Examples of org.nimbustools.api.services.rm.AuthorizationException

org.nimbustools.api.services.rm.AuthorizationException

                               Subject subject, Long elapsedMins,
                               Long reservedMins, int numWorkspaces, double chargeRatio)


            throws AuthorizationException, ResourceRequestDeniedException {


        throw new AuthorizationException("Authorization callout is disabled, " +
                "it is illegal to call isPermitted()");
    }

View Full Code Here


            throws AuthorizationException,
                   ResourceRequestDeniedException {


        if (!HashUtil.isInitialized()) {
            throw new AuthorizationException("Cannot give an authorization " +
                    "decision without a properly initialized hashing system");
        }


        if (dn == null) {
            throw new IllegalArgumentException("dn is null");
        }


        if (rights == null) {
            throw new IllegalArgumentException("rights is null");
        }


        if (bindings == null) {
            throw new IllegalArgumentException("bindings is null");
        }


        if (elapsedMins == null) {
            throw new IllegalArgumentException("elapsedMins is null");
        } else if (elapsedMins.longValue() < 0) {
            throw new IllegalArgumentException("elapsedMins is negative");
        }


        if (reservedMins == null) {
            throw new IllegalArgumentException("reservedMins is null");
        } else if (reservedMins.longValue() < 0) {
            throw new IllegalArgumentException("reservedMins is negative");
        }


        if (chargeRatio <= 0) {
            throw new IllegalArgumentException("expecting charge ratio to be positive");
        }


        final StringBuffer buf = new StringBuffer("\n\nConsidering caller: '");
        buf.append(dn)
           .append("'.\nCurrent elapsed minutes: ")
           .append(elapsedMins)
           .append(".\nCurrent reserved minutes: ")
           .append(reservedMins)
           .append(".\nNumber of VMs in request: ")
           .append(bindings.length)
           .append(".\nCharge ratio for request: ")
           .append(chargeRatio)
           .append(".\nNumber of VMs caller is already currently running: ")
           .append(numWorkspaces)
           .append(".\nRights:\n")
           .append(rights)
           .append("\n\n");


        final int maxCurrentPolicy = (int) rights.getMaxWorkspaceNumber();
        if (maxCurrentPolicy > 0) {


            if (numWorkspaces + bindings.length > maxCurrentPolicy) {


                final StringBuffer newbuf = 
                        new StringBuffer("\nDenied: Request for ");
                newbuf.append(bindings.length)
                      .append(" workspaces");


                if (numWorkspaces != 0) {
                    newbuf.append(", together with number of currently " +
                                  "running workspaces (")
                          .append(numWorkspaces)
                          .append("),");
                }


                newbuf.append(" exceeds the maximum, which is ")
                      .append(maxCurrentPolicy)
                      .append(" concurrently running workspaces.");


                final String msg = newbuf.toString();
                buf.append(msg);
                logger.warn(buf.toString());
                throw new ResourceRequestDeniedException(msg);
            }
        }


        long requestDur = 0;
        for (int i = 0; i < bindings.length; i++) {


            final VirtualMachineDeployment dep = bindings[i].getDeployment();
            if (dep == null) {
                final String msg = "ERROR: No deployment information in " +
                        "binding, can't make decision.";
                buf.append(msg);
                logger.error(buf.toString());
                throw new AuthorizationException(msg);
            }


            final long seconds = dep.getMinDuration();
            requestDur += seconds / 60;
        }


        final Double doubleRequestDur = requestDur * chargeRatio;
        requestDur = doubleRequestDur.longValue();


        if (bindings.length > 1) {
            buf.append("Duration total of all requests in group: ");
        } else {
            buf.append("Duration request: ");
        }


        buf.append(requestDur)
           .append("\n");


        // zero or below means no check should be made
        if (rights.getMaxCPUs() > 0) {
            final long maxCPUs = rights.getMaxCPUs();
            for (int i = 0; i < bindings.length; i++) {


                final VirtualMachineDeployment dep = bindings[i].getDeployment();
                if (dep == null) {
                    final String msg = "ERROR: No deployment information in " +
                            "binding, can't make decision.";
                    buf.append(msg);
                    logger.error(buf.toString());
                    throw new AuthorizationException(msg);
                }
                final long currentCPUs = dep.getIndividualCPUCount();
                if (currentCPUs > maxCPUs) {


                    buf.append("\nDenied: Requested CPU count (")
                       .append(currentCPUs)
                       .append(") + is greater or equal to maximum CPU count (")
                       .append(maxCPUs)
                       .append(").\n");


                    logger.warn(buf.toString());


                    throw new ResourceRequestDeniedException(
                                "You requested too many CPUs (" +
                                        currentCPUs + "), the " +
                                        "maximum is " +
                                        maxCPUs + " CPUs.");
                    }
            }
        }


