Difference between revisions of "Using credentials in Portlets and Servlets"

From Gcube Wiki
Jump to: navigation, search
(Sample Code)
 
(28 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{{Outdated}}
 +
 
'''How to use DILIGENT credentials in a ''Portlet'' / ''Servlet'''''
 
'''How to use DILIGENT credentials in a ''Portlet'' / ''Servlet'''''
  
 
==Pre-development Actions==
 
==Pre-development Actions==
===Patching GridSphere===
+
===Patched Gridsphere===
In order to use credentials you have first to patch gridSphere so as to enable it to consume DILIGENT Credentials.<br>
+
According to the DILIGENT requirements, the gridsphere portal needs to be customized in order to accomplish objectives not supported by the standard version of the gridpshere portal. We decided to perform this customization using ETICS tools: it create a new diligent-gridsphere starting from org.diligentproject.ext.gridsphere.2.2.7 configuration and applying on it all the patches developed and correctly inserted on the configuration, like for example  org.diligentproject.portal.patch-VOMSintegration.
''(info to be added...)''
+
 
 +
# ETICS checkouts from org.diligentproject.ext.gridsphere the 2.2.7 configuration
 +
# ETICS checkouts also all the patches relied on the diligent-gridpshere configuration and apply them on it.Every patch needs a script executable to perform this action
 +
# a new version of gridsphere, called diligent-gridsphere is then ready to be used.
 +
===Downloading Gridsphere===
 +
In order to enable security aspects in your portal, you have first to download from ETICS system ([https://etics.cern.ch:8443/etics/]) the diligent-gridsphere.HEAD tgz (org.diligentproject.portal.diligent-gridsphere).
 +
This configuration contains a gridsphere-2.2.7 portal patched with the org.diligentproject.portal.patch-VOMSintegration subsystem.
 +
 
 +
[[Image:Diligent-gridpshere.png]]
 +
 
 +
----
 +
 
 +
===Preparing environment for Diligent Gridsphere===
 +
In order to enable security aspects in your portal, before the deployment of the diligent-gridpshere you need to properly configure your machine. In particular, you need to
 +
<pre>
 +
edit the gridsphere-2.2.7/webapps/gridsphere/WEB-INF/classes/PortalSecurity.properties:
 +
you need specify MYPROXY_HOST and MYPROXY_PORT,
 +
you need to specify a temporary directory used by voms-proxy-init command (PROXIES_DIR),
 +
an authorization service (AUTHZ_HOST=htt_p://grids03.eng.it:8080/wsrf/services/diligentproject/dvos/authorization/VOMSService).
 +
</pre>
 +
Then you need to configure your java keystore, specifying the
 +
<pre>
 +
KEY_STORE ( a the host .p12 certificate),
 +
the KEY_STORE_TYPE( PKCS12 if you use a .p12).  
 +
the KEY_STORE_PWD of the certificate,
 +
a TRUST_STORE path,
 +
the TRUST_STORE_PWD and
 +
the type of TRUST_STORE (default is TRUST_STORE_TYPE=JKS)
 +
</pre>
 +
----
 +
 
 
==Using Credentials API==
 
==Using Credentials API==
 
===Available Methods===
 
===Available Methods===
 +
----
 +
 
====ExtendedGSSCredential  getCredentials(PortletSession session)====
 
====ExtendedGSSCredential  getCredentials(PortletSession session)====
 
*You should use this method if you want to retrieve the credential from the '''''portlet'''''.
 
*You should use this method if you want to retrieve the credential from the '''''portlet'''''.
Line 31: Line 65:
 
*It takes as parameter the sessionID.
 
*It takes as parameter the sessionID.
 
*It returns the CN of the user credential.
 
*It returns the CN of the user credential.
 +
 
===Useful Information===
 
===Useful Information===
 +
----
 
#The names of the tabs must be in the form of: ''/diligent/'''&lt;VO name&gt;'''/'''&lt;DL name&gt;'''''. Otherwise the credential which will be retrieved won't be valid.[[Image:Tab_name.PNG]]
 
#The names of the tabs must be in the form of: ''/diligent/'''&lt;VO name&gt;'''/'''&lt;DL name&gt;'''''. Otherwise the credential which will be retrieved won't be valid.[[Image:Tab_name.PNG]]
 
#'''''UserInfo''''' class, which is defined in package '''''org.diligentproject.dvos.portal''''', is a [http://en.wikipedia.org/wiki/Singleton_pattern singleton]. So, if you want to retrieve the instance of this class, you must call the '''''getInstance()''''' method.
 
#'''''UserInfo''''' class, which is defined in package '''''org.diligentproject.dvos.portal''''', is a [http://en.wikipedia.org/wiki/Singleton_pattern singleton]. So, if you want to retrieve the instance of this class, you must call the '''''getInstance()''''' method.
 +
 
===Sample Code===
 
===Sample Code===
<code border='1'><span style="color:green">//Retrieving UserInfo instance:</span><br>
+
----
UserInfo userInfo = UserInfo.getInstance();<br>
+
<source lang="java5">//Retrieving UserInfo instance:
<span style="color:green">//Retrieving current tab info:</span><br>
+
UserInfo userInfo = UserInfo.getInstance();
String currentTab = userInfo.getCurrentTab(session.getId());<br>
+
//Retrieving current tab info:
ExtendedGSSCredential credential = null; <br>
+
String currentTab = userInfo.getCurrentTab(session.getId());
try { <span style="color:green">//Retrieving credential:</span><br>
+
ExtendedGSSCredential credential = null;  
&nbsp;&nbsp;&nbsp;&nbsp;credential = userInfo.getCredentials(session);<br>
+
try { //Retrieving credential:
}<br>
+
    credential = userInfo.getCredentials(session);
catch (Exception e) {<br>
+
}
&nbsp;&nbsp;&nbsp;&nbsp;e.printStackTrace();<br>
+
catch (Exception e) {
}<br>
+
    e.printStackTrace();
<span style="color:green">//Initializing DHLSClient:</span><br>
+
}
DISHLSClient.init(System.getProperty("GLOBUS_LOCATION") + "/etc/org_diligentproject_keeperservice_hnm/" + "DISQueries.xml");<br>
+
//Initializing DHLSClient:
</code>
+
DISHLSClient.init(System.getProperty("GLOBUS_LOCATION") + "/etc/org_diligentproject_keeperservice_hnm/" + "DISQueries.xml");
 +
</source>
  
 
===Imports===
 
===Imports===
<code>'''import''' org.diligentproject.dvos.portal.UserInfo; <span style="color:green">//In gridsphere-portal-2.2.jar</span><br>
+
----
'''import''' org.diligentproject.informationservice.dishlsclient.impl.DISHLSClient; <span style="color:green">// In dishlsclient jar-file</span><br>
+
 
'''import''' org.gridforum.jgss.ExtendedGSSCredential; <span style="color:green">// In ws-core libraries</span><br>
+
<source lang="java5">import org.diligentproject.dvos.portal.UserInfo; //In gridsphere-portal-2.2.jar
</code>
+
import org.diligentproject.informationservice.dishlsclient.impl.DISHLSClient; // In dishlsclient jar-file
 +
import org.gridforum.jgss.ExtendedGSSCredential;// In ws-core libraries
 +
</source>
 +
 
 +
 
 +
 
 +
 
 +
----
 +
----
 +
--[[User:Valia|Valia]] 17:42, 25 May 2007 (EEST)

Latest revision as of 15:02, 11 March 2011

Alert icon2.gif THIS SECTION OF GCUBE DOCUMENTATION IS OUTDATED.


How to use DILIGENT credentials in a Portlet / Servlet

Pre-development Actions

Patched Gridsphere

According to the DILIGENT requirements, the gridsphere portal needs to be customized in order to accomplish objectives not supported by the standard version of the gridpshere portal. We decided to perform this customization using ETICS tools: it create a new diligent-gridsphere starting from org.diligentproject.ext.gridsphere.2.2.7 configuration and applying on it all the patches developed and correctly inserted on the configuration, like for example org.diligentproject.portal.patch-VOMSintegration.

