|
1 |
| |
|
2 |
| |
|
3 |
| |
|
4 |
| |
|
5 |
| |
|
6 |
| |
|
7 |
| |
|
8 |
| |
|
9 |
| |
|
10 |
| |
|
11 |
| package org.globus.cas.impl.client; |
|
12 |
| |
|
13 |
| import org.globus.cas.types.PolicyData; |
|
14 |
| |
|
15 |
| import org.globus.cas.CASPortType; |
|
16 |
| |
|
17 |
| import org.globus.cas.faults.CasFault; |
|
18 |
| import org.globus.cas.faults.NoPermissionFault; |
|
19 |
| |
|
20 |
| import org.globus.cas.types.PolicyDetails; |
|
21 |
| import org.globus.cas.types.PolicyResponse; |
|
22 |
| |
|
23 |
| import org.globus.cas.impl.CasConstants; |
|
24 |
| |
|
25 |
| import org.globus.wsrf.utils.FaultHelper; |
|
26 |
| |
|
27 |
| |
|
28 |
| |
|
29 |
| |
|
30 |
| |
|
31 |
| public class CasRightsHandler { |
|
32 |
| |
|
33 |
| static String msg = |
|
34 |
| " Usage: cas-rights-admin [<options>] <operationType> " |
|
35 |
| + "<operationDetails>\n" |
|
36 |
| + " Options are -debug Runs with debug trace \n" |
|
37 |
| + " -c <instanceURl> Specify URL for CAS server\n" |
|
38 |
| + " -help Prints this message\n" |
|
39 |
| + " -v Prints version number\n" |
|
40 |
| + " -s Identity of CAS server. If not specified, will \n" |
|
41 |
| + " defualt to host authorization.\n" |
|
42 |
| + " -m security mechanism. 'msg' for secure message\n" |
|
43 |
| + " or 'conv' for secure conversation or 'trans' for\n" |
|
44 |
| + " transport security. If unspecified, if instance\n" |
|
45 |
| + " url is 'https', then trasport security is used \n" |
|
46 |
| + " else mechanism defaults to secure message\n" |
|
47 |
| + " -p protection type, 'sig' signature and 'enc' \n" |
|
48 |
| + " encryption, defaults to signature\n" |
|
49 |
| + " <operationType> : Indicates type of operation. Should be \n" |
|
50 |
| + " \"grant\" or \"revoke\"\n" |
|
51 |
| + " <operationDetails> : \n" |
|
52 |
| + " <userGroupName> <objectSpecDesc> <objectSpec> <actionSpecDesc>\n" |
|
53 |
| + " <actionSpec>\n" |
|
54 |
| + " <userGroupName> : Name of the user group to grant \n" |
|
55 |
| + " permission for\n" |
|
56 |
| + " <objectSpecDesc> : Type of object. Should be \"object\" \n" |
|
57 |
| + " or \"user\" or \"userGroup\" or \n" |
|
58 |
| + " \"serviceType\" or \"namespace\" or\n" |
|
59 |
| + " \"trustAnchor\" \n" |
|
60 |
| + " <objectSpec> : Data to uniquely identify the CAS Object. \n" |
|
61 |
| + " <objectNamespace> <objectName>, where \n" |
|
62 |
| + " <objectNamespace> is Namespace the object\n" |
|
63 |
| + " belongs to and <objectName> is name of the\n" |
|
64 |
| + " object (or) nickname of the user (or) name\n" |
|
65 |
| + " of user group (or) service type name (or)\n" |
|
66 |
| + " nickname of the namespace or) nickname of\n" |
|
67 |
| + " trust anchor respectively\n" |
|
68 |
| + " <actionSpecDesc> : Should be \"serviceAction\" or \n" |
|
69 |
| + " \"serviceActionGroup\"\n" |
|
70 |
| + " <actionSpec> : <serviceTypeName> <actionName>, \n" |
|
71 |
| + " where <serviceTypeName> is name of the\n" |
|
72 |
| + " service type and <actionName> is name of\n" |
|
73 |
| + " action (or) name of the service group\n"; |
|
74 |
| |
|
75 |
| static boolean debug = false; |
|
76 |
| |
|
77 |
0
| public static void main(String args[]) throws Exception {
|
|
78 |
| |
|
79 |
0
| if (args.length<1) {
|
|
80 |
0
| System.out.println(msg);
|
|
81 |
0
| System.exit(0);
|
|
82 |
| } |
|
83 |
| |
|
84 |
0
| CasClientSetup clientSetup = new CasClientSetup(args, msg);
|
|
85 |
0
| String instanceURL = clientSetup.getInstanceURL();
|
|
86 |
0
| String serverIdentity = clientSetup.getServerIdentity();
|
|
87 |
0
| int startIndex = clientSetup.argsStartIndex;
|
|
88 |
0
| debug = clientSetup.debug;
|
|
89 |
0
| printMessage("CAS client to grant or revoke rights.");
|
|
90 |
| |
|
91 |
0
| if (args.length < startIndex + 5) {
|
|
92 |
0
| System.err.println("Not enough parameters");
|
|
93 |
0
| System.err.println(msg);
|
|
94 |
0
| System.exit(-1);
|
|
95 |
| } |
|
96 |
| |
|
97 |
0
| String userGpName = args[startIndex+1];
|
|
98 |
0
| String objSpecDesc = args[startIndex+2];
|
|
99 |
0
