Difference between revisions of "GCube Clients Integration with security"
(→Use of the Library) |
|||
| Line 1: | Line 1: | ||
| + | [[Category:Developer's Guide]] | ||
__TOC__ | __TOC__ | ||
==Overview== | ==Overview== | ||
Revision as of 14:04, 25 July 2013
Overview
GCube Client Security is implemented by common-security library, based on the new FeatherWeightStack (FWS). An high level description of the library is provided in the section Client Security Library, while more details can be found in SOA3 Connector. This section describes how to set credentials in a gCube call, for both standalone clients and clients running in a GHN: in the latter case the container transparently sets the default credentials in the message. This default behavior can be overridden by code using the provided information.
Common Security Library
The library is composed by two jars:
-
common-security.jar -
gcube-security-utils.jar
both the jars are part of SOA3 connector and are part of the libraries of the container. They can also be used standalone because their only dependency is common-gcore-stub library, which is built on FWS stack.
The library provides two main interfaces:
-
CredentialManager -
Credentials
The Interface CredentialManager defines a singleton InheritableThreadLocal Object with methods to set', get and remove the credentials for the current Thread. The InheritableThreadLocal feature allows the inserted Credential to be valid for this thread and its descendents till the next call to the method set.
The interface Credentials defines the nature of the objects containing the actual credentials, several implementations are provided:
-
X509TLSCredentials, defining TLS and X509 based credential -
UserNamePasswordCredentials, for username/password based Message Level Security -
FederatedCredentials, for SAML Assertion ID based authentication -
X509CombinedCredentials, to be used in combination with another Credentials object to combine TLS with Message Level Security -
Base64EncodedCredentials, to be used in combination with another Credentials object to Base64 encode the Message Level Security data
Use of the Library
The Developer should only define the Credentials object and set it in the CredentialManager. The FWS, in the background, will add the Credentials just before sending the message. It is important to remember that in gCube infrastructure Message Level Security data must be Base64 encoded.
For example, let's suppose to implement a client for a gCube Service sample using the credentials Username=gCube, Password=gCube. The code is the following:
UserNamePasswordCredentials pureCredentials = new UserNamePasswordCredentials("gCube", "gCube".toCharArray());
Base64EncodedCredentials encodedCredentials = new Base64EncodedCredentials(pureCredentials); //Base64 encodes the credentials
CredentialManager.instance.set(encodedCredentials); //sets the credentials in the Credential Manager
stub = stubFor(stateless).at(URI.create("http://localhost:9999/wsrf/services/acme/sample/stateless")); // creates the stub
More information on the use of the Credentials implementations can be found in the javaDocs.
