use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.
the class IamAdminServicesHandler method findUsers.
@Override
@SecurityCheck
public List<UserProfile> findUsers(AuthzToken authzToken, String email, String userId) throws IamAdminServicesException, AuthorizationException, TException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
try {
PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
return keycloakclient.findUser(isRealmAdminCredentials, gatewayId, email, userId);
} catch (TException | ApplicationSettingsException ex) {
String msg = "Error while retrieving users from Identity Server, reason: " + ex.getMessage();
logger.error(msg, ex);
throw new IamAdminServicesException(msg);
}
}
use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.
the class IamAdminServicesHandler method removeRoleFromUser.
@Override
@SecurityCheck
public boolean removeRoleFromUser(AuthzToken authzToken, String username, String roleName) throws IamAdminServicesException, AuthorizationException, TException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
try {
PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
return keycloakclient.removeRoleFromUser(isRealmAdminCredentials, gatewayId, username, roleName);
} catch (TException | ApplicationSettingsException ex) {
String msg = "Error while removing role from user, reason: " + ex.getMessage();
logger.error(msg, ex);
throw new IamAdminServicesException(msg);
}
}
use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.
the class TenantProfileServiceHandler method deleteGateway.
@Override
@SecurityCheck
public boolean deleteGateway(AuthzToken authzToken, String airavataInternalGatewayId, String gatewayId) throws TenantProfileServiceException, AuthorizationException, TException {
try {
logger.debug("Deleting Airavata gateway-profile with ID: " + gatewayId + "Internal ID: " + airavataInternalGatewayId);
boolean deleteSuccess = tenantProfileRepository.delete(airavataInternalGatewayId);
if (deleteSuccess) {
// delete tenant at end-places
ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.TENANT, CrudType.DELETE, // approvalstatus is not used for delete, hence set dummy value
new Gateway(gatewayId, GatewayApprovalStatus.DEACTIVATED)), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
}
return deleteSuccess;
} catch (Exception ex) {
logger.error("Error deleting gateway-profile, reason: " + ex.getMessage(), ex);
TenantProfileServiceException exception = new TenantProfileServiceException();
exception.setMessage("Error deleting gateway-profile, reason: " + ex.getMessage());
throw exception;
}
}
use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.
the class TenantProfileServiceHandler method addGateway.
@Override
@SecurityCheck
public String addGateway(AuthzToken authzToken, Gateway gateway) throws TenantProfileServiceException, AuthorizationException, TException {
try {
// Assign UUID to gateway
gateway.setAiravataInternalGatewayId(UUID.randomUUID().toString());
if (!checkDuplicateGateway(gateway)) {
// If admin password, copy it in the credential store under the requested gateway's gatewayId
if (gateway.getIdentityServerPasswordToken() != null) {
copyAdminPasswordToGateway(authzToken, gateway);
}
gateway = tenantProfileRepository.create(gateway);
if (gateway != null) {
logger.info("Added Airavata Gateway with Id: " + gateway.getGatewayId());
// replicate tenant at end-places only if status is APPROVED
if (gateway.getGatewayApprovalStatus().equals(GatewayApprovalStatus.APPROVED)) {
logger.info("Gateway with ID: {}, is now APPROVED, replicating to subscribers.", gateway.getGatewayId());
ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.TENANT, CrudType.CREATE, gateway), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
}
// return internal id
return gateway.getAiravataInternalGatewayId();
} else {
throw new Exception("Gateway object is null.");
}
} else {
throw new TenantProfileServiceException("An approved Gateway already exists with the same GatewayId, Name or URL");
}
} catch (Exception ex) {
logger.error("Error adding gateway-profile, reason: " + ex.getMessage(), ex);
TenantProfileServiceException exception = new TenantProfileServiceException();
exception.setMessage("Error adding gateway-profile, reason: " + ex.getMessage());
throw exception;
}
}
use of org.apache.airavata.service.security.interceptor.SecurityCheck in project airavata by apache.
the class UserProfileServiceHandler method addUserProfile.
@Override
@SecurityCheck
public String addUserProfile(AuthzToken authzToken, UserProfile userProfile) throws UserProfileServiceException, AuthorizationException, TException {
try {
// Lowercase user id and internal id
userProfile.setUserId(userProfile.getUserId().toLowerCase());
userProfile.setAiravataInternalUserId(userProfile.getUserId() + "@" + userProfile.getGatewayId());
userProfile = userProfileRepository.updateUserProfile(userProfile, getIAMUserProfileUpdater(authzToken, userProfile));
if (null != userProfile) {
logger.info("Added UserProfile with userId: " + userProfile.getUserId());
// replicate userProfile at end-places
ProfileServiceUtils.getDbEventPublisher().publish(ProfileServiceUtils.getDBEventMessageContext(EntityType.USER_PROFILE, CrudType.CREATE, userProfile), DBEventManagerConstants.getRoutingKey(DBEventService.DB_EVENT.toString()));
// return userId
return userProfile.getUserId();
} else {
throw new Exception("User creation failed. Please try again.");
}
} catch (Exception e) {
logger.error("Error while creating user profile", e);
UserProfileServiceException exception = new UserProfileServiceException();
exception.setMessage("Error while creating user profile. More info : " + e.getMessage());
throw exception;
}
}
Aggregations