Bugzilla – Bug 5559
Reorganize Java WS Authorization code base
Last modified: 2008-01-15 10:05:44
You need to
before you can comment on or make changes to this bug.
Java WS Core
Relocate the Java WS Authorization code base from within the Java WS
Core repository to a separate repository. Reorganize the code base to
better facilitate maintenance of the core engine and individual
As part of a previous campaign the Java Authorization module was
reworked to be agnostic of WS layers. Extracting it into its separate
repository will allow for more modular code base, that can be
maintained and shipped independent of Java WS Core.
With recent addition of numerous interceptors like SAML and XACML PDP,
overheads of stub generation and third-party libraries, unrelated to
Java WS Core are introduced. The proposed structure will not only
remove the overhead, but also ease the burden of adding new
interceptors that have been developed as a part of other projects and
provide independent builds of logical groupings of interceptors or
(1) Create globus_packages/authorization/java/framework and move Java
Authorization framework that current resides in wsrf/java/authzFramework.
(2) Create globus_packages/authorization/java/providers/base and move
the minimal set of PDPs and PIPs that are shipped with Java WS core
today. These would be interceptors that do not require any additional
(3) Create globus_packages/authorization/java/providers/saml and move
all PIPs and PDPs that process SAML and use OpenSAML. As a part of this,
investigate replacing OpenSAML 1.1 with globus-opensaml.jar, shipped by
(4) Create globus_pacakges/authorization/java/providers/xacml. Place
holder for when the XACML PDP work is merged.
(5) Rework Ant build system, GPT meta-data and fix dependencies.
Created bug_5559_branch_1 and moved wsrf/java/authzFramework to
authorization/java/engine. This code uses only log4j and junit jars, but for
now added dependency on wsrf java common.
The wsrf core code has numerous references to the client authorization pieces.
As implemented today, the same classes are used for client authorization and
serber authorization (PDPs). This needs to be separated out, with interceptors
as part of the new modules and client authz pieces in wsrf core.
All base providers and tests have been moved to authorization module. It
depends on wsrf/java/core and tests depend on wsrf/java/core/test/base (just
for junit.jar). Tests build and work.
Tests and samples in core don't build as yet.
All PIPs/PDPs other than X509BootstrapPIP, GridMap PDP and NoAuthz PDP have
been moved to authorization module. These three are used in notification and
authorization system, and if moved will cause a dependency on the authorization
module even for core testing.
Core and authorization tests work now. Core dependency looks like this: common,
usage, tools, schema, authzFramework, core, registry, authzProvider, sample.
authzFramework can be built and tested on its own.
SAML authorization pieces have been moved to authorization/java/saml and
relevant tests have also been moved and fixed.
This branch needs to be merged with trunk. But given trunk is in flux and this
will introduce a few (two classes are in different package) API change, holding
off until things stabilize with trunk.
Code has been merged with trunk and migration guide is available here:
campaign open until 4.2 drafts documentation is updated.
Docuementation has been updated.