1 package org.opensciencegrid.authz.client;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 import java.net.URL;
22 import java.util.ArrayList;
23
24 import org.apache.log4j.Category;
25
26 import org.opensaml.v1_0_1.SAMLSubject;
27
28 import org.opensciencegrid.authz.common.GridId;
29 import org.opensciencegrid.authz.common.LocalId;
30
31
32 public class SAMLAuthZClient {
33
34 /*** logging category */
35 static Category log = Category.getInstance(SAMLAuthZClient.class.getName());
36
37 public static void main(String[] args) {
38
39 try {
40
41 if(args.length<1) {
42 System.out.println("Usage: SAMLAuthZClient IdentityMappingServiceURL [desired identity]");
43 return;
44 }
45
46
47
48 URL identityMappingServiceContact = new java.net.URL(args[0]);
49
50
51 String desiredIdentity = null;
52
53 if(args.length>1) {
54
55 desiredIdentity = (args[1]);
56 }
57
58
59
60
61 String serviceName = "/DC=org/DC=doegrids/OU=Services/CN=gyoza7.fnal.gov";
62
63
64 String subjectName = System.getProperty("subject.dn");
65 if(subjectName==null || subjectName.length()==0) {
66 System.out.println("ERROR: you must supply a subject.dn system property");
67 return;
68 }
69
70 String fqan=System.getProperty("subject.fqan");
71 String fqanIssuer = "Test client ";
72
73 System.out.println("Requesting mapping for service resource "+serviceName);
74 System.out.println("with desired identity: "+desiredIdentity);
75 System.out.println("from identity mapping service at: "+identityMappingServiceContact);
76 System.out.println("my Subject DN is: "+subjectName);
77 System.out.println("my FQAN is: "+fqan+" Issuer: "+fqanIssuer);
78
79
80 GridId gridId = new GridId();
81 gridId.setUserDN(subjectName);
82 gridId.setHostDN(serviceName);
83 if(fqan!=null && fqan.length()>0) {
84 gridId.setUserFQAN(fqan);
85 gridId.setUserFQANIssuer(fqanIssuer);
86 }
87
88
89 GRIDIdentityMappingServiceClient mapClient = new GRIDIdentityMappingServiceClient(identityMappingServiceContact);
90 LocalId localId = mapClient.mapCredentials(gridId);
91
92
93 if (localId != null) {
94
95 System.out.println("Access may be granted with the following local identity qualifications:");
96
97 System.out.println("user name: " + localId.getUserName());
98 System.out.println("primary group name: " + localId.getGroupName());
99 System.out.println("supplemental group names: " + localId.getSupplementalGroupNames());
100 System.out.println("root directory: " + localId.getRootPath());
101 System.out.println("relative home directory: " + localId.getRelativeHomePath());
102
103 }
104 else {
105 System.out.println("Not authorized - no mapping could be retrieved");
106 }
107
108
109 } catch(Exception e) {
110 System.out.println("Caught exception: " +e.getMessage());
111 e.printStackTrace();
112 }
113 }
114
115
116 }