Repository: airavata Updated Branches: refs/heads/master e105f9413 -> ab0bf86c5
merging the implementation carried on sprint1_update2 with the updated airavata master Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/ab0bf86c Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/ab0bf86c Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/ab0bf86c Branch: refs/heads/master Commit: ab0bf86c59da550873b7fc18f990042f221e3f35 Parents: e105f94 Author: hasinitg <[email protected]> Authored: Wed Jul 8 18:43:27 2015 +0530 Committer: hasinitg <[email protected]> Committed: Wed Jul 8 18:43:27 2015 +0530 ---------------------------------------------------------------------- airavata-api/airavata-api-server/pom.xml | 5 + .../airavata/api/server/AiravataAPIServer.java | 124 +++++++--- .../server/handler/AiravataServerHandler.java | 10 +- .../security/AiravataSecurityManager.java | 3 +- .../DefaultAiravataSecurityManager.java | 13 +- .../api/server/security/DefaultOAuthClient.java | 29 ++- .../api/server/security/SecurityException.java | 11 - .../server/security/SecurityManagerFactory.java | 37 ++- .../api/client/AiravataClientFactory.java | 30 +++ distribution/src/main/assembly/bin-assembly.xml | 2 + .../apache/airavata/common/utils/Constants.java | 6 + .../airavata/common/utils/ServerSettings.java | 20 ++ .../main/resources/airavata-server.properties | 10 +- .../server/src/main/resources/airavata.jks | Bin 501 -> 1410 bytes .../server/src/main/resources/airavata.pem | Bin 0 -> 634 bytes .../src/main/resources/client_truststore.jks | Bin 0 -> 1307 bytes .../server/src/main/resources/wso2carbon.pem | Bin 0 -> 569 bytes .../security/AiravataSecurityException.java | 39 +++ .../security/util/TrustStoreManager.java | 83 +++++++ samples/java-client/pom.xml | 5 +- samples/java-client/secure-client/pom.xml | 27 +-- .../sample/AiravataSecurityException.java | 31 --- .../sample/OAuthAppRegisteringClient.java | 38 +-- .../sample/OAuthTokenRetrievalClient.java | 74 ++++-- .../airavata/secure/sample/Properties.java | 7 +- .../airavata/secure/sample/SecureClient.java | 237 ++++++++++++------- 26 files changed, 578 insertions(+), 263 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/pom.xml ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/pom.xml b/airavata-api/airavata-api-server/pom.xml index d3d1fc5..7e86cef 100644 --- a/airavata-api/airavata-api-server/pom.xml +++ b/airavata-api/airavata-api-server/pom.xml @@ -67,6 +67,11 @@ <version>${project.version}</version> </dependency> <dependency> + <groupId>org.apache.airavata</groupId> + <artifactId>airavata-security</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> <groupId>org.apache.thrift</groupId> <artifactId>libthrift</artifactId> <version>${thrift.version}</version> http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java index 42f8c1a..21c2c58 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java @@ -22,6 +22,8 @@ package org.apache.airavata.api.server; import java.net.InetSocketAddress; +import java.net.UnknownHostException; +import java.net.InetAddress; import org.apache.airavata.api.Airavata; import org.apache.airavata.api.server.handler.AiravataServerHandler; @@ -40,6 +42,7 @@ import org.apache.thrift.server.TThreadPoolServer; import org.apache.thrift.transport.TServerSocket; import org.apache.thrift.transport.TServerTransport; import org.apache.thrift.transport.TTransportException; +import org.apache.thrift.transport.TSSLTransportFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -51,7 +54,7 @@ public class AiravataAPIServer implements IServer{ private ServerStatus status; - private TServer server; + private TServer server, TLSServer; public AiravataAPIServer() { setStatus(ServerStatus.STOPPED); @@ -61,51 +64,95 @@ public class AiravataAPIServer implements IServer{ try { RegistryInitUtil.initializeDB(); AppCatalogInitUtil.initializeDB(); - final int serverPort = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_PORT,"8930")); final String serverHost = ServerSettings.getSetting(Constants.API_SERVER_HOST, null); - - TServerTransport serverTransport; - - if(serverHost == null){ - serverTransport = new TServerSocket(serverPort); - }else{ - InetSocketAddress inetSocketAddress = new InetSocketAddress(serverHost, serverPort); - serverTransport = new TServerSocket(inetSocketAddress); - } - - TThreadPoolServer.Args options = new TThreadPoolServer.Args(serverTransport); - options.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_MIN_THREADS, "50")); - server = new TThreadPoolServer(options.processor(airavataAPIServer)); - new Thread() { - public void run() { - server.serve(); - RegistryInitUtil.stopDerbyInServerMode(); - setStatus(ServerStatus.STOPPED); - logger.info("Airavata API Server Stopped."); + if (!ServerSettings.isTLSEnabled()) { + final int serverPort = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_PORT, "8930")); + + TServerTransport serverTransport; + + if (serverHost == null) { + serverTransport = new TServerSocket(serverPort); + } else { + InetSocketAddress inetSocketAddress = new InetSocketAddress(serverHost, serverPort); + serverTransport = new TServerSocket(inetSocketAddress); } - }.start(); - new Thread() { - public void run() { - while(!server.isServing()){ - try { - Thread.sleep(500); - } catch (InterruptedException e) { - break; - } + + TThreadPoolServer.Args options = new TThreadPoolServer.Args(serverTransport); + options.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_MIN_THREADS, "50")); + server = new TThreadPoolServer(options.processor(airavataAPIServer)); + new Thread() { + public void run() { + server.serve(); + RegistryInitUtil.stopDerbyInServerMode(); + setStatus(ServerStatus.STOPPED); + logger.info("Airavata API Server Stopped."); } - if (server.isServing()){ - setStatus(ServerStatus.STARTED); - logger.info("Starting Airavata API Server on Port " + serverPort); - logger.info("Listening to Airavata Clients ...."); + }.start(); + new Thread() { + public void run() { + while (!server.isServing()) { + try { + Thread.sleep(500); + } catch (InterruptedException e) { + break; + } + } + if (server.isServing()) { + setStatus(ServerStatus.STARTED); + logger.info("Starting Airavata API Server on Port " + serverPort); + logger.info("Listening to Airavata Clients ...."); + } } - } - }.start(); + }.start(); + } // storeServerConfig(); + /**********start thrift server over TLS******************/ + if (ServerSettings.isTLSEnabled()) { + TSSLTransportFactory.TSSLTransportParameters TLSParams = + new TSSLTransportFactory.TSSLTransportParameters(); + TLSParams.setKeyStore(ServerSettings.getKeyStorePath(), ServerSettings.getKeyStorePassword()); + TServerSocket TLSServerTransport = TSSLTransportFactory.getServerSocket( + ServerSettings.getTLSServerPort(), ServerSettings.getTLSClientTimeout(), + InetAddress.getByName(serverHost), TLSParams); + TThreadPoolServer.Args settings = new TThreadPoolServer.Args(TLSServerTransport); + settings.