ASL HTTP InfrastructureLogin

From Gcube Wiki
Jump to: navigation, search

The ASL HTTP Infrastructure login component is part of the HTTP Front End Framework and provides functionality for authenticating and logging in the users to the gCube system. It follows the framework principles for data interchange formats, error handling and context management, supporting both JSON and XML, using the common framework utilities for user authentication and HTTP error responses and following the coding guidelines. This component, interacts with the ASL level of the integration and interoperability framework for using the authentication modules that are integrated in it.

This component is used for named access of users to the system. In this mode, the user needs to login to the system and to an Infrastructure scope and continue interacting with the application over HTTP without having to pass the contextual information in every request submitted. Moreover, she can use personalized benefits in the cases of functionalities interacting with gCube personalization services. The features provided are listed as follows:

User authentication – logging in Infrastructure

The user can login to the infrastructure using credentials, to access personalized system benefits during HTTP interaction. The corresponding servlet receives the user's credential (username - password) and communicates with LDAP. It makes use of status codes and HTTP headers for managing the security policy. In case of denied credentials it returns an SC_UANUTHORIZED status code to the client. Both BASIC and Form-based authentication methods are implemented and they base on the basic authorization scheme that requires the string of the Authorization header to contain the string "username:password" in Base64.

The Infrastructure Login component makes use of the built in session mechanism of ASL, to allow intercommunication between different asl HTTP application deployed in the same node. When the user has logged in to the system through the Login servlet, the session is returned inside an XML response and all the following URL - encoded requests must contain it. This means that the user can make the named calls using URL rewriting by sending the session as part of a rewritten URK, encoded using a jsessionid path parameter.

An example of an XML response returning the session id is presented bellow:

 
<?xml version="1.0" encoding="UTF-8"?>
    <SessionID>
        <jsessionid>6751BF9588491D6EB853096C84B3671F</jsessionid>
    </SessionID>

Listing of infrastructure scopes

The user can get the list of the infrastructure scopes by making a GET request to the ListInfrastructureScopes servlet of the InfrastructureLogin set of services. The servlet reads from VOMS the groups for the user (or all the groups allowed for anonymous access, in case the user hasn't logged in before). An xml file, listing the information about the VO/VREs is rendered as a response to the user. There is an option for the client to add also a 'details' parameter, set to true. In that case, more information about each virtual environment is included in the response.

