use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class RMProxyActiveObject method handleCleaningScript.
/**
* Execute the given script on the given node.
* Also register a callback on {@link #cleanCallBack(Future, NodeSet)} method when script has returned.
* @param nodes the nodeset on which to start the script
* @param cleaningScript the script to be executed
* @param variables
* @param genericInformation
* @param taskId
* @param creds credentials with CredData containing third party credentials
*/
private void handleCleaningScript(NodeSet nodes, Script<?> cleaningScript, VariablesMap variables, Map<String, String> genericInformation, TaskId taskId, Credentials creds) {
TaskLogger instance = TaskLogger.getInstance();
try {
this.nodesTaskId.put(nodes, taskId);
// create a decrypter to access scheduler and retrieve Third Party User Credentials
String privateKeyPath = PASchedulerProperties.getAbsolutePath(PASchedulerProperties.SCHEDULER_AUTH_PRIVKEY_PATH.getValueAsString());
Decrypter decrypter = new Decrypter(Credentials.getPrivateKey(privateKeyPath));
decrypter.setCredentials(creds);
HashMap<String, Serializable> dictionary = new HashMap<>();
dictionary.putAll(variables.getScriptMap());
dictionary.putAll(variables.getInheritedMap());
dictionary.putAll(variables.getPropagatedVariables());
dictionary.putAll(variables.getScopeMap());
// start handler for binding
ScriptHandler handler = ScriptLoader.createHandler(nodes.get(0));
VariablesMap resolvedMap = new VariablesMap();
resolvedMap.setInheritedMap(VariableSubstitutor.resolveVariables(variables.getInheritedMap(), dictionary));
resolvedMap.setScopeMap(VariableSubstitutor.resolveVariables(variables.getScopeMap(), dictionary));
handler.addBinding(SchedulerConstants.VARIABLES_BINDING_NAME, (Serializable) resolvedMap);
handler.addBinding(SchedulerConstants.GENERIC_INFO_BINDING_NAME, (Serializable) genericInformation);
// retrieve scheduler URL to bind with schedulerapi, globalspaceapi, and userspaceapi
String schedulerUrl = PASchedulerProperties.SCHEDULER_REST_URL.getValueAsString();
logger.debug("Binding schedulerapi...");
SchedulerNodeClient client = new SchedulerNodeClient(decrypter, schedulerUrl);
handler.addBinding(SchedulerConstants.SCHEDULER_CLIENT_BINDING_NAME, (Serializable) client);
logger.debug("Binding globalspaceapi...");
RemoteSpace globalSpaceClient = new DataSpaceNodeClient(client, IDataSpaceClient.Dataspace.GLOBAL, schedulerUrl);
handler.addBinding(SchedulerConstants.DS_GLOBAL_API_BINDING_NAME, (Serializable) globalSpaceClient);
logger.debug("Binding userspaceapi...");
RemoteSpace userSpaceClient = new DataSpaceNodeClient(client, IDataSpaceClient.Dataspace.USER, schedulerUrl);
handler.addBinding(SchedulerConstants.DS_USER_API_BINDING_NAME, (Serializable) userSpaceClient);
logger.debug("Binding credentials...");
Map<String, String> resolvedThirdPartyCredentials = VariableSubstitutor.filterAndUpdate(decrypter.decrypt().getThirdPartyCredentials(), dictionary);
handler.addBinding(SchedulerConstants.CREDENTIALS_VARIABLE, (Serializable) resolvedThirdPartyCredentials);
ScriptResult<?> future = handler.handle(cleaningScript);
try {
PAEventProgramming.addActionOnFuture(future, "cleanCallBack", nodes);
} catch (IllegalArgumentException e) {
// TODO - linked to PROACTIVE-936 -> IllegalArgumentException is raised if method name is unknown
// should be replaced by checked exception
instance.error(taskId, "ERROR : Callback method won't be executed, node won't be released. This is a critical state, check the callback method name", e);
}
instance.info(taskId, "Cleaning Script started on node " + nodes.get(0).getNodeInformation().getURL());
} catch (Exception e) {
// if active object cannot be created or script has failed
instance.error(taskId, "Error while starting cleaning script for task " + taskId + " on " + nodes.get(0), e);
releaseNodes(nodes).booleanValue();
}
}
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class AuthenticationImpl method authenticate.
