Examples with SecurityCheck org.apache.airavata.service.security.interceptor.SecurityCheck used on opensource projects

Search in sources :

Example 31 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class AiravataServerHandler method getExperimentsInProject.

/**
 * Get Experiments within project with pagination. Results will be sorted
 * based on creation time DESC
 *
 * @param projectId
 *       Identifier of the project
 * @param limit
 *       Amount of results to be fetched
 * @param offset
 *       The starting point of the results to be fetched
 */
@Override
@SecurityCheck
public List<ExperimentModel> getExperimentsInProject(AuthzToken authzToken, String projectId, int limit, int offset) throws InvalidRequestException, AiravataClientException, AiravataSystemException, ProjectNotFoundException, AuthorizationException, TException {
    RegistryService.Client regClient = registryClientPool.getResource();
    SharingRegistryService.Client sharingClient = sharingClientPool.getResource();
    try {
        Project project = regClient.getProject(projectId);
        if (ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(project.getOwner()) || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(project.getGatewayId())) {
            try {
                String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
                String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
                if (!sharingClient.userHasAccess(gatewayId, userId + "@" + gatewayId, projectId, gatewayId + ":READ")) {
                    throw new AuthorizationException("User does not have permission to access this resource");
                }
            } catch (Exception e) {
                throw new AuthorizationException("User does not have permission to access this resource");
            }
        }
        List<ExperimentModel> result = regClient.getExperimentsInProject(projectId, limit, offset);
        registryClientPool.returnResource(regClient);
        sharingClientPool.returnResource(sharingClient);
        return result;
    } catch (Exception e) {
        logger.error("Error while retrieving the experiments", e);
        AiravataSystemException exception = new AiravataSystemException();
        exception.setAiravataErrorType(AiravataErrorType.INTERNAL_ERROR);
        exception.setMessage("Error while retrieving the experiments. More info : " + e.getMessage());
        registryClientPool.returnBrokenResource(regClient);
        sharingClientPool.returnBrokenResource(sharingClient);
        throw exception;
    }
}
Also used : Project(org.apache.airavata.model.workspace.Project) SharingRegistryService(org.apache.airavata.sharing.registry.service.cpi.SharingRegistryService) RegistryService(org.apache.airavata.registry.api.RegistryService) SharingRegistryService(org.apache.airavata.sharing.registry.service.cpi.SharingRegistryService) RegistryServiceException(org.apache.airavata.registry.api.exception.RegistryServiceException) CredentialStoreException(org.apache.airavata.credential.store.exception.CredentialStoreException) AiravataException(org.apache.airavata.common.exception.AiravataException) TException(org.apache.thrift.TException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 32 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method getUsersWithRole.

@Override
@SecurityCheck
public List<UserProfile> getUsersWithRole(AuthzToken authzToken, String roleName) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        return keycloakclient.getUsersWithRole(isRealmAdminCredentials, gatewayId, roleName);
    } catch (Exception ex) {
        String msg = "Error while retrieving users with role, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) TException(org.apache.thrift.TException) AuthorizationException(org.apache.airavata.model.error.AuthorizationException) RegistryServiceException(org.apache.airavata.registry.api.exception.RegistryServiceException) CredentialStoreException(org.apache.airavata.credential.store.exception.CredentialStoreException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 33 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method enableUser.

@Override
@SecurityCheck
public boolean enableUser(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        if (keycloakclient.enableUserAccount(isRealmAdminCredentials, gatewayId, username))
            return true;
        else
            return false;
    } catch (TException | ApplicationSettingsException ex) {
        String msg = "Error while enabling user account, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) TException(org.apache.thrift.TException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 34 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method addRoleToUser.

@Override
@SecurityCheck
public boolean addRoleToUser(AuthzToken authzToken, String username, String roleName) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        return keycloakclient.addRoleToUser(isRealmAdminCredentials, gatewayId, username, roleName);
    } catch (TException | ApplicationSettingsException ex) {
        String msg = "Error while adding role to user, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) TException(org.apache.thrift.TException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 35 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method resetUserPassword.

@Override
@SecurityCheck
public boolean resetUserPassword(AuthzToken authzToken, String username, String newPassword) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        if (keycloakclient.resetUserPassword(isRealmAdminCredentials, gatewayId, username, newPassword))
            return true;
        else
            return false;
    } catch (TException | ApplicationSettingsException ex) {
        String msg = "Error while resetting user password in Identity Server, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) TException(org.apache.thrift.TException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Aggregations

SecurityCheck (org.apache.airavata.service.security.interceptor.SecurityCheck)40 ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)39 TException (org.apache.thrift.TException)38 CredentialStoreException (org.apache.airavata.credential.store.exception.CredentialStoreException)28 RegistryServiceException (org.apache.airavata.registry.api.exception.RegistryServiceException)25 AiravataException (org.apache.airavata.common.exception.AiravataException)24 SharingRegistryService (org.apache.airavata.sharing.registry.service.cpi.SharingRegistryService)23 RegistryService (org.apache.airavata.registry.api.RegistryService)22 IamAdminServicesException (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)12 PasswordCredential (org.apache.airavata.model.credential.store.PasswordCredential)9 TenantManagementKeycloakImpl (org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl)9 AuthorizationException (org.apache.airavata.model.error.AuthorizationException)7 Gateway (org.apache.airavata.model.workspace.Gateway)4 Project (org.apache.airavata.model.workspace.Project)4 UserComputeResourcePreference (org.apache.airavata.model.appcatalog.userresourceprofile.UserComputeResourcePreference)3 TenantProfileServiceException (org.apache.airavata.service.profile.tenant.cpi.exception.TenantProfileServiceException)3 UserProfileServiceException (org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException)3 CredentialStoreService (org.apache.airavata.credential.store.cpi.CredentialStoreService)2 ApplicationInterfaceDescription (org.apache.airavata.model.appcatalog.appinterface.ApplicationInterfaceDescription)2 UserStoragePreference (org.apache.airavata.model.appcatalog.userresourceprofile.UserStoragePreference)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial