Examples with SecurityCheck org.apache.airavata.service.security.interceptor.SecurityCheck used on opensource projects

Example 36 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method findUsers.

@Override
@SecurityCheck
public List<UserProfile> findUsers(AuthzToken authzToken, String email, String userId) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        return keycloakclient.findUser(isRealmAdminCredentials, gatewayId, email, userId);
    } catch (TException | ApplicationSettingsException ex) {
        String msg = "Error while retrieving users from Identity Server, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}

Example 37 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class IamAdminServicesHandler method removeRoleFromUser.

@Override
@SecurityCheck
public boolean removeRoleFromUser(AuthzToken authzToken, String username, String roleName) throws IamAdminServicesException, AuthorizationException, TException {
    TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
    try {
        PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
        return keycloakclient.removeRoleFromUser(isRealmAdminCredentials, gatewayId, username, roleName);
    } catch (TException | ApplicationSettingsException ex) {
        String msg = "Error while removing role from user, reason: " + ex.getMessage();
        logger.error(msg, ex);
        throw new IamAdminServicesException(msg);
    }
}

Example 38 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class TenantProfileServiceHandler method deleteGateway.

@Override
@SecurityCheck
public boolean deleteGateway(AuthzToken authzToken, String airavataInternalGatewayId, String gatewayId) throws TenantProfileServiceException, AuthorizationException, TException {
    try {
        logger.debug("Deleting Airavata gateway-profile with ID: " + gatewayId + "Internal ID: " + airavataInternalGatewayId);
        boolean deleteSuccess = tenantProfileRepository.delete(airavataInternalGatewayId);
        if (deleteSuccess) {
            // delete tenant at end-places
            ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.TENANT, CrudType.DELETE, // approvalstatus is not used for delete, hence set dummy value
            new Gateway(gatewayId, GatewayApprovalStatus.DEACTIVATED)), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
        }
        return deleteSuccess;
    } catch (Exception ex) {
        logger.error("Error deleting gateway-profile, reason: " + ex.getMessage(), ex);
        TenantProfileServiceException exception = new TenantProfileServiceException();
        exception.setMessage("Error deleting gateway-profile, reason: " + ex.getMessage());
        throw exception;
    }
}

Example 39 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class TenantProfileServiceHandler method addGateway.

@Override
@SecurityCheck
public String addGateway(AuthzToken authzToken, Gateway gateway) throws TenantProfileServiceException, AuthorizationException, TException {
    try {
        // Assign UUID to gateway
        gateway.setAiravataInternalGatewayId(UUID.randomUUID().toString());
        if (!checkDuplicateGateway(gateway)) {
            // If admin password, copy it in the credential store under the requested gateway's gatewayId
            if (gateway.getIdentityServerPasswordToken() != null) {
                copyAdminPasswordToGateway(authzToken, gateway);
            }
            gateway = tenantProfileRepository.create(gateway);
            if (gateway != null) {
                logger.info("Added Airavata Gateway with Id: " + gateway.getGatewayId());
                // replicate tenant at end-places only if status is APPROVED
                if (gateway.getGatewayApprovalStatus().equals(GatewayApprovalStatus.APPROVED)) {
                    logger.info("Gateway with ID: {}, is now APPROVED, replicating to subscribers.", gateway.getGatewayId());
                    ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.TENANT, CrudType.CREATE, gateway), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
                }
                // return internal id
                return gateway.getAiravataInternalGatewayId();
            } else {
                throw new Exception("Gateway object is null.");
            }
        } else {
            throw new TenantProfileServiceException("An approved Gateway already exists with the same GatewayId, Name or URL");
        }
    } catch (Exception ex) {
        logger.error("Error adding gateway-profile, reason: " + ex.getMessage(), ex);
        TenantProfileServiceException exception = new TenantProfileServiceException();
        exception.setMessage("Error adding gateway-profile, reason: " + ex.getMessage());
        throw exception;
    }
}

Example 40 with SecurityCheck

use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.

the class UserProfileServiceHandler method addUserProfile.

@Override
@SecurityCheck
public String addUserProfile(AuthzToken authzToken, UserProfile userProfile) throws UserProfileServiceException, AuthorizationException, TException {
    try {
        // Lowercase user id and internal id
        userProfile.setUserId(userProfile.getUserId().toLowerCase());
        userProfile.setAiravataInternalUserId(userProfile.getUserId() + "@" + userProfile.getGatewayId());
        userProfile = userProfileRepository.updateUserProfile(userProfile, getIAMUserProfileUpdater(authzToken, userProfile));
        if (null != userProfile) {
            logger.info("Added UserProfile with userId: " + userProfile.getUserId());
            // replicate userProfile at end-places
            ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.USER_PROFILE, CrudType.CREATE, userProfile), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
            // return userId
            return userProfile.getUserId();
        } else {
            throw new Exception("User creation failed. Please try again.");
        }
    } catch (Exception e) {
        logger.error("Error while creating user profile", e);
        UserProfileServiceException exception = new UserProfileServiceException();
        exception.setMessage("Error while creating user profile. More info : " + e.getMessage());
        throw exception;
    }
}