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting( + Constants.API_SERVER_MIN_THREADS, "50")); + TLSServer = new TThreadPoolServer(settings.processor(airavataAPIServer)); + new Thread() { + public void run() { + TLSServer.serve(); + RegistryInitUtil.stopDerbyInServerMode(); + setStatus(ServerStatus.STOPPED); + logger.info("Airavata API Server over TLS Stopped."); + } + }.start(); + new Thread() { + public void run() { + while (!TLSServer.isServing()) { + try { + Thread.sleep(500); + } catch (InterruptedException e) { + break; + } + } + if (TLSServer.isServing()) { + setStatus(ServerStatus.STARTED); + } + } + }.start(); + logger.info("Airavata API server starter over TLS on Port: " + ServerSettings.getTLSServerPort()); + } } catch (TTransportException e) { logger.error(e.getMessage()); setStatus(ServerStatus.FAILED); RegistryInitUtil.stopDerbyInServerMode(); throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR); + } catch (ApplicationSettingsException e) { + logger.error(e.getMessage(), e); + throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR); + } catch (UnknownHostException e) { + logger.error(e.getMessage(), e); + throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR); } } public static void main(String[] args) { @@ -131,7 +178,10 @@ public class AiravataAPIServer implements IServer{ setStatus(ServerStatus.STOPING); server.stop(); } - + //stop the Airavata API server hosted over TLS. + if ((ServerSettings.isTLSEnabled()) && TLSServer.isServing()){ + TLSServer.stop(); + } } @Override http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java index ad3d239..de00930 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java @@ -104,6 +104,7 @@ import org.apache.airavata.registry.cpi.RegistryException; import org.apache.airavata.registry.cpi.ResultOrderType; import org.apache.airavata.registry.cpi.WorkflowCatalog; import org.apache.airavata.registry.cpi.utils.Constants; +import org.apache.airavata.security.AiravataSecurityException; import org.apache.thrift.TException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -3555,11 +3556,12 @@ public class AiravataServerHandler implements Airavata.Iface { throw new AuthorizationException("User is not authenticated or authorized."); } } - } catch (org.apache.airavata.api.server.security.SecurityException e) { - throw new AuthorizationException(e.getMessage()); + } catch (AiravataSecurityException e) { + logger.error(e.getMessage(), e); + throw new AuthorizationException("Error in obtaining initiating Security Manager."); } catch (ApplicationSettingsException e) { - logger.error("Error in reading API security settings."); - throw new AuthorizationException(e.getMessage()); + logger.error(e.getMessage(), e); + throw new AuthorizationException("Error in reading security configuration."); } } http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java index b39c951..5937d3e 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/AiravataSecurityManager.java @@ -21,7 +21,8 @@ package org.apache.airavata.api.server.security; import org.apache.airavata.model.security.AuthzToken; +import org.apache.airavata.security.AiravataSecurityException; public interface AiravataSecurityManager { - public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws SecurityException; + public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws AiravataSecurityException; } http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java index c8aca68..739a1ec 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultAiravataSecurityManager.java @@ -20,8 +20,10 @@ */ package org.apache.airavata.api.server.security; +import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.utils.ServerSettings; import org.apache.airavata.model.security.AuthzToken; +import org.apache.airavata.security.AiravataSecurityException; import org.apache.axis2.AxisFault; import org.apache.axis2.context.ConfigurationContext; import org.apache.axis2.context.ConfigurationContextFactory; @@ -35,7 +37,7 @@ import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO public class DefaultAiravataSecurityManager implements AiravataSecurityManager { private final static Logger logger = LoggerFactory.getLogger(DefaultAiravataSecurityManager.class); - public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws SecurityException { + public boolean isUserAuthenticatedAndAuthorized(AuthzToken authzToken) throws AiravataSecurityException { try { ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); @@ -46,10 +48,11 @@ public class DefaultAiravataSecurityManager implements AiravataSecurityManager { authzToken.getAccessToken()); return validationResponse.getValid(); } catch (AxisFault axisFault) { - throw new SecurityException(axisFault.getMessage()); - } catch (Exception exception) { - logger.error(exception.getCause().toString()); - throw new SecurityException(exception.getMessage()); + logger.error(axisFault.getMessage(), axisFault); + throw new AiravataSecurityException("Error in initializing the configuration context for creating the OAuth validation client."); + } catch (ApplicationSettingsException e) { + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in reading OAuth server configuration."); } } } http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java index 3f2e32f..7996474 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/DefaultOAuthClient.java @@ -20,6 +20,10 @@ */ package org.apache.airavata.api.server.security; +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.security.AiravataSecurityException; +import org.apache.airavata.security.util.TrustStoreManager; import org.apache.axis2.AxisFault; import org.apache.axis2.context.ConfigurationContext; import org.slf4j.Logger; @@ -38,6 +42,7 @@ import java.rmi.RemoteException; * to get the OAuth token validated. */ public class DefaultOAuthClient { + private OAuth2TokenValidationServiceStub stub; private final static Logger logger = LoggerFactory.getLogger(DefaultOAuthClient.class); public static final String BEARER_TOKEN_TYPE = "bearer"; @@ -52,16 +57,16 @@ public class DefaultOAuthClient { * @throws Exception */ public DefaultOAuthClient(String