrorType(AiravataErrorType.INTERNAL_ERROR);
        exception.setMessage("Error while reading user data storage preference. More info : " + e.getMessage());
        registryClientPool.returnBrokenResource(regClient);
        throw exception;
    }
}

Example 14 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method setUpGateway.

@Override
@SecurityCheck
public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential();
    try {
        keycloakclient.addTenant(isSuperAdminCredentials, gateway);
        // Load the tenant admin password stored in gateway request
        CredentialStoreService.Client credentialStoreClient = getCredentialStoreServiceClient();
        // Admin password token should already be stored under requested gateway's gatewayId
        PasswordCredential tenantAdminPasswordCredential = credentialStoreClient.getPasswordCredential(gateway.getIdentityServerPasswordToken(), gateway.getGatewayId());
        if (!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials, gateway, tenantAdminPasswordCredential.getPassword())) {
            logger.error("Admin account creation failed !!, please refer error logs for reason");
        }
        Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials, gateway);
        return gatewayWithIdAndSecret;
    } catch (TException | ApplicationSettingsException ex) {
        logger.error("Gateway Setup Failed, reason: " + ex.getMessage(), ex);
        IamAdminServicesException iamAdminServicesException = new IamAdminServicesException(ex.getMessage());
        throw iamAdminServicesException;
    }
}

Example 15 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method updateUserProfile.

@Override
@SecurityCheck
public void updateUserProfile(AuthzToken authzToken, UserProfile userDetails) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    try {
        String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
        if (!gatewayId.equals(userDetails.getGatewayId())) {
            throw new IamAdminServicesException("gatewayId in user profile doesn't match authorization token!");
        }
        if (!username.equals(userDetails.getUserId())) {
            throw new IamAdminServicesException("userId in user profile doesn't match authorization token!");
        }
        PasswordCredential credential = getTenantAdminPasswordCredential(gatewayId);
        keycloakclient.updateUserProfile(credential, gatewayId, username, userDetails);
    } catch (ApplicationSettingsException e) {
        throw new IamAdminServicesException("Unable to create service clients. Reason: " + e.getMessage());
    }
}