Membership Service Tutorial 3 - Delegating Access using a Group
Using the Membership Service to delegate access to another resource.
Tutorials on how to use the GRIA Client Interface API
Page
11
of
15.
We need to declare the location of our Membership Service and the service at which the resource we wish to give access to is location. In this example we will give access to a Data Stager located at a Data Service.
private static String MEMBERSHIP_SERVICE_ENDPOINT = "https://hostname:8443/gria-client-mgt/services/MembershipService"; private static String MEMBERSHIP_GROUP_ID = "40894e36-15faf09a-0115-fb07f5dd-0008"; private static String DATA_SERVICE_ENDPOINT = "https://hostname:8443/gria-basic-app-services/services/DataService"; private static String DATA_STAGER_ID = "40894e36-15f08ce0-0115-f0be917c-0009";
We declare a StateRepository and locate our Membership Group resource on the Membership Service.
StateRepository repository = new MemoryStateRepository();
RemoteMembershipService membershipService = (RemoteMembershipService)
repository.getOrCreateObject(RemoteMembershipService.class,ConversationID.getEPR(MEMBERSHIP_SERVICE_ENDPOINT));
MembershipGroupConversation group = null;
try {
EndpointReferenceType eprs[] = membershipService.getResources();
for (EndpointReferenceType epr : eprs){
if(ConversationID.getConversationFromEPR(epr).equals(MEMBERSHIP_GROUP_ID)){
group = repository.getOrCreateObject(MembershipGroupConversation.class,epr);
}
}
if(group==null)
throw new RuntimeException("No Group found with ID:"+MEMBERSHIP_GROUP_ID);
else
System.out.println("Found Group '"+ConversationID.getLabel(group.getEndpointRef())+"'");
} catch (RemoteException e) {
throw new RuntimeException(e);
}
We follow the same pattern as above to locate the Data Stager on the Data Service.
RemoteDataService dataService = (RemoteDataService)
repository.getOrCreateObject(RemoteDataService.class,ConversationID.getEPR(DATA_SERVICE_ENDPOINT));
DataConversation data = null;
try {
EndpointReferenceType eprs[] = dataService.getResources();
for (EndpointReferenceType epr : eprs){
if(ConversationID.getConversationFromEPR(epr).equals(DATA_STAGER_ID)){
data = repository.getOrCreateObject(DataConversation.class,epr);
}
}
if(data==null)
throw new RuntimeException("No Data found with ID:"+DATA_STAGER_ID);
else
System.out.println("Found Data '"+ConversationID.getLabel(data.getEndpointRef())+"'");
} catch (RemoteException e) {
throw new RuntimeException(e);
}
We then call addPolicyRule on the Data Stager to add a rule to it allowing access to anyone with the 'member' role on the group. We give subjects the 'reader' role on the Data Stager. We identify the Membership Group by calling 'getMembershipPattern' on the group which will return a rule identifying itself.
try {
data.addPolicyRule(new PolicyRule(group.getMembershipPattern(),"reader"));
System.out.println("Added Rule to '"+ConversationID.getLabel(data.getEndpointRef())+"' ("+DATA_STAGER_ID+")");
} catch (RemoteException e) {
throw new RuntimeException(e);
}
Full Java Code
import java.rmi.RemoteException;
import org.apache.axis.message.addressing.EndpointReferenceType;
import uk.ac.soton.ecs.iam.grid.client.staterepos.MemoryStateRepository;
import uk.ac.soton.ecs.iam.grid.comms.client.DataConversation;
import uk.ac.soton.ecs.iam.grid.comms.client.RemoteDataService;
import uk.ac.soton.ecs.iam.grid.comms.client.StateRepository;
import uk.ac.soton.itinnovation.grid.client.membership.MembershipGroupConversation;
import uk.ac.soton.itinnovation.grid.client.membership.RemoteMembershipService;
import uk.ac.soton.itinnovation.grid.types.ConversationID;
import uk.ac.soton.itinnovation.grid.types.MatchRule;
import uk.ac.soton.itinnovation.grid.types.PolicyRule;
public class MembershipGroupTutorial3 {
private static String MEMBERSHIP_SERVICE_ENDPOINT
= "https://hostname:8443/gria-client-mgt/services/MembershipService";
private static String MEMBERSHIP_GROUP_ID
= "40894e36-15faf09a-0115-fb07f5dd-0008";
private static String DATA_SERVICE_ENDPOINT
= "https://hostname:8443/gria-basic-app-services/services/DataService";
private static String DATA_STAGER_ID
= "40894e36-15f08ce0-0115-f0be917c-0009";
public static void main(String[] args) {
StateRepository repository = new MemoryStateRepository();
RemoteMembershipService membershipService = (RemoteMembershipService)
repository.getOrCreateObject(RemoteMembershipService.class,
ConversationID.getEPR(MEMBERSHIP_SERVICE_ENDPOINT));
MembershipGroupConversation group = null;
try {
EndpointReferenceType eprs[] = membershipService.getResources();
for (EndpointReferenceType epr : eprs){
if(ConversationID.getConversationFromEPR(epr).equals(MEMBERSHIP_GROUP_ID)){
group = repository.getOrCreateObject(MembershipGroupConversation.class,epr);
}
}
if(group==null)
throw new RuntimeException("No Group found with ID:"+MEMBERSHIP_GROUP_ID);
else
System.out.println("Found Group '"+ConversationID.getLabel(group.getEndpointRef())+"'");
} catch (RemoteException e) {
throw new RuntimeException(e);
}
RemoteDataService dataService = (RemoteDataService)
repository.getOrCreateObject(RemoteDataService.class,
ConversationID.getEPR(DATA_SERVICE_ENDPOINT));
DataConversation data = null;
try {
EndpointReferenceType eprs[] = dataService.getResources();
for (EndpointReferenceType epr : eprs){
System.out.println(""+ConversationID.getConversationFromEPR(epr));
if(ConversationID.getConversationFromEPR(epr).equals(DATA_STAGER_ID)){
data = repository.getOrCreateObject(DataConversation.class,epr);
}
}
if(data==null)
throw new RuntimeException("No Data found with ID:"+DATA_STAGER_ID);
else
System.out.println("Found Data '"+ConversationID.getLabel(data.getEndpointRef())+"'");
} catch (RemoteException e) {
throw new RuntimeException(e);
}
try {
MatchRule rule = new MatchRule("EMAILADDRESS=Email, CN=CommonName, OU=OrganisationUnit, " +
"O=Organisation, L=Locality, ST=State, C=Country",
membershipService.getServiceProviderIssuer().getX509Certificate(),
"reader",false);
data.addPolicyRule(new PolicyRule(rule));
System.out.println("Added Rule to '"+ConversationID.getLabel(data.getEndpointRef())
+"' ("+DATA_STAGER_ID+")");
} catch (RemoteException e) {
throw new RuntimeException(e);
}
}
}
Next:
Membership Service Tutorial 4 - Using a Group to access a Resource
Previous:
Membership Service Tutorial 2 - Adding Members to a Group
Previous:
Membership Service Tutorial 2 - Adding Members to a Group