auhorizationServerURL, String username, String password, - ConfigurationContext configCtx) throws Exception { + ConfigurationContext configCtx) throws AiravataSecurityException { String serviceURL = auhorizationServerURL + "OAuth2TokenValidationService"; try { stub = new OAuth2TokenValidationServiceStub(configCtx, serviceURL); CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, stub._getServiceClient()); } catch (AxisFault e) { - logger.error("Error initializing OAuth2 Client"); - throw new Exception("Error initializing OAuth Client", e); + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error initializing OAuth client."); } - //TODO:Import the WSO2 IS cert into Airavata trust store. + /*//TODO:Import the WSO2 IS cert into Airavata trust store. try { // Get SSL context SSLContext sc = SSLContext.getInstance("SSL"); @@ -93,8 +98,7 @@ public class DefaultOAuthClient { SSLContext.setDefault(sc); } catch (Exception e) { e.printStackTrace(); - //ignore - } + }*/ } /** @@ -105,7 +109,7 @@ public class DefaultOAuthClient { * @throws Exception */ public OAuth2TokenValidationResponseDTO validateAccessToken(String accessToken) - throws Exception { + throws AiravataSecurityException { OAuth2TokenValidationRequestDTO oauthReq = new OAuth2TokenValidationRequestDTO(); OAuth2TokenValidationRequestDTO_OAuth2AccessToken token = new OAuth2TokenValidationRequestDTO_OAuth2AccessToken(); @@ -113,12 +117,17 @@ public class DefaultOAuthClient { token.setTokenType(BEARER_TOKEN_TYPE); oauthReq.setAccessToken(token); try { + //initialize SSL context with the trust store. + TrustStoreManager trustStoreManager = new TrustStoreManager(); + trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(), ServerSettings.getTrustStorePassword()); return stub.validate(oauthReq); } catch (RemoteException e) { - logger.error("Error while validating OAuth2 request"); - throw new Exception("Error while validating OAuth2 request", e); + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in validating the OAuth access token."); + } catch (ApplicationSettingsException e) { + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in reading OAuth configuration."); } } - } http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityException.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityException.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityException.java deleted file mode 100644 index 8d22658..0000000 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityException.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.apache.airavata.api.server.security; - -public class SecurityException extends Exception { - public SecurityException(String message) { - super(message); - } - - public SecurityException() { - super(); - } -} http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java index 9e71b93..0b376a7 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/SecurityManagerFactory.java @@ -20,13 +20,44 @@ */ package org.apache.airavata.api.server.security; +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.security.AiravataSecurityException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + /** * This initializes an instance of the appropriate security manager according to the * configuration. */ public class SecurityManagerFactory { - public static AiravataSecurityManager getSecurityManager(){ - //TODO:read from configuration and create the appropriate security manager. - return new DefaultAiravataSecurityManager(); + private final static Logger logger = LoggerFactory.getLogger(SecurityManagerFactory.class); + private static Class secManagerImpl = null; + + public static AiravataSecurityManager getSecurityManager() throws AiravataSecurityException { + try { + if(secManagerImpl == null){ + secManagerImpl = Class.forName(ServerSettings.getSecurityManagerClassName()); + } + AiravataSecurityManager securityManager = (AiravataSecurityManager) secManagerImpl.newInstance(); + return securityManager; + } catch (ClassNotFoundException e) { + String error = "Security Manager class could not be found."; + logger.error(e.getMessage(), e); + throw new AiravataSecurityException(error); + } catch (ApplicationSettingsException e) { + String error = "Error in reading the configuration related to Security Manager class."; + logger.error(e.getMessage(), e); + throw new AiravataSecurityException(error); + } catch (InstantiationException e) { + String error = "Error in instantiating the Security Manager class."; + logger.error(e.getMessage(), e); + throw new AiravataSecurityException(error); + } catch (IllegalAccessException e) { + String error = "Error in instantiating the Security Manager class."; + logger.error(e.getMessage(), e); + throw new AiravataSecurityException(error); + + } } } http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java b/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java index 2ef6a6e..a448192 100644 --- a/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java +++ b/airavata-api/airavata-api-stubs/src/main/java/org/apache/airavata/api/client/AiravataClientFactory.java @@ -29,6 +29,7 @@ import org.apache.thrift.protocol.TProtocol; import org.apache.thrift.transport.TSocket; import org.apache.thrift.transport.TTransport; import org.apache.thrift.transport.TTransportException; +import org.apache.thrift.transport.TSSLTransportFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -49,4 +50,33 @@ public class AiravataClientFactory { throw exception; } } + + /** + * This method returns a Airavata Client that talks to the API Server exposed over TLS. + * + * @param serverHost + * @param serverPort + * @param trustStorePath + * @param trustStorePassword + * @param clientTimeOut + * @return + * @throws AiravataClientConnectException + */ + public static Airavata.Client createAiravataSecureClient(String serverHost, int serverPort, String trustStorePath, + String trustStorePassword, int clientTimeOut) + throws AiravataClientException { + try { + TSSLTransportFactory.TSSLTransportParameters params = + new TSSLTransportFactory.TSSLTransportParameters(); + params.setTrustStore(trustStorePath, trustStorePassword); + TSocket transport = TSSLTransportFactory.getClientSocket(serverHost, serverPort, clientTimeOut, params); + TProtocol protocol = new TBinaryProtocol(transport); + return new Airavata.Client(protocol); + } catch (TTransportException e) { + logger.error(e.getMessage(), e); + AiravataClientException clientError = new AiravataClientException(); + clientError.setParameter("Unable to connect to the server at " + serverHost + ":" + serverPort); + throw clientError; + } + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/distribution/src/main/assembly/bin-assembly.xml ---------------------------------------------------------------------- diff --git a/distribution/src/main/assembly/bin-assembly.xml b/distribution/src/main/assembly/bin-assembly.xml index cb5c229..5276268 100644 --- a/distribution/src/main/assembly/bin-assembly.xml +++ b/distribution/src/main/assembly/bin-assembly.xml @@ -103,6 +103,8 @@ <include>LSFTemplate.xslt</include> <include>UGETemplate.xslt</include> <include>gsissh.properties</include> + <include>airavata.jks</include> + <include>client_truststore.jks</include> </includes> </fileSet> http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java ---------------------------------------------------------------------- diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java index 6e1cb84..a2d032f 100644 --- a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java +++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java @@ -33,7 +33,13 @@ public final class Constants { public static final String JOB = "job"; //API security relates property names public static final String IS_API_SECURED = "api.secured"; + public static final String SECURITY_MANAGER_CLASS = "security.manager.class"; public static final String REMOTE_OAUTH_SERVER_URL = "remote.oauth.authorization.server"; public static final String ADMIN_USERNAME = "admin.user.name"; public static final String ADMIN_PASSWORD = "admin.password"; + public static final String IS_TLS_ENABLED = "TLS.enabled"; + public static final String TLS_SERVER_PORT = "TLS.api.server.port"; + public static final String KEYSTORE_PATH = "keystore.path"; + public static final String KEYSTORE_PASSWORD = "keystore.password"; + public static final String TLS_CLIENT_TIMEOUT = "TLS.client.timeout"; } http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java ---------------------------------------------------------------------- diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java index 6d2238a..37521f6 100644 --- a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java +++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java @@ -326,4 +326,24 @@ public class ServerSettings extends ApplicationSettings { public static int getOrchestratorServerPort() throws ApplicationSettingsException { return Integer.valueOf(getSetting(ORCHESTRATOR_SERVER_PORT)); } + + public static boolean isTLSEnabled() throws ApplicationSettingsException { + return Boolean.valueOf(getSetting(Constants.IS_TLS_ENABLED)); + } + public static int getTLSServerPort() throws ApplicationSettingsException { + return Integer.valueOf(getSetting(Constants.TLS_SERVER_PORT)); + } + public static String getKeyStorePath() throws ApplicationSettingsException { + return getSetting(Constants.KEYSTORE_PATH); + } + public static String getKeyStorePassword() throws ApplicationSettingsException { + return getSetting(Constants.KEYSTORE_PASSWORD); + } + public static int getTLSClientTimeout() throws ApplicationSettingsException { + return Integer.valueOf(getSetting(Constants.TLS_CLIENT_TIMEOUT)); + } + + public static String getSecurityManagerClassName() throws ApplicationSettingsException { + return getSetting(Constants.SECURITY_MANAGER_CLASS); + } } http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/airavata-server.properties ---------------------------------------------------------------------- diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties index 6494b5d..0b0305f 100644 --- a/modules/configuration/server/src/main/resources/airavata-server.properties +++ b/modules/configuration/server/src/main/resources/airavata-server.properties @@ -225,6 +225,14 @@ zookeeper.timeout=30000 ## API Security Configuration ######################################################################## api.secured=true +security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager +TLS.enabled=true +TLS.api.server.port=9930 +TLS.client.timeout=10000 +keystore.path=airavata.jks +keystore.password=airavata +trust.store=client_truststore.jks +trust.store.password=airavata remote.oauth.authorization.server=https://localhost:9443/services/ admin.user.name=admin -admin.password=admin +admin.password=admin \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/airavata.jks ---------------------------------------------------------------------- diff --git a/modules/configuration/server/src/main/resources/airavata.jks b/modules/configuration/server/src/main/resources/airavata.jks index bd6d8fe..e0e46e2 100644 Binary files a/modules/configuration/server/src/main/resources/airavata.jks and b/modules/configuration/server/src/main/resources/airavata.jks differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/airavata.pem ---------------------------------------------------------------------- diff --git a/modules/configuration/server/src/main/resources/airavata.pem b/modules/configuration/server/src/main/resources/airavata.pem new file mode 100644 index 0000000..242d955 Binary files /dev/null and b/modules/configuration/server/src/main/resources/airavata.pem differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/client_truststore.jks ---------------------------------------------------------------------- diff --git a/modules/configuration/server/src/main/resources/client_truststore.jks b/modules/configuration/server/src/main/resources/client_truststore.jks new file mode 100644 index 0000000..cec7a66 Binary files /dev/null and b/modules/configuration/server/src/main/resources/client_truststore.jks differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/configuration/server/src/main/resources/wso2carbon.pem ---------------------------------------------------------------------- diff --git a/modules/configuration/server/src/main/resources/wso2carbon.pem b/modules/configuration/server/src/main/resources/wso2carbon.pem new file mode 100644 index 0000000..8c02f03 Binary files /dev/null and b/modules/configuration/server/src/main/resources/wso2carbon.pem differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/security/src/main/java/org/apache/airavata/security/AiravataSecurityException.java ---------------------------------------------------------------------- diff --git a/modules/security/src/main/java/org/apache/airavata/security/AiravataSecurityException.java b/modules/security/src/main/java/org/apache/airavata/security/AiravataSecurityException.java new file mode 100644 index 0000000..a29d842 --- /dev/null +++ b/modules/security/src/main/java/org/apache/airavata/security/AiravataSecurityException.java @@ -0,0 +1,39 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.airavata.security; + +/** + * This class is named as AiravataSecurityException in order to avoid the conflicts with the + * SecurityException class provided in Java. + */ +public class AiravataSecurityException extends Exception { + public AiravataSecurityException(String message) { + super(message); + } + + public AiravataSecurityException(String message, Throwable cause) { + super(message, cause); + } + + public AiravataSecurityException() { + super(); + } +} http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/modules/security/src/main/java/org/apache/airavata/security/util/TrustStoreManager.java ---------------------------------------------------------------------- diff --git a/modules/security/src/main/java/org/apache/airavata/security/util/TrustStoreManager.java b/modules/security/src/main/java/org/apache/airavata/security/util/TrustStoreManager.java new file mode 100644 index 0000000..94fb758 --- /dev/null +++ b/modules/security/src/main/java/org/apache/airavata/security/util/TrustStoreManager.java @@ -0,0 +1,83 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.airavata.security.util; + +import org.apache.airavata.security.AiravataSecurityException; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import java.io.*; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class TrustStoreManager { + private final static Logger logger = LoggerFactory.getLogger(TrustStoreManager.class); + public SSLContext initializeTrustStoreManager(String trustStorePath, String trustStorePassword) + throws AiravataSecurityException { + try { + // load and initialize the trust store + InputStream trustStream = new FileInputStream(new File(trustStorePath)); + KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + char[] trustPassword = trustStorePassword.toCharArray(); + + trustStore.load(trustStream, trustPassword); + + // initialize a trust manager factory + TrustManagerFactory trustFactory = + TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustFactory.init(trustStore); + + // get the trust managers from the factory + TrustManager[] trustManagers = trustFactory.getTrustManagers(); + + // initialize an ssl context to use these managers and set as default + SSLContext sslContext = SSLContext.getInstance("SSL"); + sslContext.init(null, trustManagers, null); + SSLContext.setDefault(sslContext); + return sslContext; + } catch (CertificateException e) { + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in initializing the trust store."); + } catch (NoSuchAlgorithmException e) { + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in initializing the trust store."); + } catch (KeyStoreException e) { + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in initializing the trust store."); + } catch (KeyManagementException e) { + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in initializing the trust store."); + } catch (FileNotFoundException e) { + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in initializing the trust store."); + } catch (IOException e) { + logger.error(e.getMessage(), e); + throw new AiravataSecurityException("Error in initializing the trust store."); + } + } +} http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/pom.xml ---------------------------------------------------------------------- diff --git a/samples/java-client/pom.xml b/samples/java-client/pom.xml index 7adc314..f5b59f2 100644 --- a/samples/java-client/pom.xml +++ b/samples/java-client/pom.xml @@ -12,11 +12,12 @@ <parent> <groupId>org.apache.airavata</groupId> <artifactId>airavata</artifactId> - <version>0.15-SNAPSHOT</version> - <relativePath>../../pom.xml</relativePath> + <version>0.16-SNAPSHOT</version> + <relativePath>../../../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.airavata</groupId> <artifactId>samples</artifactId> <name>Samples - Airavata Client Samples</name> <packaging>pom</packaging> http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/pom.xml ---------------------------------------------------------------------- diff --git a/samples/java-client/secure-client/pom.xml b/samples/java-client/secure-client/pom.xml index e4dd9d6..8dbc8e8 100644 --- a/samples/java-client/secure-client/pom.xml +++ b/samples/java-client/secure-client/pom.xml @@ -5,25 +5,14 @@ <parent> <artifactId>samples</artifactId> <groupId>org.apache.airavata</groupId> - <version>0.15-SNAPSHOT</version> + <version>0.16-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.airavata</groupId> <artifactId>secure-client</artifactId> + <version>0.16-SNAPSHOT</version> <packaging>jar</packaging> - <repositories> - <repository> - <id>wso2-nexus</id> - <name>WSO2 internal Repository</name> - <url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - <checksumPolicy>ignore</checksumPolicy> - </releases> - </repository> - </repositories> - <dependencies> <dependency> <groupId>org.apache.airavata</groupId> @@ -31,6 +20,16 @@ <version>${project.version}</version> </dependency> <dependency> + <groupId>org.apache.airavata</groupId> + <artifactId>airavata-model-utils</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.airavata</groupId> + <artifactId>airavata-security</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.10</version> http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/AiravataSecurityException.java ---------------------------------------------------------------------- diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/AiravataSecurityException.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/AiravataSecurityException.java deleted file mode 100644 index 2d5e959..0000000 --- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/AiravataSecurityException.