Search in sources :

Example 1 with DefaultPAPClient

use of org.apache.airavata.service.security.xacml.DefaultPAPClient in project airavata by apache.

the class DefaultAiravataSecurityManager method initializeSecurityInfra.

@Override
public void initializeSecurityInfra() throws AiravataSecurityException {
    /* in the default security manager, this method checks if the xacml authorization policy is published,
         * and if not, publish the policy to the PDP (of WSO2 Identity Server)
         */
    try {
        if (ServerSettings.isAPISecured()) {
            ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
            // initialize SSL context with the trust store that contains the public cert of WSO2 Identity Server.
            TrustStoreManager trustStoreManager = new TrustStoreManager();
            trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), ServerSettings.getTrustStorePassword());
            List<GatewayResourceProfile> gwProfiles = getRegistryServiceClient().getAllGatewayResourceProfiles();
            // read the policy as a string
            BufferedReader bufferedReader = new BufferedReader(new FileReader(new File(ServerSettings.getAuthorizationPoliyName() + ".xml")));
            String line;
            StringBuilder stringBuilder = new StringBuilder();
            while ((line = bufferedReader.readLine()) != null) {
                stringBuilder.append(line);
            }
            String defaultXACMLPolicy = stringBuilder.toString();
            CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
            for (GatewayResourceProfile gwrp : gwProfiles) {
                if (gwrp.getIdentityServerPwdCredToken() != null && gwrp.getIdentityServerTenant() != null) {
                    PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
                    String username = credential.getLoginUserName();
                    if (gwrp.getIdentityServerTenant() != null && !gwrp.getIdentityServerTenant().isEmpty())
                        username = username + "@" + gwrp.getIdentityServerTenant();
                    String password = credential.getPassword();
                    DefaultPAPClient PAPClient = new DefaultPAPClient(ServerSettings.getRemoteAuthzServerUrl(), username, password, configContext);
                    boolean policyAdded = PAPClient.isPolicyAdded(ServerSettings.getAuthorizationPoliyName());
                    if (policyAdded) {
                        logger.debug("Authorization policy is already added in the authorization server.");
                    } else {
                        // publish the policy and enable it in a separate thread
                        PAPClient.addPolicy(defaultXACMLPolicy);
                        logger.debug("Authorization policy is published in the authorization server.");
                    }
                } else {
                    logger.warn("Identity Server configuration missing for gateway : " + gwrp.getGatewayID());
                }
            }
        }
    } catch (AxisFault axisFault) {
        logger.error(axisFault.getMessage(), axisFault);
        throw new AiravataSecurityException("Error in initializing the configuration context for creating the " + "PAP client.");
    } catch (ApplicationSettingsException e) {
        logger.error(e.getMessage(), e);
        throw new AiravataSecurityException("Error in reading configuration when creating the PAP client.");
    } catch (FileNotFoundException e) {
        logger.error(e.getMessage(), e);
        throw new AiravataSecurityException("Error in reading authorization policy.");
    } catch (IOException e) {
        logger.error(e.getMessage(), e);
        throw new AiravataSecurityException("Error in reading the authorization policy.");
    } catch (RegistryServiceException e) {
        logger.error(e.getMessage(), e);
        throw new AiravataSecurityException("Error in reading the Gateway Profiles from App Catalog.");
    } catch (TException e) {
        logger.error(e.getMessage(), e);
        throw new AiravataSecurityException("Error in connecting to Credential Store Service.");
    }
}
Also used : AxisFault(org.apache.axis2.AxisFault) TException(org.apache.thrift.TException) ConfigurationContext(org.apache.axis2.context.ConfigurationContext) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) GatewayResourceProfile(org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile) RegistryServiceException(org.apache.airavata.registry.api.exception.RegistryServiceException) PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential) DefaultPAPClient(org.apache.airavata.service.security.xacml.DefaultPAPClient) TrustStoreManager(org.apache.airavata.security.util.TrustStoreManager) AiravataSecurityException(org.apache.airavata.security.AiravataSecurityException) CredentialStoreService(org.apache.airavata.credential.store.cpi.CredentialStoreService)

Aggregations

ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)1 CredentialStoreService (org.apache.airavata.credential.store.cpi.CredentialStoreService)1 GatewayResourceProfile (org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile)1 PasswordCredential (org.apache.airavata.model.credential.store.PasswordCredential)1 RegistryServiceException (org.apache.airavata.registry.api.exception.RegistryServiceException)1 AiravataSecurityException (org.apache.airavata.security.AiravataSecurityException)1 TrustStoreManager (org.apache.airavata.security.util.TrustStoreManager)1 DefaultPAPClient (org.apache.airavata.service.security.xacml.DefaultPAPClient)1 AxisFault (org.apache.axis2.AxisFault)1 ConfigurationContext (org.apache.axis2.context.ConfigurationContext)1 TException (org.apache.thrift.TException)1