Difference between revisions of "VOMS-API"
Andrea.turli (Talk | contribs) |
Andrea.turli (Talk | contribs) |
||
Line 9: | Line 9: | ||
* glite-security-voms-attributes-2.0.2.wsdl | * glite-security-voms-attributes-2.0.2.wsdl | ||
− | + | == VOMS Admin == | |
− | + | ||
VOMS-Admin interface is in charge for the administrative actions. Through this you can add/remove user, create/delete groups ecc. | VOMS-Admin interface is in charge for the administrative actions. Through this you can add/remove user, create/delete groups ecc. | ||
The VOMS-API library offers two different VOMSAdmin implementations. These two different implementation are basically useful to invoke VOMS admin interface from a gContainer of from a standard java client, VOMSADminGT4 or VOMSAdminImpl, respectively. | The VOMS-API library offers two different VOMSAdmin implementations. These two different implementation are basically useful to invoke VOMS admin interface from a gContainer of from a standard java client, VOMSADminGT4 or VOMSAdminImpl, respectively. | ||
+ | [[Image:VOMS-API.png]] | ||
+ | |||
+ | |||
These implementations wrap two different portTypes (standard and extende) to access these functionalities: | These implementations wrap two different portTypes (standard and extende) to access these functionalities: |
Revision as of 16:59, 18 May 2009
Contents
The VOMS-API library
The library offers a number of facilities for interacting with VOMS server. [Read More] This last version of this library allows to programmatically manage a VO in a VOMS server installation from both a generic Java client and a gcube service.
VOMS-API library allows to invoke 3 different VOMS wsdl-based web interfaces:
- glite-security-voms-admin-2.0.2.wsdl
- glite-security-voms-acl-2.0.2.wsdl
- glite-security-voms-attributes-2.0.2.wsdl
VOMS Admin
VOMS-Admin interface is in charge for the administrative actions. Through this you can add/remove user, create/delete groups ecc. The VOMS-API library offers two different VOMSAdmin implementations. These two different implementation are basically useful to invoke VOMS admin interface from a gContainer of from a standard java client, VOMSADminGT4 or VOMSAdminImpl, respectively.
These implementations wrap two different portTypes (standard and extende) to access these functionalities:
- the standard portType implements all the VOMS-Admin operations provided by glite-security-voms-admin-2.0.2.wsdl.
- the extended portType offers a number of customized gCube operations built on top of the standard one. Some operations are overloaded in order to simplify management of the users with a proxy certificate provided by gCube SimpleCA.
VOMSAdmin implementations
Both classes (VOMSAdminImpl and VOMSAdminGT4) can be instantiate in three different ways: by default they will use host credentials contained in /etc/grid-security/hostpubliccert.pem and /etc/grid-security/hostprivatekey.pem.
Alternatively a user can specify his own credentials:
- a user can specify CLIENT creds by indicating the triple (CLIENT_CERT, CLIENT_KEY, CLIENT_PWD) or
- a user can specify CLIENT creds by indicating a CLIENT_PROXY, that's a proxy certificate of the pem cerficates.
Sample usage
These two classes are, respectively, a usage example of VOMSAdminImpl class and CredentialsManagerImpl.
Usage Examples from inside a gContainer
User user = new User(); user.setDN(dn); user.setCA(ca); user.setCN(username); user.setMail(email); VOMSAdminGT4 vomsAdminGT4 = new VOMSAdminGT4("/path/to/vomsAPI.properties"); // credentials ((Stub) vomsAdminGT4)._setProperty(GSIConstants.GSI_CREDENTIALS, credentials); // Authentication method ((Stub) vomsAdminGT4)._setProperty(org.globus.wsrf.impl.security.authentication.Constants.GSI_TRANSPORT, org.globus.wsrf.impl.security.authentication.Constants.ENCRYPTION); // delegation ((Stub) vomsAdminGT4)._setProperty(GSIConstants.GSI_MODE, GSIConstants.GSI_MODE_NO_DELEG); // set Context lifetime ((Stub) vomsAdminGT4)._setProperty(org.globus.wsrf.impl.security.authentication.Constants.CONTEXT_LIFETIME, 300); try { // create a standard user in VOMS vomsAdminGT4.getPortType().createUser(user); logger.info("User created with CN " + username + " with DN " + dn + " with CA " + ca + " with mail " + email); } catch (Exception e) { e.printStackTrace(); throw e; } try { // create a onLineCA user in VOMS vomsAdminGT4.getExtendedPortType().createOnlineCAUser(username, mail) logger.info("User created with CN " + username + " with DN " + dn + " with CA " + ca + " with mail " + email); } catch (Exception e) { e.printStackTrace(); throw e; }
Usage Examples from inside a gContainer
User user = new User(); user.setDN(dn); user.setCA(ca); user.setCN(username); user.setMail(email); VOMSAdminImpl vomsAdmin = new VOMSAdminImpl("/path/to/vomsAPI.properties"); // create a standar user in VOMS System.out.println("Create user with username: " + userName + ", mail: " + mail); vomsAdmin.getPortType().createUser(user); // create a onLineCA user in VOMS System.out.println("Create OnLineCA user with username: " + userName + ", mail: " + mail); vomsAdmin.getExtendedPortType().createOnlineCAUser(userName, mail);
CredentialsManagerImpl
This class provides a method to retrieve user's credentials. It manages communication with MyProxyCA server to generate simple credentials for the username provided and some operations are overloaded in order to simplify management of the users with a proxy certificate provided by gCube SimpleCA.
Usage Examples
//Retrieves ExtendedGSSCredential from MyProxy server with VOMS Attributes (roles, groups) attached System.out.print("Retrieve Credentials from MyProxy with VOMS attributes:"); ExtendedGSSCredential cred; try { cred = manager.getCredentials(userName, pwd, groupName); if (cred != null) { byte[] data = cred.export(ExtendedGSSCredential.IMPEXP_OPAQUE); File file = new File(proxyFile); file.createNewFile(); FileOutputStream out = new FileOutputStream(proxyFile, false); out.write(data); out.close(); System.out.println("Credentials for " + userName + " are correctly retrieved and stored in "); System.out.println("\t" + proxyFile + "."); } } catch (Exception e) { e.printStackTrace(); }