SAMLAuthZClient xref

View Javadoc

1   package org.opensciencegrid.authz.client;
2   
3   /*
4   
5   A client class for SAML Authorization mechanism
6   
7   Author:  Markus Lorch
8   Project: OpenScienceGrid Privilege
9   Date:    2004-11-16
10  
11  changes: 2005-01-04  modified interfaces to opensaml to use stock opensaml 1.0.1
12                       added use of separate osg-opensaml-extension package
13  
14           2005-01-07  moved away from Globus depenencies to new WS client stub
15           2005-01-08  code cleanup, moved general SAML utility functions to saml.SAMLUtil
16           2005-01-18  added system properties for subject.dn and subject.fqan (for testing)
17           2005-01-24  completely rewritten, most logic moved into the SAMLAuthZClientBased class
18  
19  */
20  
21  import java.net.URL;
22  import java.util.ArrayList;
23  
24  import org.apache.log4j.Category; // logging system
25  
26  import org.opensaml.v1_0_1.SAMLSubject;
27  
28  import org.opensciencegrid.authz.common.GridId;
29  import org.opensciencegrid.authz.common.LocalId;
30  
31  
32  public class SAMLAuthZClient {
33  
34      /*** logging category */
35      static Category log = Category.getInstance(SAMLAuthZClient.class.getName());
36  
37      public static void main(String[] args) {
38      
39        try {
40         
41          if(args.length<1) {
42            System.out.println("Usage: SAMLAuthZClient  IdentityMappingServiceURL  [desired identity]");      
43            return;
44          }
45  
46          // parse identity mapping service URL from command line
47          // this should come from a configuration file
48          URL identityMappingServiceContact = new java.net.URL(args[0]);
49    
50          // not used in this version, needed for storage
51          String desiredIdentity = null;
52   
53          if(args.length>1) { 
54             // set if user specified desired local identity 
55             desiredIdentity = (args[1]);
56          }
57  
58  	// define the service/resource host (gatekeeper, SRM door) for which access is requested
59          // we probably need to change back to URL style
60  	// String resource = "gram://gyoza7.fnal.gov/JobManager"; 
61  	String serviceName = "/DC=org/DC=doegrids/OU=Services/CN=gyoza7.fnal.gov"; 
62  
63          // usually we would get the next two values out of the gss context
64          String subjectName = System.getProperty("subject.dn");
65          if(subjectName==null || subjectName.length()==0) {
66               System.out.println("ERROR: you must supply a subject.dn system property");
67              return;
68          }
69  
70          String fqan=System.getProperty("subject.fqan");
71          String fqanIssuer = "Test client "; // this would be the voms server DN
72   
73          System.out.println("Requesting mapping for service resource "+serviceName);
74          System.out.println("with desired identity: "+desiredIdentity);
75          System.out.println("from identity mapping service at: "+identityMappingServiceContact);   
76          System.out.println("my Subject DN is: "+subjectName);   
77          System.out.println("my FQAN is: "+fqan+" Issuer: "+fqanIssuer);   
78        
79  
80          GridId gridId = new GridId();
81          gridId.setUserDN(subjectName);
82          gridId.setHostDN(serviceName);
83          if(fqan!=null && fqan.length()>0) {
84            gridId.setUserFQAN(fqan);
85            gridId.setUserFQANIssuer(fqanIssuer);
86          }
87  
88          // call mapping function
89          GRIDIdentityMappingServiceClient mapClient = new GRIDIdentityMappingServiceClient(identityMappingServiceContact);
90          LocalId localId = mapClient.mapCredentials(gridId);
91  
92          // extracting what we received as local id
93          if (localId != null) {
94  
95             System.out.println("Access may be granted with the following local identity qualifications:");
96   
97             System.out.println("user name:                " + localId.getUserName());
98             System.out.println("primary group name:       " + localId.getGroupName());
99             System.out.println("supplemental group names: " + localId.getSupplementalGroupNames());
100            System.out.println("root directory:           " + localId.getRootPath());
101            System.out.println("relative home directory:  " + localId.getRelativeHomePath());
102 
103         }
104         else {
105           System.out.println("Not authorized - no mapping could be retrieved");
106         }
107   
108 
109       } catch(Exception e) {
110          System.out.println("Caught exception: " +e.getMessage());
111          e.printStackTrace();
112       } 
113     }
114       
115 
116 } // end class