  1. ETICS checkouts from org.diligentproject.ext.gridsphere the 2.2.7 configuration
  2. ETICS checkouts also all the patches relied on the diligent-gridpshere configuration and apply them on it.Every patch needs a script executable to perform this action
  3. a new version of gridsphere, called diligent-gridsphere is then ready to be used.

Downloading Gridsphere

In order to enable security aspects in your portal, you have first to download from ETICS system ([1]) the diligent-gridsphere.HEAD tgz (org.diligentproject.portal.diligent-gridsphere). This configuration contains a gridsphere-2.2.7 portal patched with the org.diligentproject.portal.patch-VOMSintegration subsystem.

Diligent-gridpshere.png


Preparing environment for Diligent Gridsphere

In order to enable security aspects in your portal, before the deployment of the diligent-gridpshere you need to properly configure your machine. In particular, you need to

edit the gridsphere-2.2.7/webapps/gridsphere/WEB-INF/classes/PortalSecurity.properties: 
you need specify MYPROXY_HOST and MYPROXY_PORT, 
you need to specify a temporary directory used by voms-proxy-init command (PROXIES_DIR), 
an authorization service (AUTHZ_HOST=htt_p://grids03.eng.it:8080/wsrf/services/diligentproject/dvos/authorization/VOMSService). 

Then you need to configure your java keystore, specifying the

KEY_STORE ( a the host .p12 certificate), 
the KEY_STORE_TYPE( PKCS12 if you use a .p12). 
the KEY_STORE_PWD of the certificate, 
a TRUST_STORE path, 
the TRUST_STORE_PWD and 
the type of TRUST_STORE (default is TRUST_STORE_TYPE=JKS)

Using Credentials API

Available Methods


ExtendedGSSCredential getCredentials(PortletSession session)

  • You should use this method if you want to retrieve the credential from the portlet.
  • It returns a grid credential that you should pass to DIS or every other service that you want to use.

ExtendedGSSCredential getCredentials(HttpSession session)

  • You should use this method if you want to retrieve the credential from the servlet.
  • It returns a grid credential that you should pass to DIS or every other service that you want to use.

String getHttpScheme(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the schema that the user uses in order to communicate with the portal (http / https).

String getCurrentTab(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the name of user's current tab.

HashMap<String, String> getUserInfo(String sessionID)

  • It takes as parameter the sessionID.
  • It returns a HashMap with all the userInfo

String getDN(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the DN of the user credential.

String getCA(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the CA of the user credential.

String getCN(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the CN of the user credential.

Useful Information


  1. The names of the tabs must be in the form of: /diligent/<VO name>/<DL name>. Otherwise the credential which will be retrieved won't be valid.Tab name.PNG
  2. UserInfo class, which is defined in package org.diligentproject.dvos.portal, is a singleton. So, if you want to retrieve the instance of this class, you must call the getInstance() method.

Sample Code


//Retrieving UserInfo instance:
UserInfo userInfo = UserInfo.getInstance();
//Retrieving current tab info:
String currentTab = userInfo.getCurrentTab(session.getId());
ExtendedGSSCredential credential = null; 
try { //Retrieving credential:
    credential = userInfo.getCredentials(session);
}
catch (Exception e) {
    e.printStackTrace();
}
//Initializing DHLSClient:
DISHLSClient.init(System.getProperty("GLOBUS_LOCATION") + "/etc/org_diligentproject_keeperservice_hnm/" + "DISQueries.xml");

Imports


import org.diligentproject.dvos.portal.UserInfo; //In gridsphere-portal-2.2.jar
import org.diligentproject.informationservice.dishlsclient.impl.DISHLSClient; // In dishlsclient jar-file
import org.gridforum.jgss.ExtendedGSSCredential;// In ws-core libraries





--Valia 17:42, 25 May 2007 (EEST)