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.airavata.secure.sample; - -public class AiravataSecurityException extends Exception { - public AiravataSecurityException(String message) { - super(message); - } - - public AiravataSecurityException() { - super(); - } -} http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java ---------------------------------------------------------------------- diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java index 5113c02..5292318 100644 --- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java +++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthAppRegisteringClient.java @@ -20,6 +20,8 @@ */ package org.apache.airavata.secure.sample; +import org.apache.airavata.security.AiravataSecurityException; +import org.apache.airavata.security.util.TrustStoreManager; import org.apache.axis2.AxisFault; import org.apache.axis2.context.ConfigurationContext; import org.slf4j.Logger; @@ -46,39 +48,6 @@ public class OAuthAppRegisteringClient { logger.error("Error initializing OAuth2 Client"); throw new Exception("Error initializing OAuth Client", e); } - //TODO:enable proper SSL handshake with WSO2 IS. - try { - // Get SSL context - SSLContext sc = SSLContext.getInstance("SSL"); - - // Create empty HostnameVerifier - HostnameVerifier hv = new HostnameVerifier() { - public boolean verify(String urlHostName, SSLSession session) { - return true; - } - }; - HttpsURLConnection.setDefaultHostnameVerifier(hv); - - // Create a trust manager that does not validate certificate chains - TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; - } - - public void checkClientTrusted(java.security.cert.X509Certificate[] certs, - String authType) { - } - - public void checkServerTrusted(java.security.cert.X509Certificate[] certs, - String authType) { - } - }}; - - sc.init(null, trustAllCerts, new java.security.SecureRandom()); - SSLContext.setDefault(sc); - } catch (Exception e) { - e.printStackTrace(); - } } @@ -92,6 +61,9 @@ public class OAuthAppRegisteringClient { consumerAppDTO.setOauthConsumerKey(consumerId); consumerAppDTO.setOauthConsumerSecret(consumerSecret); //consumerAppDTO.setUsername(adminUserName); + //initialize trust store for SSL handshake + TrustStoreManager trustStoreManager = new TrustStoreManager(); + trustStoreManager.initializeTrustStoreManager(Properties.TRUST_STORE_PATH, Properties.TRUST_STORE_PASSWORD); stub.registerOAuthApplicationData(consumerAppDTO); // After registration application is retrieve return stub.getOAuthApplicationDataByAppName(appName); http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java ---------------------------------------------------------------------- diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java index 7204e53..a92a9e6 100644 --- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java +++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/OAuthTokenRetrievalClient.java @@ -1,5 +1,27 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ package org.apache.airavata.secure.sample; +import org.apache.airavata.security.AiravataSecurityException; +import org.apache.airavata.security.util.TrustStoreManager; import org.apache.commons.codec.binary.Base64; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; @@ -24,18 +46,31 @@ import java.util.ArrayList; import java.util.List; public class OAuthTokenRetrievalClient { - - public String retrieveAccessToken(String consumerId, String consumerSecret, String userName, String password) - throws SecurityException { + /** + * Retrieve the OAuth Access token via the specified grant type. + * @param consumerId + * @param consumerSecret + * @param userName + * @param password + * @param grantType + * @return + * @throws SecurityException + */ + public String retrieveAccessToken(String consumerId, String consumerSecret, String userName, String password, int grantType) + throws AiravataSecurityException { HttpPost postMethod = null; try { - //TODO:handle SSL handshake with WSO2 IS properly. - org.apache.http.conn.ssl.SSLSocketFactory sf = new org.apache.http.conn.ssl.SSLSocketFactory( - SSLContext.getDefault()); - sf.setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); + //initialize trust store to handle SSL handshake with WSO2 IS properly. + TrustStoreManager trustStoreManager = new TrustStoreManager(); + SSLContext sslContext = trustStoreManager.initializeTrustStoreManager(Properties.TRUST_STORE_PATH, + Properties.TRUST_STORE_PASSWORD); + //create https scheme with the trust store + org.apache.http.conn.ssl.SSLSocketFactory sf = new org.apache.http.conn.ssl.SSLSocketFactory(sslContext); Scheme httpsScheme = new Scheme("https", sf, Properties.authzServerPort); + HttpClient httpClient = new DefaultHttpClient(); + //set the https scheme in the httpclient httpClient.getConnectionManager().getSchemeRegistry().register(httpsScheme); postMethod = new HttpPost(Properties.oauthTokenEndPointURL); @@ -47,9 +82,15 @@ public class OAuthTokenRetrievalClient { postMethod.setHeader("Authorization", "Basic " + authHeader); List<NameValuePair> urlParameters = new ArrayList<NameValuePair>(); - urlParameters.add(new BasicNameValuePair("grant_type", "password")); - urlParameters.add(new BasicNameValuePair("username", userName)); - urlParameters.add(new BasicNameValuePair("password", password)); + + if (grantType == 1) { + urlParameters.add(new BasicNameValuePair("grant_type", "password")); + urlParameters.add(new BasicNameValuePair("username", userName)); + urlParameters.add(new BasicNameValuePair("password", password)); + + } else if (grantType == 2) { + urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials")); + } postMethod.setEntity(new UrlEncodedFormEntity(urlParameters)); @@ -68,20 +109,17 @@ public class OAuthTokenRetrievalClient { JSONObject jsonObject = (JSONObject) parser.parse(result.toString()); return (String) jsonObject.get("access_token"); } catch (ClientProtocolException e) { - throw new SecurityException(e.getMessage()); + throw new AiravataSecurityException(e.getMessage(), e); } catch (UnsupportedEncodingException e) { - throw new SecurityException(e.getMessage()); + throw new AiravataSecurityException(e.getMessage(), e); } catch (IOException e) { - throw new SecurityException(e.getMessage()); - } catch (NoSuchAlgorithmException e) { - throw new SecurityException(e.getMessage()); + throw new AiravataSecurityException(e.getMessage(), e); } catch (ParseException e) { - throw new SecurityException(e.getMessage()); + throw new AiravataSecurityException(e.getMessage(), e); } finally { if (postMethod != null) { postMethod.releaseConnection(); } } } - -} +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java ---------------------------------------------------------------------- diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java index 33661cc..50e563a 100644 --- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java +++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/Properties.java @@ -23,13 +23,18 @@ package org.apache.airavata.secure.sample; public class Properties { //Airavata server host, port public static final String SERVER_HOST = "localhost"; - public static final int SERVER_PORT = 8930; + public static final int SERVER_PORT = 9930; + + //trust store parameters + public static