Search in sources :

Example 1 with Credentials

use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.

the class RMProxyActiveObject method handleCleaningScript.

/**
 * Execute the given script on the given node.
 * Also register a callback on {@link #cleanCallBack(Future, NodeSet)} method when script has returned.
 * @param nodes           the nodeset on which to start the script
 * @param cleaningScript the script to be executed
 * @param variables
 * @param genericInformation
 * @param taskId
 * @param creds credentials with CredData containing third party credentials
 */
private void handleCleaningScript(NodeSet nodes, Script<?> cleaningScript, VariablesMap variables, Map<String, String> genericInformation, TaskId taskId, Credentials creds) {
    TaskLogger instance = TaskLogger.getInstance();
    try {
        this.nodesTaskId.put(nodes, taskId);
        // create a decrypter to access scheduler and retrieve Third Party User Credentials
        String privateKeyPath = PASchedulerProperties.getAbsolutePath(PASchedulerProperties.SCHEDULER_AUTH_PRIVKEY_PATH.getValueAsString());
        Decrypter decrypter = new Decrypter(Credentials.getPrivateKey(privateKeyPath));
        decrypter.setCredentials(creds);
        HashMap<String, Serializable> dictionary = new HashMap<>();
        dictionary.putAll(variables.getScriptMap());
        dictionary.putAll(variables.getInheritedMap());
        dictionary.putAll(variables.getPropagatedVariables());
        dictionary.putAll(variables.getScopeMap());
        // start handler for binding
        ScriptHandler handler = ScriptLoader.createHandler(nodes.get(0));
        VariablesMap resolvedMap = new VariablesMap();
        resolvedMap.setInheritedMap(VariableSubstitutor.resolveVariables(variables.getInheritedMap(), dictionary));
        resolvedMap.setScopeMap(VariableSubstitutor.resolveVariables(variables.getScopeMap(), dictionary));
        handler.addBinding(SchedulerConstants.VARIABLES_BINDING_NAME, (Serializable) resolvedMap);
        handler.addBinding(SchedulerConstants.GENERIC_INFO_BINDING_NAME, (Serializable) genericInformation);
        // retrieve scheduler URL to bind with schedulerapi, globalspaceapi, and userspaceapi
        String schedulerUrl = PASchedulerProperties.SCHEDULER_REST_URL.getValueAsString();
        logger.debug("Binding schedulerapi...");
        SchedulerNodeClient client = new SchedulerNodeClient(decrypter, schedulerUrl);
        handler.addBinding(SchedulerConstants.SCHEDULER_CLIENT_BINDING_NAME, (Serializable) client);
        logger.debug("Binding globalspaceapi...");
        RemoteSpace globalSpaceClient = new DataSpaceNodeClient(client, IDataSpaceClient.Dataspace.GLOBAL, schedulerUrl);
        handler.addBinding(SchedulerConstants.DS_GLOBAL_API_BINDING_NAME, (Serializable) globalSpaceClient);
        logger.debug("Binding userspaceapi...");
        RemoteSpace userSpaceClient = new DataSpaceNodeClient(client, IDataSpaceClient.Dataspace.USER, schedulerUrl);
        handler.addBinding(SchedulerConstants.DS_USER_API_BINDING_NAME, (Serializable) userSpaceClient);
        logger.debug("Binding credentials...");
        Map<String, String> resolvedThirdPartyCredentials = VariableSubstitutor.filterAndUpdate(decrypter.decrypt().getThirdPartyCredentials(), dictionary);
        handler.addBinding(SchedulerConstants.CREDENTIALS_VARIABLE, (Serializable) resolvedThirdPartyCredentials);
        ScriptResult<?> future = handler.handle(cleaningScript);
        try {
            PAEventProgramming.addActionOnFuture(future, "cleanCallBack", nodes);
        } catch (IllegalArgumentException e) {
            // TODO - linked to PROACTIVE-936 -> IllegalArgumentException is raised if method name is unknown
            // should be replaced by checked exception
            instance.error(taskId, "ERROR : Callback method won't be executed, node won't be released. This is a critical state, check the callback method name", e);
        }
        instance.info(taskId, "Cleaning Script started on node " + nodes.get(0).getNodeInformation().getURL());
    } catch (Exception e) {
        // if active object cannot be created or script has failed
        instance.error(taskId, "Error while starting cleaning script for task " + taskId + " on " + nodes.get(0), e);
        releaseNodes(nodes).booleanValue();
    }
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) SchedulerNodeClient(org.ow2.proactive.scheduler.task.client.SchedulerNodeClient) Decrypter(org.ow2.proactive.scheduler.task.utils.Decrypter) LoginException(javax.security.auth.login.LoginException) TaskLogger(org.ow2.proactive.scheduler.util.TaskLogger) RemoteSpace(org.ow2.proactive.scheduler.common.task.dataspaces.RemoteSpace) VariablesMap(org.ow2.proactive.scheduler.task.utils.VariablesMap) DataSpaceNodeClient(org.ow2.proactive.scheduler.task.client.DataSpaceNodeClient) ScriptHandler(org.ow2.proactive.scripting.ScriptHandler)

