Using credentials in Portlets and Servlets
THIS SECTION OF GCUBE DOCUMENTATION IS OUTDATED.
How to use DILIGENT credentials in a Portlet / Servlet
Contents
- 1 Pre-development Actions
- 2 Using Credentials API
- 2.1 Available Methods
- 2.1.1 ExtendedGSSCredential getCredentials(PortletSession session)
- 2.1.2 ExtendedGSSCredential getCredentials(HttpSession session)
- 2.1.3 String getHttpScheme(String sessionID)
- 2.1.4 String getCurrentTab(String sessionID)
- 2.1.5 HashMap<String, String> getUserInfo(String sessionID)
- 2.1.6 String getDN(String sessionID)
- 2.1.7 String getCA(String sessionID)
- 2.1.8 String getCN(String sessionID)
- 2.2 Useful Information
- 2.3 Sample Code
- 2.4 Imports
- 2.1 Available Methods
Pre-development Actions
Patched Gridsphere
According to the DILIGENT requirements, the gridsphere portal needs to be customized in order to accomplish objectives not supported by the standard version of the gridpshere portal. We decided to perform this customization using ETICS tools: it create a new diligent-gridsphere starting from org.diligentproject.ext.gridsphere.2.2.7 configuration and applying on it all the patches developed and correctly inserted on the configuration, like for example org.diligentproject.portal.patch-VOMSintegration.
- ETICS checkouts from org.diligentproject.ext.gridsphere the 2.2.7 configuration
- ETICS checkouts also all the patches relied on the diligent-gridpshere configuration and apply them on it.Every patch needs a script executable to perform this action
- a new version of gridsphere, called diligent-gridsphere is then ready to be used.
Downloading Gridsphere
In order to enable security aspects in your portal, you have first to download from ETICS system ([1]) the diligent-gridsphere.HEAD tgz (org.diligentproject.portal.diligent-gridsphere). This configuration contains a gridsphere-2.2.7 portal patched with the org.diligentproject.portal.patch-VOMSintegration subsystem.
Preparing environment for Diligent Gridsphere
In order to enable security aspects in your portal, before the deployment of the diligent-gridpshere you need to properly configure your machine. In particular, you need to
edit the gridsphere-2.2.7/webapps/gridsphere/WEB-INF/classes/PortalSecurity.properties: you need specify MYPROXY_HOST and MYPROXY_PORT, you need to specify a temporary directory used by voms-proxy-init command (PROXIES_DIR), an authorization service (AUTHZ_HOST=htt_p://grids03.eng.it:8080/wsrf/services/diligentproject/dvos/authorization/VOMSService).
Then you need to configure your java keystore, specifying the
KEY_STORE ( a the host .p12 certificate), the KEY_STORE_TYPE( PKCS12 if you use a .p12). the KEY_STORE_PWD of the certificate, a TRUST_STORE path, the TRUST_STORE_PWD and the type of TRUST_STORE (default is TRUST_STORE_TYPE=JKS)
Using Credentials API
Available Methods
ExtendedGSSCredential getCredentials(PortletSession session)
- You should use this method if you want to retrieve the credential from the portlet.
- It returns a grid credential that you should pass to DIS or every other service that you want to use.
ExtendedGSSCredential getCredentials(HttpSession session)
- You should use this method if you want to retrieve the credential from the servlet.
- It returns a grid credential that you should pass to DIS or every other service that you want to use.
String getHttpScheme(String sessionID)
- It takes as parameter the sessionID.
- It returns the schema that the user uses in order to communicate with the portal (http / https).
String getCurrentTab(String sessionID)
- It takes as parameter the sessionID.
- It returns the name of user's current tab.
HashMap<String, String> getUserInfo(String sessionID)
- It takes as parameter the sessionID.
- It returns a HashMap with all the userInfo
String getDN(String sessionID)
- It takes as parameter the sessionID.
- It returns the DN of the user credential.
String getCA(String sessionID)
- It takes as parameter the sessionID.
- It returns the CA of the user credential.
String getCN(String sessionID)
- It takes as parameter the sessionID.
- It returns the CN of the user credential.
Useful Information
- The names of the tabs must be in the form of: /diligent/<VO name>/<DL name>. Otherwise the credential which will be retrieved won't be valid.
- UserInfo class, which is defined in package org.diligentproject.dvos.portal, is a singleton. So, if you want to retrieve the instance of this class, you must call the getInstance() method.
Sample Code
//Retrieving UserInfo instance: UserInfo userInfo = UserInfo.getInstance(); //Retrieving current tab info: String currentTab = userInfo.getCurrentTab(session.getId()); ExtendedGSSCredential credential = null; try { //Retrieving credential: credential = userInfo.getCredentials(session); } catch (Exception e) { e.printStackTrace(); } //Initializing DHLSClient: DISHLSClient.init(System.getProperty("GLOBUS_LOCATION") + "/etc/org_diligentproject_keeperservice_hnm/" + "DISQueries.xml");
Imports
import org.diligentproject.dvos.portal.UserInfo; //In gridsphere-portal-2.2.jar import org.diligentproject.informationservice.dishlsclient.impl.DISHLSClient; // In dishlsclient jar-file import org.gridforum.jgss.ExtendedGSSCredential;// In ws-core libraries
--Valia 17:42, 25 May 2007 (EEST)