<source lang=xml>
<?xml version="1.0" encoding="UTF-8"?><VOs-VREs><VRE>/d4science.research-infrastructures.eu/FARM/AquaMaps</VRE><VRE>/d4science.research-infrastructures.eu/Ecosystem/DRIVER</VRE><VRE>/d4science.research-infrastructures.eu/Ecosystem/EM</VRE><VRE>/d4science.research-infrastructures.eu/FARM/FCPPS</VRE><VRE>/d4science.research-infrastructures.eu/Ecosystem/HEPGateway</VRE><VRE>/d4science.research-infrastructures.eu/FARM/ICIS</VRE><VRE>/d4science.research-infrastructures.eu/Ecosystem/TryIt</VRE><VO>/d4science.research-infrastructures.eu/Ecosystem</VO><VO>/d4science.research-infrastructures.eu/FARM</VO><VO>/d4science.research-infrastructures.eu</VO></VOs-VREs>
</source>
<source lang=xml>
<?xml version="1.0" encoding="UTF-8"?><VOs-VREs><Item scope="/d4science.research-infrastructures.eu/FARM/AquaMaps"><Name>AquaMaps</Name><Type>VRE</Type><ParentItem>/d4science.research-infrastructures.eu/FARM</ParentItem><Description><STRONG>AquaMaps Virtual Research Environment</STRONG> <p></p> AquaMaps is a VRE designed to provide fisheries and aquaculture scientists with <B>AquaMaps</B> objects produced by D4Science. AquaMaps are predictive documents resulting in Earth maps enriched thus to show the likelihood that a certain species or a combination of species will live in specific regions or areas. AquaMaps are very important documents for species assessment. The AquaMaps collections have been generate by processing the data of 9154 Species and 56,468,301 Entries about (Species,CSquareCode,Probability) representing the probability of occurrence of species in specific areas. Starting from this data source 5 collections have been generated by properly filtering, grouping and rendering these data: <UL> <LI> <B><I>'Species Maps'</I></B> consisting of 9037 compound objects, <LI> <B><I>'Family Maps'</I></B> consisting of 715 compound objects, <LI> <B><I>'Order Maps'</I></B> consisting of 132 compound objects, <LI> <B><I>'Class Maps'</I></B> consisting of 42 compound objects and <LI> <B><I>'Phylum maps'</I></B> consisting of 13 compound objects. </UL> Each of such collection contains <B><I>compound objects consisting of 15 images</I></B> (a 2D map of the whole Earth plus 2 3D views for the Poles, 6 3D views for the Continents, and 6 3D views for the Oceans) with the relative metadata. <p></p> From a functional point of view this environment supports: <UL> <LI> the discovery of these compound information objects through <B><I>browsing</I></B>, <B><I>simple</I></B> and <B><I>advanced search</I></B>; <LI> the collaboration through a <B><I>shared workspace</I></B>; <LI> the collaboration through <B><I>annotations</I></B>; <LI> the <B><I>collaborative production of reports</I></B>, i.e. enhanced publications produced through the VRE support. </UL></Description></Item><Item scope="/d4science.research-infrastructures.eu/Ecosystem/DRIVER"><Name>DRIVER</Name><Type>VRE</Type><ParentItem>/d4science.research-infrastructures.eu/Ecosystem</ParentItem><Description>The DRIVER VRE, By exploiting the search capabilities provided by DRIVER,  can access the network of a great number of digital repositories with content across academic disciplines with over 2.500.000 scientific publication found in journal articles, disserations, books, lectures, reports, etc., harversted regularly from 249 repositories from 33 countries. Furthermore the access to the  enhanced publications  (mostly including several files of different formats, often archived in different places), which allow to discover related objects, are available to D4Science through DRIVER search operations.</Description></Item><Item scope="/d4science.research-infrastructures.eu/Ecosystem/EM"><Name>EM</Name><Type>VRE</Type><ParentItem>/d4science.research-infrastructures.eu/Ecosystem</ParentItem><Description>EM</Description></Item><Item scope="/d4science.research-infrastructures.eu/Ecosystem"><Name>Ecosystem</Name><Type>VO</Type><ParentItem>/d4science.research-infrastructures.eu</ParentItem><Description>Description for Ecosystem</Description></Item><Item scope="/d4science.research-infrastructures.eu/FARM"><Name>FARM</Name><Type>VO</Type><ParentItem>/d4science.research-infrastructures.eu</ParentItem><Description>Description for FARM</Description></Item><Item scope="/d4science.research-infrastructures.eu/FARM/FCPPS"><Name>FCPPS</Name><Type>VRE</Type><ParentItem>/d4science.research-infrastructures.eu/FARM</ParentItem><Description><STRONG>Fishery Country Profiles Production System (FCPPS) Virtual Research Environment</STRONG> <p></p> This Virtual Research Environment is for <B>fisheries</B> and <B>aquaculture</B> authors, managers and researchers who produce reports containing country-level data. The FCPPS is a Virtual Research Environment that manages access to multiple data sources divided by domain, including their annotation and versioning and permits production of structured text, tables, charts and graphs from these sources to be easily inserted into <B>custom reporting templates</B> that can be output in multiple formats. Unlike Microsoft Office this VRE has a workflow and structured data that <B>enables collaboration, annotation and versioning</B> of the underlying data sources that make up the final product. It enforces a structured process and structured data while allowing users flexibility in actual content generation.</Description></Item><Item scope="/d4science.research-infrastructures.eu/Ecosystem/HEPGateway"><Name>HEPGateway</Name><Type>VRE</Type><ParentItem>/d4science.research-infrastructures.eu/Ecosystem</ParentItem><Description>Write the Virtual Research Environment description here</Description></Item><Item scope="/d4science.research-infrastructures.eu/FARM/ICIS"><Name>ICIS</Name><Type>VRE</Type><ParentItem>/d4science.research-infrastructures.eu/FARM</ParentItem><Description><b>Integrated Capture Information System (ICIS)VRE</b><br/><b><i>Purpose</i></b>: Facilitate the collection, curation and dissimination of Fisheries statistics<br/><b><i>Target audience</i></b>: Fishery statisticians, marine biologists<br/><b><i>Implementation</i></b>:<br/>ICIS offers fisheries statisticians a set of tools to manage their data.Statisticians produce statistics from often very different data sources, and need a controlled process for the ingestion, validation, transformation, comparison and exploitation of statistical data for the fisheries captures domain. There is a need to:<ul><li> Collect and analyze capture data; </li><li> Check and control data and data-quality;</li><li> Produce uniform data-sets for consumption by outside clients, such as the FishStatJ application;</li><li> Provide an authoritative data-repository for fisheries data. </li></ul><br/>Also, there is a growing interest to share data and use statistical data in other use-scenarios, such as spatial analysis or reporting. The D4Science grid e-Infrastructure offers not only collaborative and computing advantages, but also promises to ease the difficult transformations from one reporting framework to another.</Description></Item></VOs-VREs></source>

Logging in an Infrastructure scope

To access the resources of a VO/VRE in all requests to the HTTP Front End layer, the user needs to gain access to the respective scope. In named access mode this can be achieved with an HTTP request to the LoginScope servlet.