Example 2 with Credentials

use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.

the class AuthenticationImpl method authenticate.

/**
 * Performs login.
 *
 * @param cred encrypted username and password
 * @return the name of the user logged
 * @throws LoginException if username or password is incorrect.
 */
public Subject authenticate(Credentials cred) throws LoginException {
    if (activated == false) {
        throw new LoginException("Authentication active object is not activated.");
    }
    CredData credentials = null;
    try {
        credentials = cred.decrypt(privateKeyPath);
    } catch (KeyException e) {
        throw new LoginException("Could not decrypt credentials: " + e);
    }
    String username = credentials.getLogin();
    String password = credentials.getPassword();
    if (username == null || username.equals("")) {
        throw new LoginException("Bad user name (user is null or empty)");
    }
    try {
        // Verify that this user//password can connect to this existing scheduler
        getLogger().info(username + " is trying to connect");
        Map<String, Object> params = new HashMap<>(4);
        // user name to check
        params.put("username", username);
        // password to check
        params.put("pw", password);
        // Load LoginContext according to login method defined in jaas.config
        LoginContext lc = new LoginContext(getLoginMethod(), new NoCallbackHandler(params));
        lc.login();
        getLogger().info("User " + username + " logged successfully");
        return lc.getSubject();
    } catch (LoginException e) {
        getLogger().info(e.getMessage());
        // user about the reason of non authentication
        throw new LoginException("Authentication failed");
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) HashMap(java.util.HashMap) CredData(org.ow2.proactive.authentication.crypto.CredData) LoginException(javax.security.auth.login.LoginException) PAActiveObject(org.objectweb.proactive.api.PAActiveObject) KeyException(java.security.KeyException)

Example 3 with Credentials

use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.

the class RMNodeStarter method getDefaultCredentials.

private Credentials getDefaultCredentials() {
    try {
        return Credentials.getCredentials();
    } catch (KeyException fromDiskKeyException) {
        try {
            Credentials credentialsFromRMHome = Credentials.getCredentials(new File(PAResourceManagerProperties.RM_HOME.getValueAsStringOrNull(), CONFIG_RM_CRED_PATH_RELATIVE).getAbsolutePath());
            logger.info("Using default credentials from ProActive home, authenticating as user rm");
            return credentialsFromRMHome;
        } catch (KeyException fromRMHomeKeyException) {
            try {
                Credentials credentialsFromJar = Credentials.getCredentials(RMNodeStarter.class.getResourceAsStream("/" + CONFIG_RM_CRED_PATH_RELATIVE));
                logger.info("Using default credentials from ProActive jars, authenticating as user rm");
                return credentialsFromJar;
            } catch (Exception fromJarKeyException) {
                logger.error("Failed to read credentials, from location obtained using system property, RM home or ProActive jars", fromJarKeyException);
                System.exit(ExitStatus.CRED_UNREADABLE.exitCode);
            }
        }
    }
    return null;
}
Also used : File(java.io.File) KeyException(java.security.KeyException) Credentials(org.ow2.proactive.authentication.crypto.Credentials) LoginException(javax.security.auth.login.LoginException) ActiveObjectCreationException(org.objectweb.proactive.ActiveObjectCreationException) KeyException(java.security.KeyException) NotConfiguredException(org.objectweb.proactive.extensions.dataspaces.exceptions.NotConfiguredException) NodeException(org.objectweb.proactive.core.node.NodeException) ParseException(org.apache.commons.cli.ParseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AddingNodesException(org.ow2.proactive.resourcemanager.exception.AddingNodesException) ProActiveRuntimeException(org.objectweb.proactive.core.ProActiveRuntimeException) NotConnectedException(org.ow2.proactive.resourcemanager.exception.NotConnectedException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) ProActiveException(org.objectweb.proactive.core.ProActiveException)

Example 4 with Credentials

use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.

the class RMNodeStarter method registerInRM.

