Example 1 with TokenPrincipal
use of org.ow2.proactive.authentication.principals.TokenPrincipal in project scheduling by ow2-proactive.
the class NodeSource method buildRMNode.
/**
* Builds a RMNode from a raw Node
* @param node the node object
* @param provider the client of the request
* @return the expected RMNode
*/
private RMNode buildRMNode(Node node, Client provider) {
// creating a node access permission
// it could be either PROVIDER/PROVIDER_GROUPS and in this case
// the provider principals will be taken or
// ME/MY_GROUPS (ns creator/ns creator groups) and in this case
// creator's principals will be used
Client permissionOwner = administrator;
if (nodeUserAccessType.equals(AccessType.PROVIDER) || nodeUserAccessType.equals(AccessType.PROVIDER_GROUPS)) {
permissionOwner = provider;
}
// now selecting the type (user or group) and construct the permission
Set<IdentityPrincipal> principals = (Set<IdentityPrincipal>) nodeUserAccessType.getIdentityPrincipals(permissionOwner);
boolean tokenInNode = false;
boolean tokenInNodeSource = nodeUserAccessType.getTokens() != null && nodeUserAccessType.getTokens().length > 0;
try {
String nodeAccessToken = node.getProperty(RMNodeStarter.NODE_ACCESS_TOKEN);
tokenInNode = nodeAccessToken != null && nodeAccessToken.length() > 0;
if (tokenInNode) {
logger.debug("Node " + node.getNodeInformation().getURL() + " is protected by access token " + nodeAccessToken);
// it overrides all other principals
principals.clear();
principals.add(new TokenPrincipal(nodeAccessToken));
}
} catch (Exception e) {
throw new AddingNodesException(e);
}
PrincipalPermission nodeAccessPermission = new PrincipalPermission(node.getNodeInformation().getURL(), principals);
RMNodeImpl rmnode = new RMNodeImpl(node, stub, provider, nodeAccessPermission);
rmnode.setProtectedByToken(tokenInNode || tokenInNodeSource);
return rmnode;
}
Also used :
Set(java.util.Set)
PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission)
TokenPrincipal(org.ow2.proactive.authentication.principals.TokenPrincipal)
AddingNodesException(org.ow2.proactive.resourcemanager.exception.AddingNodesException)
Client(org.ow2.proactive.resourcemanager.authentication.Client)
IdentityPrincipal(org.ow2.proactive.authentication.principals.IdentityPrincipal)
RMNodeImpl(org.ow2.proactive.resourcemanager.rmnode.RMNodeImpl)
AddingNodesException(org.ow2.proactive.resourcemanager.exception.AddingNodesException)
RMException(org.ow2.proactive.resourcemanager.exception.RMException)
Example 2 with TokenPrincipal
use of org.ow2.proactive.authentication.principals.TokenPrincipal in project scheduling by ow2-proactive.
the class SelectionManager method filterOut.
/**
* Removes exclusion nodes and nodes not accessible for the client
*/
private List<RMNode> filterOut(List<RMNode> freeNodes, Criteria criteria, Client client) {
NodeSet exclusion = criteria.getBlackList();
Set<String> inclusion = criteria.getAcceptableNodesUrls();
boolean nodeWithTokenRequested = criteria.getNodeAccessToken() != null && criteria.getNodeAccessToken().length() > 0;
TokenPrincipal tokenPrincipal = null;
if (nodeWithTokenRequested) {
logger.debug("Node access token specified " + criteria.getNodeAccessToken());
tokenPrincipal = new TokenPrincipal(criteria.getNodeAccessToken());
client.getSubject().getPrincipals().add(tokenPrincipal);
}
List<RMNode> filteredList = new ArrayList<>();
HashSet<Permission> clientPermissions = new HashSet<>();
for (RMNode node : freeNodes) {
// checking the permission
try {
if (!clientPermissions.contains(node.getUserPermission())) {
client.checkPermission(node.getUserPermission(), client + " is not authorized to get the node " + node.getNodeURL() + " from " + node.getNodeSource().getName());
clientPermissions.add(node.getUserPermission());
}
} catch (SecurityException e) {
// client does not have an access to this node
logger.debug(e.getMessage());
continue;
}
// with other tokens but must also filter out nodes without tokens
if (nodeWithTokenRequested && !node.isProtectedByToken()) {
continue;
}
// we will avoid it here
if (nodeWithTokenRequested) {
PrincipalPermission perm = (PrincipalPermission) node.getUserPermission();
// checking explicitly that node has this token identity
if (!perm.hasPrincipal(tokenPrincipal)) {
if (logger.isDebugEnabled()) {
logger.debug(client + " does not have required token to get the node " + node.getNodeURL() + " from " + node.getNodeSource().getName());
}
continue;
}
}
if (!contains(exclusion, node) && ((inclusion != null) ? inclusion.contains(node.getNodeURL()) : true)) {
filteredList.add(node);
}
}
return filteredList;
}
Also used :
NodeSet(org.ow2.proactive.utils.NodeSet)
ArrayList(java.util.ArrayList)
PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission)
RMNode(org.ow2.proactive.resourcemanager.rmnode.RMNode)
Permission(java.security.Permission)
PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission)
TokenPrincipal(org.ow2.proactive.authentication.principals.TokenPrincipal)
HashSet(java.util.HashSet)
Aggregations
TokenPrincipal (org.ow2.proactive.authentication.principals.TokenPrincipal)2
PrincipalPermission (org.ow2.proactive.permissions.PrincipalPermission)2
Permission (java.security.Permission)1
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
Set (java.util.Set)1
IdentityPrincipal (org.ow2.proactive.authentication.principals.IdentityPrincipal)1
Client (org.ow2.proactive.resourcemanager.authentication.Client)1
AddingNodesException (org.ow2.proactive.resourcemanager.exception.AddingNodesException)1
RMException (org.ow2.proactive.resourcemanager.exception.RMException)1
RMNode (org.ow2.proactive.resourcemanager.rmnode.RMNode)1
RMNodeImpl (org.ow2.proactive.resourcemanager.rmnode.RMNodeImpl)1
NodeSet (org.ow2.proactive.utils.NodeSet)1