final String TRUST_STORE_PATH = "../../../../../airavata/modules/configuration/server/src/main/resources/client_truststore.jks"; + public static final String TRUST_STORE_PASSWORD = "airavata"; public static String oauthAuthzServerURL = "https://localhost:9443/services/";; public static String oauthTokenEndPointURL = "https://localhost:9443/oauth2/token";; public static int authzServerPort = 9443; public static String adminUserName = "admin"; public static String adminPassword = "admin"; + public static int grantType = 1; //OAuth consumer app properties public static String appName = "AiravataGWP1"; http://git-wip-us.apache.org/repos/asf/airavata/blob/ab0bf86c/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java ---------------------------------------------------------------------- diff --git a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java index f3333f2..36b1783 100644 --- a/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java +++ b/samples/java-client/secure-client/src/main/java/org/apache/airavata/secure/sample/SecureClient.java @@ -21,9 +21,10 @@ package org.apache.airavata.secure.sample; import org.apache.airavata.api.client.AiravataClientFactory; -import org.apache.airavata.model.error.AiravataClientConnectException; +import org.apache.airavata.model.error.*; import org.apache.airavata.api.Airavata; import org.apache.airavata.model.security.AuthzToken; +import org.apache.airavata.security.AiravataSecurityException; import org.apache.axis2.AxisFault; import org.apache.axis2.context.ConfigurationContext; import org.apache.axis2.context.ConfigurationContextFactory; @@ -32,121 +33,173 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO; +import java.util.HashMap; +import java.util.Map; import java.util.Scanner; public class SecureClient { private static Logger logger = LoggerFactory.getLogger(SecureClient.class); public static void main(String[] args) throws Exception { - //register OAuth application - this happens once during initialization of the gateway. - - /************************Start obtaining input from user*****************************/ - System.out.println(""); - System.out.println("Registering OAuth application representing the client...."); - System.out.println("Please enter following information as you prefer, or use defaults."); Scanner scanner = new Scanner(System.in); - System.out.println("OAuth application name: (default:" + Properties.appName + - ", press 'd' to use default value.)"); - String appNameInput = scanner.next(); - String appName = null; - if (appNameInput.trim().equals("d")) { - appName = Properties.appName; - } else { - appName = appNameInput.trim(); - } - - System.out.println("Consumer Id: (default:" + Properties.consumerID + ", press 'd' to use default value.)"); - String consumerIdInput = scanner.next(); + //register client or use existing client + System.out.println(""); + System.out.println("Please select from the following options:"); + System.out.println("1. Register the client as an OAuth application."); + System.out.println("2. Client is already registered. Use the existing credentials."); + String opInput = scanner.next(); + int option = Integer.valueOf(opInput.trim()); String consumerId = null; - if (consumerIdInput.trim().equals("d")) { - consumerId = Properties.consumerID; - } else { - consumerId = consumerIdInput.trim(); - } - - System.out.println("Consumer Secret: (default:" + Properties.consumerSecret + - ", press 'd' to use default value.)"); - String consumerSecInput = scanner.next(); String consumerSecret = null; - if (consumerSecInput.trim().equals("d")) { - consumerSecret = Properties.consumerSecret; - } else { - consumerSecret = consumerSecInput.trim(); - } - /***************************** Finish obtaining input from user*******************************************/ + if (option == 1) { + //register OAuth application - this happens once during initialization of the gateway. - /*********************** Perform registration of the client as an OAuth app***************************/ - ConfigurationContext configContext = - ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); - OAuthAppRegisteringClient authAppRegisteringClient = new OAuthAppRegisteringClient( - Properties.oauthAuthzServerURL, Properties.adminUserName, Properties.adminPassword, configContext); - OAuthConsumerAppDTO appDTO = authAppRegisteringClient.registerApplication(appName, consumerId, consumerSecret); - /********************* Complete registering the client ***********************************************/ - System.out.println(""); - System.out.println("Registered OAuth app successfully. Following is app's details:"); - System.out.println("App Name: " + appDTO.getApplicationName()); - System.out.println("Consumer ID: " + appDTO.getOauthConsumerKey()); - System.out.println("Consumer Secret: " + appDTO.getOauthConsumerSecret()); - System.out.println(""); + /************************Start obtaining input from user*****************************/ + System.out.println(""); + System.out.println("Registering an OAuth application representing the client...."); + System.out.println("Please enter following information as you prefer, or use defaults."); + System.out.println("OAuth application name: (default:" + Properties.appName + + ", press 'd' to use default value.)"); + String appNameInput = scanner.next(); + String appName = null; + if (appNameInput.trim().equals("d")) { + appName = Properties.appName; + } else { + appName = appNameInput.trim(); + } + + System.out.println("Consumer Id: (default:" + Properties.consumerID + ", press 'd' to use default value.)"); + String consumerIdInput = scanner.next(); + if (consumerIdInput.trim().equals("d")) { + consumerId = Properties.consumerID; + } else { + consumerId = consumerIdInput.trim(); + } + + System.out.println("Consumer Secret: (default:" + Properties.consumerSecret + + ", press 'd' to use default value.)"); + String consumerSecInput = scanner.next(); + if (consumerSecInput.trim().equals("d")) { + consumerSecret = Properties.consumerSecret; + } else { + consumerSecret = consumerSecInput.trim(); + } + /***************************** Finish obtaining input from user*******************************************/ + + /*********************** Perform registration of the client as an OAuth app***************************/ + try { + ConfigurationContext configContext = + ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); + OAuthAppRegisteringClient authAppRegisteringClient = new