Difference between revisions of "Using credentials in Portlets and Servlets"

From Gcube Wiki
Jump to: navigation, search
Line 1: Line 1:
[[Image:Alert_icon2.gif]] ''THIS SECTION OF GCUBE DOCUMENTATION IS CURRENTLY UNDER UPDATE.''
+
{{UnderUpdate}}
  
 
'''How to use DILIGENT credentials in a ''Portlet'' / ''Servlet'''''
 
'''How to use DILIGENT credentials in a ''Portlet'' / ''Servlet'''''

Revision as of 09:49, 29 August 2008

Alert icon2.gif THIS SECTION OF GCUBE DOCUMENTATION IS CURRENTLY UNDER UPDATE.


How to use DILIGENT credentials in a Portlet / Servlet

Pre-development Actions

Patched Gridsphere

According to the DILIGENT requirements, the gridsphere portal needs to be customized in order to accomplish objectives not supported by the standard version of the gridpshere portal. We decided to perform this customization using ETICS tools: it create a new diligent-gridsphere starting from org.diligentproject.ext.gridsphere.2.2.7 configuration and applying on it all the patches developed and correctly inserted on the configuration, like for example org.diligentproject.portal.patch-VOMSintegration.

  1. ETICS checkouts from org.diligentproject.ext.gridsphere the 2.2.7 configuration
  2. ETICS checkouts also all the patches relied on the diligent-gridpshere configuration and apply them on it.Every patch needs a script executable to perform this action
  3. a new version of gridsphere, called diligent-gridsphere is then ready to be used.

Downloading Gridsphere

In order to enable security aspects in your portal, you have first to download from ETICS system ([1]) the diligent-gridsphere.HEAD tgz (org.diligentproject.portal.diligent-gridsphere). This configuration contains a gridsphere-2.2.7 portal patched with the org.diligentproject.portal.patch-VOMSintegration subsystem.

Diligent-gridpshere.png


Preparing environment for Diligent Gridsphere

In order to enable security aspects in your portal, before the deployment of the diligent-gridpshere you need to properly configure your machine. In particular, you need to

edit the gridsphere-2.2.7/webapps/gridsphere/WEB-INF/classes/PortalSecurity.properties: 
you need specify MYPROXY_HOST and MYPROXY_PORT, 
you need to specify a temporary directory used by voms-proxy-init command (PROXIES_DIR), 
an authorization service (AUTHZ_HOST=htt_p://grids03.eng.it:8080/wsrf/services/diligentproject/dvos/authorization/VOMSService). 

Then you need to configure your java keystore, specifying the

KEY_STORE ( a the host .p12 certificate), 
the KEY_STORE_TYPE( PKCS12 if you use a .p12). 
the KEY_STORE_PWD of the certificate, 
a TRUST_STORE path, 
the TRUST_STORE_PWD and 
the type of TRUST_STORE (default is TRUST_STORE_TYPE=JKS)

Using Credentials API

Available Methods


ExtendedGSSCredential getCredentials(PortletSession session)

  • You should use this method if you want to retrieve the credential from the portlet.
  • It returns a grid credential that you should pass to DIS or every other service that you want to use.

ExtendedGSSCredential getCredentials(HttpSession session)

  • You should use this method if you want to retrieve the credential from the servlet.
  • It returns a grid credential that you should pass to DIS or every other service that you want to use.

String getHttpScheme(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the schema that the user uses in order to communicate with the portal (http / https).

String getCurrentTab(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the name of user's current tab.

HashMap<String, String> getUserInfo(String sessionID)

  • It takes as parameter the sessionID.
  • It returns a HashMap with all the userInfo

String getDN(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the DN of the user credential.

String getCA(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the CA of the user credential.

String getCN(String sessionID)

  • It takes as parameter the sessionID.
  • It returns the CN of the user credential.

Useful Information


  1. The names of the tabs must be in the form of: /diligent/<VO name>/<DL name>. Otherwise the credential which will be retrieved won't be valid.Tab name.PNG
  2. UserInfo class, which is defined in package org.diligentproject.dvos.portal, is a singleton. So, if you want to retrieve the instance of this class, you must call the getInstance() method.

Sample Code


//Retrieving UserInfo instance:
UserInfo userInfo = UserInfo.getInstance();
//Retrieving current tab info:
String currentTab = userInfo.getCurrentTab(session.getId());
ExtendedGSSCredential credential = null;
try { //Retrieving credential:
    credential = userInfo.getCredentials(session);
}
catch (Exception e) {
    e.printStackTrace();
}
//Initializing DHLSClient:
DISHLSClient.init(System.getProperty("GLOBUS_LOCATION") + "/etc/org_diligentproject_keeperservice_hnm/" + "DISQueries.xml");

Imports


import org.diligentproject.dvos.portal.UserInfo; //In gridsphere-portal-2.2.jar
import org.diligentproject.informationservice.dishlsclient.impl.DISHLSClient; // In dishlsclient jar-file
import org.gridforum.jgss.ExtendedGSSCredential; // In ws-core libraries





--Valia 17:42, 25 May 2007 (EEST)