use of org.apache.airavata.service.security.xacml.DefaultPAPClient in project airavata by apache.
the class DefaultAiravataSecurityManager method initializeSecurityInfra.
@Override
public void initializeSecurityInfra() throws AiravataSecurityException {
/* in the default security manager, this method checks if the xacml authorization policy is published,
* and if not, publish the policy to the PDP (of WSO2 Identity Server)
*/
try {
if (ServerSettings.isAPISecured()) {
ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
// initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server.
TrustStoreManager trustStoreManager = new TrustStoreManager();
trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), ServerSettings.getTrustStorePassword());
List<GatewayResourceProfile> gwProfiles = getRegistryServiceClient().getAllGatewayResourceProfiles();
// read the policy as a string
BufferedReader bufferedReader = new BufferedReader(new FileReader(new File(ServerSettings.getAuthorizationPoliyName() + ".xml")));
String line;
StringBuilder stringBuilder = new StringBuilder();
while ((line = bufferedReader.readLine()) != null) {
stringBuilder.append(line);
}
String defaultXACMLPolicy = stringBuilder.toString();
CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
for (GatewayResourceProfile gwrp : gwProfiles) {
if (gwrp.getIdentityServerPwdCredToken() != null && gwrp.getIdentityServerTenant() != null) {
PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
String username = credential.getLoginUserName();
if (gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
username = username + "@" + gwrp.getIdentityServerTenant();
String password = credential.getPassword();
DefaultPAPClient PAPClient = new DefaultPAPClient(ServerSettings.getRemoteAuthzServerUrl(), username, password, configContext);
boolean policyAdded = PAPClient.isPolicyAdded(ServerSettings.getAuthorizationPoliyName());
if (policyAdded) {
logger.debug("Authorization policy is already added in the authorization server.");
} else {
// publish the policy and enable it in a separate thread
PAPClient.addPolicy(defaultXACMLPolicy);
logger.debug("Authorization policy is published in the authorization server.");
}
} else {
logger.warn("Identity Server configuration missing for gateway : " + gwrp.getGatewayID());
}
}
}
} catch (AxisFault axisFault) {
logger.error(axisFault.getMessage(), axisFault);
throw new AiravataSecurityException("Error in initializing the configuration context for creating the " + "PAP client.");
} catch (ApplicationSettingsException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in reading configuration when creating the PAP client.");
} catch (FileNotFoundException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in reading authorization policy.");
} catch (IOException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in reading the authorization policy.");
} catch (RegistryServiceException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in reading the Gateway Profiles from App Catalog.");
} catch (TException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in connecting to Credential Store Service.");
}
}
Aggregations