OAuthAppRegisteringClient( + Properties.oauthAuthzServerURL, Properties.adminUserName, Properties.adminPassword, configContext); + OAuthConsumerAppDTO appDTO = authAppRegisteringClient.registerApplication(appName, consumerId, consumerSecret); + /********************* Complete registering the client ***********************************************/ + System.out.println(""); + System.out.println("Registered OAuth app successfully. Following is app's details:"); + System.out.println("App Name: " + appDTO.getApplicationName()); + System.out.println("Consumer ID: " + appDTO.getOauthConsumerKey()); + System.out.println("Consumer Secret: " + appDTO.getOauthConsumerSecret()); + System.out.println(""); + + } catch (AiravataSecurityException e) { + e.printStackTrace(); + throw e; + } catch (Exception e) { + e.printStackTrace(); + throw e; + } + } else if (option == 2) { + System.out.println("Enter Consumer Id: "); + consumerId = scanner.next().trim(); + System.out.println("Enter Consumer Secret: "); + consumerSecret = scanner.next().trim(); + } //obtain OAuth access token /************************Start obtaining input from user*****************************/ - System.out.println("Obtaining OAuth access token via 'Resource Owner Password' grant type...."); - System.out.println("Please enter following information as you prefer, or use defaults."); - System.out.println("End user's name: (default:" + Properties.userName + - ", press 'd' to use default value.)"); - String userNameInput = scanner.next(); - String userName = null; - if (userNameInput.trim().equals("d")) { - userName = Properties.userName; + System.out.println("Please select the preferred grant type: (or press d to use the default option" + Properties.grantType + ")"); + System.out.println("1. Resource Owner Password Credential."); + System.out.println("2. Client Credential."); + + String grantTypeInput = scanner.next().trim(); + int grantType = 0; + if (grantTypeInput.equals("d")) { + grantType = Properties.grantType; } else { - userName = userNameInput.trim(); + grantType = Integer.valueOf(grantTypeInput); } - - System.out.println("End user's password: (default:" + Properties.password + ", press 'd' to use default value.)"); - String passwordInput = scanner.next(); + String userName = null; String password = null; - if (passwordInput.trim().equals("d")) { - password = Properties.password; - } else { - password = passwordInput.trim(); + if (grantType == 1) { + System.out.println("Obtaining OAuth access token via 'Resource Owner Password' grant type...."); + System.out.println("Please enter following information as you prefer, or use defaults."); + System.out.println("End user's name: (default:" + Properties.userName + + ", press 'd' to use default value.)"); + String userNameInput = scanner.next(); + if (userNameInput.trim().equals("d")) { + userName = Properties.userName; + } else { + userName = userNameInput.trim(); + } + + System.out.println("End user's password: (default:" + Properties.password + ", press 'd' to use default value.)"); + String passwordInput = scanner.next(); + if (passwordInput.trim().equals("d")) { + password = Properties.password; + } else { + password = passwordInput.trim(); + } + } else if (grantType == 2) { + System.out.println("Obtaining OAuth access token via 'Client Credential' grant type...' grant type...."); } + /***************************** Finish obtaining input from user*******************************************/ + try { + //obtain the OAuth token for the specified end user. + String accessToken = new OAuthTokenRetrievalClient().retrieveAccessToken(consumerId, consumerSecret, + userName, password, grantType); + System.out.println("OAuth access token is: " + accessToken); + System.out.println(""); - //obtain the OAuth token for the specified end user. - String accessToken = new OAuthTokenRetrievalClient().retrieveAccessToken(consumerId, consumerSecret, userName, - password); - System.out.println("OAuth access token obtained for the user: " + userName + " is: " + accessToken); - System.out.println(""); + //invoke Airavata API by the SecureClient, on behalf of the user. + System.out.println("Invoking Airavata API..."); + System.out.println("Enter the access token to be used: (default:" + accessToken + ", press 'd' to use default value.)"); + String accessTokenInput = scanner.next(); + String acTk = null; + if (accessTokenInput.trim().equals("d")) { + acTk = accessToken; + } else { + acTk = accessTokenInput.trim(); + } - //invoke Airavata API by the SecureClient, on behalf of the user. - System.out.println("Invoking Airavata API..."); - System.out.println("Enter the access token to be used: (default:" + accessToken + ", press 'd' to use default value.)"); - String accessTokenInput = scanner.next(); - String acTk = null; - if (accessTokenInput.trim().equals("d")) { - acTk = accessToken; - } else { - acTk = accessTokenInput.trim(); + Airavata.Client client = createAiravataClient(Properties.SERVER_HOST, Properties.SERVER_PORT); + AuthzToken authzToken = new AuthzToken(); + authzToken.setAccessToken(acTk); + Map<String, String> claimsMap = new HashMap<>(); + claimsMap.put("userName", "hasinitg"); + claimsMap.put("email", "[email protected]"); + authzToken.setClaimsMap(claimsMap); + String version = client.getAPIVersion(authzToken); + System.out.println("Airavata API version: " + version); + System.out.println(""); + } catch (InvalidRequestException e) { + e.printStackTrace(); + } catch (TException e) { + e.printStackTrace(); + } catch (AiravataSecurityException e) { + e.printStackTrace(); } - Airavata.Client client = createAiravataClient(Properties.SERVER_HOST, Properties.SERVER_PORT); - AuthzToken authzToken = new AuthzToken(); - authzToken.setAccessToken(acTk); - String version = client.getAPIVersion(authzToken); - System.out.println("Airavata API version: " + version); - System.out.println(""); } public static Airavata.Client createAiravataClient(String serverHost, int serverPort) throws - AiravataClientConnectException { - try { - Airavata.Client client = AiravataClientFactory.createAiravataClient(serverHost, serverPort); - return client; + AiravataClientException { + + //Airavata.Client client = AiravataClientFactory.createAiravataClient(serverHost, serverPort); + Airavata.Client client = AiravataClientFactory.createAiravataSecureClient(serverHost, serverPort, + Properties.TRUST_STORE_PATH, Properties.TRUST_STORE_PASSWORD, 10000); + return client; + - } catch (AiravataClientConnectException e) { - logger.error("Error while creating Airavata Client."); - throw e; - } } -} +} \ No newline at end of file