| String objSpec = args[startIndex+3];
|
|
100 |
0
| int actionIndex = 4;
|
|
101 |
| |
|
102 |
0
| if (objSpecDesc.equals(CasConstants.OBJECT_SPEC)) {
|
|
103 |
0
| printMessage("objectSpecDesc is object");
|
|
104 |
0
| objSpec = args[startIndex+3]
|
|
105 |
| + CasConstants.OBJECTSPEC_DELIMITER + args[startIndex+4]; |
|
106 |
0
| actionIndex = 5;
|
|
107 |
| } |
|
108 |
| |
|
109 |
0
| clientSetup.checkParameters(actionIndex + 2);
|
|
110 |
| |
|
111 |
0
| String actionSpecDesc = args[startIndex + actionIndex];
|
|
112 |
0
| String actionSpec = args[startIndex + actionIndex + 1];
|
|
113 |
| |
|
114 |
| |
|
115 |
0
| if (actionSpecDesc.equals(CasConstants.SERVICEACTION_SPEC)) {
|
|
116 |
0
| printMessage("actionSpecDesc is serviceAction");
|
|
117 |
0
| clientSetup.checkParameters(actionIndex + 3);
|
|
118 |
0
| actionSpec = args[startIndex + actionIndex + 1 ]
|
|
119 |
| + CasConstants.SERVICEACTION_DELIMITER |
|
120 |
| + args[startIndex + actionIndex + 2]; |
|
121 |
| } |
|
122 |
| |
|
123 |
0
| printMessage("Parameters " + userGpName + " " + objSpec + " "
|
|
124 |
| + objSpecDesc + " " + actionSpec + " " + actionSpecDesc); |
|
125 |
| |
|
126 |
0
| try {
|
|
127 |
0
| if (args[startIndex].equalsIgnoreCase("grant")) {
|
|
128 |
0
| CASPortType casPort =
|
|
129 |
| clientSetup.getCASPort(instanceURL, serverIdentity); |
|
130 |
| |
|
131 |
0
| printMessage("Grant " + userGpName + " " + objSpec + " "
|
|
132 |
| + objSpecDesc + " " + actionSpec + " " |
|
133 |
| + actionSpecDesc); |
|
134 |
| |
|
135 |
| |
|
136 |
0
| PolicyDetails policyDetails = new PolicyDetails();
|
|
137 |
0
| policyDetails.setUserGpName(userGpName);
|
|
138 |
0
| policyDetails.setObjectSpec(objSpec);
|
|
139 |
0
| policyDetails.setObjectSpecDesc(objSpecDesc);
|
|
140 |
0
| policyDetails.setActionSpec(actionSpec);
|
|
141 |
0
| policyDetails.setActionSpecDesc(actionSpecDesc);
|
|
142 |
0
| PolicyResponse policyData = casPort.grant(policyDetails);
|
|
143 |
0
| System.out.println("PolicyId is " + ((PolicyData)policyData
|
|
144 |
| .getPolicy()).getPolicyId()); |
|
145 |
| } |
|
146 |
0
| else if (args[startIndex].equalsIgnoreCase("revoke")) {
|
|
147 |
0
| CASPortType casPort =
|
|
148 |
| clientSetup.getCASPort(instanceURL, serverIdentity); |
|
149 |
0
| printMessage("Revoke " + userGpName + " " + objSpec + " "
|
|
150 |
| + objSpecDesc + " " + actionSpec + " " |
|
151 |
| + actionSpecDesc); |
|
152 |
| |
|
153 |
0
| PolicyDetails policyDetails = new PolicyDetails();
|
|
154 |
0
| policyDetails.setUserGpName(userGpName);
|
|
155 |
0
| policyDetails.setObjectSpec(objSpec);
|
|
156 |
0
| policyDetails.setObjectSpecDesc(objSpecDesc);
|
|
157 |
0
| policyDetails.setActionSpec(actionSpec);
|
|
158 |
0
| policyDetails.setActionSpecDesc(actionSpecDesc);
|
|
159 |
0
| casPort.revoke(policyDetails);
|
|
160 |
| } else { |
|
161 |
0
| System.err.println("Erroneous operation type "
|
|
162 |
| + args[startIndex]); |
|
163 |
0
| System.err.println(msg);
|
|
164 |
0
| System.exit(-1);
|
|
165 |
| } |
|
166 |
| } catch (NoPermissionFault noPermFault) { |
|
167 |
0
| System.err.println(noPermFault.getDescription());
|
|
168 |
0
| System.exit(-1);
|
|
169 |
| } catch (CasFault casFault) { |
|
170 |
0
| if (!debug) {
|
|
171 |
0
| String desc =
|
|
172 |
| (new FaultHelper(casFault)).getDescriptionAsString(); |
|
173 |
0
| System.err.println(desc);
|
|
174 |
| } else { |
|
175 |
0
| System.err.println((new FaultHelper(casFault))
|
|
176 |
| .getStackTrace()); |
|
177 |
| } |
|
178 |
0
| System.exit(-1);
|
|
179 |
| } catch (Exception exp) { |
|
180 |
0
| if (debug) {
|
|
181 |
0
| System.err.println(exp.toString());
|
|
182 |
| } else { |
|
183 |
0
| System.err.println(CasClientSetup.getErrorMsg(exp));
|
|
184 |
| } |
|
185 |
0
| System.exit(-1);
|
|
186 |
| } |
|
187 |
0
| System.out.println("Completed successfully");
|
|
188 |
| } |
|
189 |
| |
|
190 |
0
| private static void printMessage(String msg) {
|
|
191 |
0
| if (debug) {
|
|
192 |
0
| System.out.println(msg);
|
|
193 |
| } |
|
194 |
| } |
|
195 |
| } |
