SOA3 User Management Module

From Gcube Wiki
Jump to: navigation, search

Overview

User Management Module is the SOA3 utility for managing users, groups and roles information. It gives the possibility to perform CRUD operations locally and remotely on diverse data sources.

Key features

Extensibility
the module is composed by a core defining the most general operations, and several implementations modules to communicate with different data sources. Currently a LDAP and a Liferay based implementations are provided, but it is possible to add further implementations
Multiple interfaces
the core and the implementations are available as Java Libraries to be integrated with the software managing the data. Otherwise a RESTful interface is available to deploy the module as a standalone web service
High performance
User Management is called many times during the daily activities of the D4science e-Infrastructure and it is designed to scale on appropriate numbers, in particular using a LDAP directory as back-end, which is the suggested solution

Design

Philosophy

The architecture has been conceived as modular in order to obtain the maximum extensibility. In other words, after established the set of operations by which it is possible to efficiently manage users, groups and roles, the storage based implementations has been kept distinguished. This allows improvement and manageability of every single storage connector, and the possibility to add connectors to further data sources. SOAP and REST web interfaces give more than a possibility to manage users remotely.


Architecture

SOA3 User Management Module
  • UserManagement core provides the core CRUD operations for managing users, groups and roles information. In particular it exposes operation to:
    • create, read, update and delete users and user attributes
    • create, read, update and delete groups and group attributes
    • create, read, update and delete groups and group attributes
    • associate roles to an user
    • associate users to a group
  • LDAP Interface is the configurable module to use an LDAP directory as data source
  • Liferay Interface is a library for accessing Liferay 6.0.6 Portal [1] API for managing Liferay user list regardless the actual database used by Liferay
  • Web Services Interface, SOAP and RESTful exposes User Management core operations as web services

Deployment

Since User Management Module needs to be associated to a data source (LDAP or Liferay database), the single option is to deploy the module at infrastructure level. It should be contacted by SOA3 authorization module in order to load attributes. The following picture shows the deployment:

SOA3 User Management Module


Use Cases

User Management module covers different use cases inside gCube infrastructure.

Well suited Use Cases

It is possible to distinguish two use case categories:

  • portal related use cases
  • security related use cases

Portal related use cases concern the Portlets which needs the easy access to users related information.User Management Module's current production implementation, deployed in D4Science[2] infrastructure, uses Liferay database and is integrated in the portal: in this case user management core is directly called by Portlets in order to access required information. The final design decouples totally the module from other components: it is contacted only by web service providing the same functionalities.

Security related use cases involve SOA3 internal functionalities. In particular, in some use cases, SOA3 Authorization Module needs to access user data in order to obtain some attributes for taking authorization decisions.

Dynamic loading of attributes is also useful for accounting or SLA management purposes.

Notes

  1. http://www.liferay.com/
  2. http://www.d4science.org