/**
 * Tries to join to the Resource Manager with a specified timeout
 * at the given URL, logs with provided credentials and adds the local node to
 * the Resource Manager. Handles all errors/exceptions.
 */
protected ResourceManager registerInRM(final Credentials credentials, final String rmURL, String nodeName, Collection<Node> nodes) {
    RMAuthentication rmAuth = joinResourceManager(rmURL);
    ResourceManager rm = loginToResourceManager(credentials, rmAuth);
    startMonitoring(rmAuth);
    for (final Node node : nodes) {
        nodeSetJmxUrl(sigarExposer, node);
        addNodeToResourceManager(rmURL, node, rm);
    }
    return rm;
}
Also used : RMAuthentication(org.ow2.proactive.resourcemanager.authentication.RMAuthentication) Node(org.objectweb.proactive.core.node.Node) ResourceManager(org.ow2.proactive.resourcemanager.frontend.ResourceManager)

Example 5 with Credentials

use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.

the class RMNodeStarter method reconnectToResourceManager.

private ResourceManager reconnectToResourceManager() {
    try {
        numberOfReconnectionAttemptsLeft--;
        // trying to reconnect to the resource manager
        ResourceManager rm = null;
        RMAuthentication rmAuth = RMConnection.waitAndJoin(rmURL, WAIT_ON_JOIN_TIMEOUT_IN_MS);
        rm = rmAuth.login(credentials);
        startMonitoring(rmAuth);
        return rm;
    } catch (Exception ex) {
        logger.error(ex.getMessage(), ex);
    }
    return null;
}
Also used : RMAuthentication(org.ow2.proactive.resourcemanager.authentication.RMAuthentication) ResourceManager(org.ow2.proactive.resourcemanager.frontend.ResourceManager) LoginException(javax.security.auth.login.LoginException) ActiveObjectCreationException(org.objectweb.proactive.ActiveObjectCreationException) KeyException(java.security.KeyException) NotConfiguredException(org.objectweb.proactive.extensions.dataspaces.exceptions.NotConfiguredException) NodeException(org.objectweb.proactive.core.node.NodeException) ParseException(org.apache.commons.cli.ParseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AddingNodesException(org.ow2.proactive.resourcemanager.exception.AddingNodesException) ProActiveRuntimeException(org.objectweb.proactive.core.ProActiveRuntimeException) NotConnectedException(org.ow2.proactive.resourcemanager.exception.NotConnectedException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) ProActiveException(org.objectweb.proactive.core.ProActiveException)

Aggregations

Credentials (org.ow2.proactive.authentication.crypto.Credentials)52 CredData (org.ow2.proactive.authentication.crypto.CredData)45 KeyException (java.security.KeyException)20 ResourceManager (org.ow2.proactive.resourcemanager.frontend.ResourceManager)18 LoginException (javax.security.auth.login.LoginException)17 PublicKey (java.security.PublicKey)15 Test (org.junit.Test)15 RMAuthentication (org.ow2.proactive.resourcemanager.authentication.RMAuthentication)14 HashMap (java.util.HashMap)13 IOException (java.io.IOException)12 SchedulerAuthenticationInterface (org.ow2.proactive.scheduler.common.SchedulerAuthenticationInterface)12 File (java.io.File)9 NotConnectedException (org.ow2.proactive.scheduler.common.exception.NotConnectedException)8 RMFunctionalTest (functionaltests.utils.RMFunctionalTest)6 JMXServiceURL (javax.management.remote.JMXServiceURL)6 ActiveObjectCreationException (org.objectweb.proactive.ActiveObjectCreationException)6 Node (org.objectweb.proactive.core.node.Node)6 RMException (org.ow2.proactive.resourcemanager.exception.RMException)6 PermissionException (org.ow2.proactive.scheduler.common.exception.PermissionException)6 JMXConnector (javax.management.remote.JMXConnector)5