Bug 5559 - Reorganize Java WS Authorization code base
: Reorganize Java WS Authorization code base
: Java WS Security
: development
: PC Windows XP
: P1 normal
: 4.2.0
Assigned To:
: 4454
  Show dependency treegraph
Reported: 2007-09-13 09:36 by
Modified: 2008-01-15 10:05 (History)



You need to log in before you can comment on or make changes to this bug.

Description From 2007-09-13 09:36:36
Technologies: GSI 
              Java WS Core  

Relocate the Java WS Authorization code base from within the Java WS 
Core repository to a separate repository. Reorganize the code base to 
better facilitate maintenance of the core engine and individual 


As part of a previous campaign the Java Authorization module was 
reworked to be agnostic of WS layers. Extracting it into its separate 
repository will allow for more modular code base, that can be 
maintained and shipped independent of Java WS Core. 

With recent addition of numerous interceptors like SAML and XACML PDP, 
overheads of stub generation and third-party libraries, unrelated to 
Java WS Core are introduced. The proposed structure will not only 
remove the overhead, but also ease the burden of adding new 
interceptors that have been developed as a part of other projects and 
provide independent builds of logical groupings of interceptors or 
individual interceptors. 


(1) Create globus_packages/authorization/java/framework and move Java 
Authorization framework that current resides in wsrf/java/authzFramework. 

(2) Create globus_packages/authorization/java/providers/base and move 
the minimal set of PDPs and PIPs that are shipped with Java WS core 
today. These would be interceptors that do not require any additional 
third-party library. 

(3) Create globus_packages/authorization/java/providers/saml and move 
all PIPs and PDPs that process SAML and use OpenSAML. As a part of this,
investigate replacing OpenSAML 1.1 with globus-opensaml.jar, shipped by
GridShib project.

(4) Create globus_pacakges/authorization/java/providers/xacml. Place 
holder for when the XACML PDP work is merged. 

(5) Rework Ant build system, GPT meta-data and fix dependencies.
------- Comment #1 From 2007-09-13 17:11:09 -------
Created bug_5559_branch_1 and moved wsrf/java/authzFramework to
authorization/java/engine. This code uses only log4j and junit jars, but for
now added dependency on wsrf java common.

The wsrf core code has numerous references to the client authorization pieces.
As implemented today, the same classes are used for client authorization and
serber authorization (PDPs). This needs to be separated out, with interceptors
as part of the new modules and client authz pieces in wsrf core.
------- Comment #2 From 2007-09-20 23:42:25 -------
All base providers and tests have been moved to authorization module. It
depends on wsrf/java/core and tests depend on wsrf/java/core/test/base (just
for junit.jar). Tests build and work.

Tests and samples in core don't build as yet.
------- Comment #3 From 2007-10-03 16:52:27 -------
All PIPs/PDPs other than X509BootstrapPIP, GridMap PDP and NoAuthz PDP have
been moved to authorization module. These three are used in notification and
authorization system, and if moved will cause a dependency on the authorization
module even for core testing.

Core and authorization tests work now. Core dependency looks like this: common,
usage, tools, schema, authzFramework, core, registry, authzProvider, sample.
authzFramework can be built and tested on its own. 
------- Comment #4 From 2007-10-03 16:53:26 -------
SAML authorization pieces have been moved to authorization/java/saml and
relevant tests have also been moved and fixed.
------- Comment #5 From 2007-11-01 10:30:27 -------
This branch needs to be merged with trunk. But given trunk is in flux and this
will introduce a few (two classes are in different package) API change, holding
off until things stabilize with trunk.
------- Comment #6 From 2008-01-14 17:34:40 -------
Code has been merged with trunk and migration guide is available here:
http://dev.globus.org/wiki/Java_WS_Core/Independent_Java_Authz_Module. Leaving
campaign open until 4.2 drafts documentation is updated.
------- Comment #7 From 2008-01-15 10:05:44 -------
Docuementation has been updated.