Search in sources :

Example 36 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method findUsers.

@Override
@SecurityCheck
public List<UserProfile> findUsers(AuthzToken authzToken, String email, String userId) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        return keycloakclient.findUser(isRealmAdminCredentials, gatewayId, email, userId);
    } catch (TException | ApplicationSettingsException ex) {
        String msg = "Error while retrieving users from Identity Server, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) TException(org.apache.thrift.TException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 37 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method removeRoleFromUser.

@Override
@SecurityCheck
public boolean removeRoleFromUser(AuthzToken authzToken, String username, String roleName) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        return keycloakclient.removeRoleFromUser(isRealmAdminCredentials, gatewayId, username, roleName);
    } catch (TException | ApplicationSettingsException ex) {
        String msg = "Error while removing role from user, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}
Also used : TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl) TException(org.apache.thrift.TException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 38 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class TenantProfileServiceHandler method deleteGateway.

@Override
@SecurityCheck
public boolean deleteGateway(AuthzToken authzToken, String airavataInternalGatewayId, String gatewayId) throws TenantProfileServiceException, AuthorizationException, TException {
    try {
        logger.debug("Deleting Airavata gateway-profile with ID: " + gatewayId + "Internal ID: " + airavataInternalGatewayId);
        boolean deleteSuccess = tenantProfileRepository.delete(airavataInternalGatewayId);
        if (deleteSuccess) {
            // delete tenant at end-places
            ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.TENANT, CrudType.DELETE, // approvalstatus is not used for delete, hence set dummy value
            new Gateway(gatewayId, GatewayApprovalStatus.DEACTIVATED)), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
        }
        return deleteSuccess;
    } catch (Exception ex) {
        logger.error("Error deleting gateway-profile, reason: " + ex.getMessage(), ex);
        TenantProfileServiceException exception = new TenantProfileServiceException();
        exception.setMessage("Error deleting gateway-profile, reason: " + ex.getMessage());
        throw exception;
    }
}
Also used : TenantProfileServiceException(org.apache.airavata.service.profile.tenant.cpi.exception.TenantProfileServiceException) Gateway(org.apache.airavata.model.workspace.Gateway) CredentialStoreException(org.apache.airavata.credential.store.exception.CredentialStoreException) TenantProfileServiceException(org.apache.airavata.service.profile.tenant.cpi.exception.TenantProfileServiceException) TException(org.apache.thrift.TException) AuthorizationException(org.apache.airavata.model.error.AuthorizationException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 39 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class TenantProfileServiceHandler method addGateway.

@Override
@SecurityCheck
public String addGateway(AuthzToken authzToken, Gateway gateway) throws TenantProfileServiceException, AuthorizationException, TException {
    try {
        // Assign UUID to gateway
        gateway.setAiravataInternalGatewayId(UUID.randomUUID().toString());
        if (!checkDuplicateGateway(gateway)) {
            // If admin password, copy it in the credential store under the requested gateway's gatewayId
            if (gateway.getIdentityServerPasswordToken() != null) {
                copyAdminPasswordToGateway(authzToken, gateway);
            }
            gateway = tenantProfileRepository.create(gateway);
            if (gateway != null) {
                logger.info("Added Airavata Gateway with Id: " + gateway.getGatewayId());
                // replicate tenant at end-places only if status is APPROVED
                if (gateway.getGatewayApprovalStatus().equals(GatewayApprovalStatus.APPROVED)) {
                    logger.info("Gateway with ID: {}, is now APPROVED, replicating to subscribers.", gateway.getGatewayId());
                    ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.TENANT, CrudType.CREATE, gateway), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
                }
                // return internal id
                return gateway.getAiravataInternalGatewayId();
            } else {
                throw new Exception("Gateway object is null.");
            }
        } else {
            throw new TenantProfileServiceException("An approved Gateway already exists with the same GatewayId, Name or URL");
        }
    } catch (Exception ex) {
        logger.error("Error adding gateway-profile, reason: " + ex.getMessage(), ex);
        TenantProfileServiceException exception = new TenantProfileServiceException();
        exception.setMessage("Error adding gateway-profile, reason: " + ex.getMessage());
        throw exception;
    }
}
Also used : TenantProfileServiceException(org.apache.airavata.service.profile.tenant.cpi.exception.TenantProfileServiceException) CredentialStoreException(org.apache.airavata.credential.store.exception.CredentialStoreException) TenantProfileServiceException(org.apache.airavata.service.profile.tenant.cpi.exception.TenantProfileServiceException) TException(org.apache.thrift.TException) AuthorizationException(org.apache.airavata.model.error.AuthorizationException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Example 40 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class UserProfileServiceHandler method addUserProfile.

@Override
@SecurityCheck
public String addUserProfile(AuthzToken authzToken, UserProfile userProfile) throws UserProfileServiceException, AuthorizationException, TException {
    try {
        // Lowercase user id and internal id
        userProfile.setUserId(userProfile.getUserId().toLowerCase());
        userProfile.setAiravataInternalUserId(userProfile.getUserId() + "@" + userProfile.getGatewayId());
        userProfile = userProfileRepository.updateUserProfile(userProfile, getIAMUserProfileUpdater(authzToken, userProfile));
        if (null != userProfile) {
            logger.info("Added UserProfile with userId: " + userProfile.getUserId());
            // replicate userProfile at end-places
            ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.USER_PROFILE, CrudType.CREATE, userProfile), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
            // return userId
            return userProfile.getUserId();
        } else {
            throw new Exception("User creation failed. Please try again.");
        }
    } catch (Exception e) {
        logger.error("Error while creating user profile", e);
        UserProfileServiceException exception = new UserProfileServiceException();
        exception.setMessage("Error while creating user profile. More info : " + e.getMessage());
        throw exception;
    }
}
Also used : UserProfileServiceException(org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException) TException(org.apache.thrift.TException) AuthorizationException(org.apache.airavata.model.error.AuthorizationException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) UserProfileServiceException(org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException) SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)

Aggregations

SecurityCheck (org.apache.airavata.service.security.interceptor.SecurityCheck)40 ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)39 TException (org.apache.thrift.TException)38 CredentialStoreException (org.apache.airavata.credential.store.exception.CredentialStoreException)28 RegistryServiceException (org.apache.airavata.registry.api.exception.RegistryServiceException)25 AiravataException (org.apache.airavata.common.exception.AiravataException)24 SharingRegistryService (org.apache.airavata.sharing.registry.service.cpi.SharingRegistryService)23 RegistryService (org.apache.airavata.registry.api.RegistryService)22 IamAdminServicesException (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)12 PasswordCredential (org.apache.airavata.model.credential.store.PasswordCredential)9 TenantManagementKeycloakImpl (org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl)9 AuthorizationException (org.apache.airavata.model.error.AuthorizationException)7 Gateway (org.apache.airavata.model.workspace.Gateway)4 Project (org.apache.airavata.model.workspace.Project)4 UserComputeResourcePreference (org.apache.airavata.model.appcatalog.userresourceprofile.UserComputeResourcePreference)3 TenantProfileServiceException (org.apache.airavata.service.profile.tenant.cpi.exception.TenantProfileServiceException)3 UserProfileServiceException (org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException)3 CredentialStoreService (org.apache.airavata.credential.store.cpi.CredentialStoreService)2 ApplicationInterfaceDescription (org.apache.airavata.model.appcatalog.appinterface.ApplicationInterfaceDescription)2 UserStoragePreference (org.apache.airavata.model.appcatalog.userresourceprofile.UserStoragePreference)2