Difference between revisions of "ASL HTTP InfrastructureLogin"

From Gcube Wiki
Jump to: navigation, search
(User authentication – logging in Infrastructure)
(Listing of infrastructure scopes)
Line 19: Line 19:
  
 
== Listing of infrastructure scopes ==
 
== Listing of infrastructure scopes ==
 +
The user can get the list of the infrastructure scopes by making a GET request to the ListInfrastructureScopes servlet of the InfrastructureLogin set of services. The servlet reads from VOMS the groups for the user (or all the groups allowed for anonymous access, in case the user hasn't logged in before). An xml file, listing the information about the VO/VREs is rendered as a response to the user. There is an option for the client to add also a 'details' parameter, set to true. In that case, more information about each virtual environment is included in the response.
 +
 
== Logging in an Infrastructure scope ==
 
== Logging in an Infrastructure scope ==

Revision as of 15:48, 31 August 2012

The ASL HTTP Infrastructure login component is part of the HTTP Front End Framework and provides functionality for authenticating and logging in the users to the gCube system. It follows the framework principles for data interchange formats, error handling and context management, supporting both JSON and XML, using the common framework utilities for user authentication and HTTP error responses and following the coding guidelines. This component, interacts with the ASL level of the integration and interoperability framework for using the authentication modules that are integrated in it.

This component is used for named access of users to the system. In this mode, the user needs to login to the system and to an Infrastructure scope and continue interacting with the application over HTTP without having to pass the contextual information in every request submitted. Moreover, she can use personalized benefits in the cases of functionalities interacting with gCube personalization services. The features provided are listed as follows:

User authentication – logging in Infrastructure

The user can login to the infrastructure using credentials, to access personalized system benefits during HTTP interaction. The corresponding servlet receives the user's credential (username - password) and communicates with LDAP. It makes use of status codes and HTTP headers for managing the security policy. In case of denied credentials it returns an SC_UANUTHORIZED status code to the client. Both BASIC and Form-based authentication methods are implemented and they base on the basic authorization scheme that requires the string of the Authorization header to contain the string "username:password" in Base64.

The Infrastructure Login component makes use of the built in session mechanism of ASL, to allow intercommunication between different asl HTTP application deployed in the same node. When the user has logged in to the system through the Login servlet, the session is returned inside an XML response and all the following URL - encoded requests must contain it. This means that the user can make the named calls using URL rewriting by sending the session as part of a rewritten URK, encoded using a jsessionid path parameter.

An example of an XML response returning the session id is presented bellow:

 
<?xml version="1.0" encoding="UTF-8"?>
    <SessionID>
        <jsessionid>6751BF9588491D6EB853096C84B3671F</jsessionid>
    </SessionID>

Listing of infrastructure scopes

The user can get the list of the infrastructure scopes by making a GET request to the ListInfrastructureScopes servlet of the InfrastructureLogin set of services. The servlet reads from VOMS the groups for the user (or all the groups allowed for anonymous access, in case the user hasn't logged in before). An xml file, listing the information about the VO/VREs is rendered as a response to the user. There is an option for the client to add also a 'details' parameter, set to true. In that case, more information about each virtual environment is included in the response.

Logging in an Infrastructure scope