Document Actions
Membership Service Tutorial
Introduction
This guide explains how to use the GRIA Membership Service. In the example we will create a membership group and add a user ("Alice") to the group. Then we will create a data stager and permit members of the group to read the data. Finally, we will show that Alice is able to read the data using the token obtained from the membership group.
The TutorialHelpers.java class is required.
The full Java file for the Membership Service Tutorial can be downloaded.
Guide to the GRIA Membership Service
Create a TutorialHelpers object and get a ProxyFactory object from it:
TutorialHelpers helpers = new TutorialHelpers();
ProxyFactory proxyFactory = helpers.getFactory();
Create a proxy to the membership service:
RemoteMembershipService membershipService = proxyFactory.createProxy(ConversationID.getEPR(MEMBERSHIP_SERVICE_ENDPOINT), RemoteMembershipService.class);
Create a new Membership Group on the service called 'My Group':
MembershipGroupConversation group = membershipService.createGroup("My Group");
System.out.println(ConversationID.getURLReferenceFromEPR(group.getEndpointRef()));
Create an identity object for Alice and use that to create a MatchPattern:
IdentityProvider aliceIDP = new TestIdentityProvider("alice");
Identity alice = aliceIDP.getIdentity();
MatchPattern alicePattern = alice.getMatchPattern();
Create a PolicyRule, setting the role to be member. Members of a group can retrieve the token of a group and use it to access other resources that they have been delegated access to:
PolicyRule rule = new PolicyRule(alicePattern, "member");
Add the rule to 'My Group'. This updates the access control policy on the group resource (at the membership service) to say that Alice (identified by her certificate) can have the "member" role:
group.addPolicyRule(rule);
Alice is now a member of the group, but there are no resources that can be accessed yet. We will create a data stager and delegate access.
Create a proxy to the data service, create a data stager and upload some data:
EndpointReferenceType dataServiceEPR = ConversationID.getEPR(DATA_SERVICE_ENDPOINT);
RemoteDataService dataService = proxyFactory.createProxy(dataServiceEPR, RemoteDataService.class);
DataConversation data = dataService.createStagingArea("My Data");
data.copyFromURL("http://www.gria.org/portal_css/Plone%20Default/logo.jpg");
Allow members of the group access to the 'reader' role on the data. This allows Alice to read from the data stager:
data.addPolicyRule(new PolicyRule(group.getMembershipPattern(), "reader"));
Now we are going to change our identity to Alice and access the data stager using the token:
try{
TutorialHelpers aliceHelpers = new TutorialHelpers();
Set the identity to Alice and get another proxy factory:
aliceHelpers.getTransport().setIdentityProvider(aliceIDP); ProxyFactory aliceProxyFactory = aliceHelpers.getFactory();
Make a copy of the EPR of the data stager:
EndpointReferenceType aliceDataEPR = new EndpointReferenceType(data.getEndpointRef());
We need to indicate to the Attribute Selector where to get the token to access the data stager:
ConversationID.setTokenSource(aliceDataEPR, WSTrustUtils.createTokenSourcePolicy(group.getEndpointRef()));
Put this EPR in the registry so the attribute selector can find it:
aliceHelpers.getRegistry().registerResource(aliceDataEPR);
Create a proxy to the Data Stager:
DataConversation aliceData = aliceProxyFactory.createProxy(aliceDataEPR, DataConversation.class);
Read the data using the token:
aliceData.read();
Clean up at the services:
} catch(Exception e){
throw e;
}finally{
group.destroy();
data.destroy();
}