/**
* Performs login.
*
* @param cred encrypted username and password
* @return the name of the user logged
* @throws LoginException if username or password is incorrect.
*/
public Subject authenticate(Credentials cred) throws LoginException {
if (activated == false) {
throw new LoginException("Authentication active object is not activated.");
}
CredData credentials = null;
try {
credentials = cred.decrypt(privateKeyPath);
} catch (KeyException e) {
throw new LoginException("Could not decrypt credentials: " + e);
}
String username = credentials.getLogin();
String password = credentials.getPassword();
if (username == null || username.equals("")) {
throw new LoginException("Bad user name (user is null or empty)");
}
try {
// Verify that this user//password can connect to this existing scheduler
getLogger().info(username + " is trying to connect");
Map<String, Object> params = new HashMap<>(4);
// user name to check
params.put("username", username);
// password to check
params.put("pw", password);
// Load LoginContext according to login method defined in jaas.config
LoginContext lc = new LoginContext(getLoginMethod(), new NoCallbackHandler(params));
lc.login();
getLogger().info("User " + username + " logged successfully");
return lc.getSubject();
} catch (LoginException e) {
getLogger().info(e.getMessage());
// user about the reason of non authentication
throw new LoginException("Authentication failed");
}
}
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class RMNodeStarter method getDefaultCredentials.
private Credentials getDefaultCredentials() {
try {
return Credentials.getCredentials();
} catch (KeyException fromDiskKeyException) {
try {
Credentials credentialsFromRMHome = Credentials.getCredentials(new File(PAResourceManagerProperties.RM_HOME.getValueAsStringOrNull(), CONFIG_RM_CRED_PATH_RELATIVE).getAbsolutePath());
logger.info("Using default credentials from ProActive home, authenticating as user rm");
return credentialsFromRMHome;
} catch (KeyException fromRMHomeKeyException) {
try {
Credentials credentialsFromJar = Credentials.getCredentials(RMNodeStarter.class.getResourceAsStream("/" + CONFIG_RM_CRED_PATH_RELATIVE));
logger.info("Using default credentials from ProActive jars, authenticating as user rm");
return credentialsFromJar;
} catch (Exception fromJarKeyException) {
logger.error("Failed to read credentials, from location obtained using system property, RM home or ProActive jars", fromJarKeyException);
System.exit(ExitStatus.CRED_UNREADABLE.exitCode);
}
}
}
return null;
}
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class RMNodeStarter method registerInRM.
/**
* Tries to join to the Resource Manager with a specified timeout
* at the given URL, logs with provided credentials and adds the local node to
* the Resource Manager. Handles all errors/exceptions.
*/
protected ResourceManager registerInRM(final Credentials credentials, final String rmURL, String nodeName, Collection<Node> nodes) {
RMAuthentication rmAuth = joinResourceManager(rmURL);
ResourceManager rm = loginToResourceManager(credentials, rmAuth);
startMonitoring(rmAuth);
for (final Node node : nodes) {
nodeSetJmxUrl(sigarExposer, node);
addNodeToResourceManager(rmURL, node, rm);
}
return rm;
}
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class RMNodeStarter method reconnectToResourceManager.
private ResourceManager reconnectToResourceManager() {
try {
numberOfReconnectionAttemptsLeft--;
// trying to reconnect to the resource manager
ResourceManager rm = null;
RMAuthentication rmAuth = RMConnection.waitAndJoin(rmURL, WAIT_ON_JOIN_TIMEOUT_IN_MS);
rm = rmAuth.login(credentials);
startMonitoring(rmAuth);
return rm;
} catch (Exception ex) {
logger.error(ex.getMessage(), ex);
}
return null;
}
Aggregations