        // zero or below means no check should be made
        if (rights.getMaxReservedMinutes() > 0) {
            final long max = rights.getMaxReservedMinutes();
            final long current = reservedMins.longValue();
            if (requestDur + current > max) {


                buf.append("\nDenied: Request duration (")
                   .append(requestDur)
                   .append(") + current reserved tally (")
                   .append(current)
                   .append(") + is greater or equal to maximum reserved (")
                   .append(max)
                   .append(").\n");


                logger.warn(buf.toString());


                throw new ResourceRequestDeniedException(
                            "Your request is for too much time (" +
                                    requestDur + "), the " +
                                    "maximum reserved at once is " +
                                    max + " minutes.  You currently have " +
                                    current + " other reserved minutes.");
            }
        }


        // zero or below means no check should be made
        if (rights.getMaxElapsedReservedMinutes() > 0) {
            final long max = rights.getMaxElapsedReservedMinutes();
            final long currentElapsed = elapsedMins.longValue();
            final long currentReserved = reservedMins.longValue();
            final long tally = currentElapsed + currentReserved;
            if (requestDur + tally > max) {


                buf.append("\nDenied: Request duration (")
                   .append(requestDur)
                   .append(") + current reserved+elapsed tally (")
                   .append(tally)
                   .append(") + is greater or equal to maximum reserved+elapsed (")
                   .append(max)
                   .append(").\n");


                logger.warn(buf.toString());


                throw new ResourceRequestDeniedException(
                            "Your request is for too much time (" +
                                requestDur + "), this would exceed the " +
                                "maximum you can have both used in the " +
                                "past and have reserved currently. " +
                                "This maximum is " +
                                max + " minutes.  You currently have " +
                                currentElapsed + " elapsed minutes " +
                                "and " + currentReserved +
                                " reserved minutes and the request for " +
                                requestDur + " minutes would exceed this.");
            }
        }


        final String dnhash;
        if (rights.isDirHashMode()) {
            try {
                dnhash = HashUtil.hashDN(dn);
            } catch (NoSuchAlgorithmException e) {
                final String msg = "ERROR: DN hash required but it " +
                        "is not available: " + e.getMessage();
                buf.append(msg);
                logger.error(buf.toString());
                throw new AuthorizationException(msg);
            }
        } else {
            dnhash = null;
        }


        for (int i = 0; i < bindings.length; i++) {


            final VirtualMachinePartition[] parts =
                                bindings[i].getPartitions();


            if (parts == null) {
               final String msg = "ERROR: No partition information in " +
                        "binding, can't make decision.";
                buf.append(msg);
                logger.error(buf.toString());
                throw new AuthorizationException(msg);
            }


            checkImages(parts, rights, buf, dn, dnhash);
        }

View Full Code Here

        } else {
            final String msg = "authorzation callout plugin returned " +
                    "unknown decision code: " + result;
            logger.error(msg);
            // this msg gets seen by web services client....
            throw new AuthorizationException("internal " +
                    "server error: authorization DENIED");
        }
    }

View Full Code Here

                final String msg = "ERROR: Partition in " +
                    "binding is not a valid URI? Can't make decision. " +
                        " Error message: " + e.getMessage();
                buf.append(msg);
                logger.error(buf.toString());
                throw new AuthorizationException(msg);
            }
        }
    }

View Full Code Here

            try {
                dnhash = HashUtil.hashDN(dn);
            } catch (NoSuchAlgorithmException e) {
                final String msg = "ERROR: DN hash required but it " +
                        "is not available: " + e.getMessage();
                throw new AuthorizationException(msg);
            }
        } else {
            dnhash = null;
        }


        final String hostname = rights.getImageNodeHostname();
        if (hostname != null) {
            if (!hostname.equalsIgnoreCase(altTargetURI.getHost())) {
                throw new AuthorizationException(
                        "You may only use images from host '" + hostname + "'");
            }
        }


        final String basedir = rights.getImageBaseDirectory();
        if (basedir == null) {
            return Decision.PERMIT; // *** EARLY RETURN ***
        }


        final String comparisonDir;
        
        try {
            comparisonDir = normalize(basedir, null);
        } catch (ResourceRequestDeniedException e) {
            throw new AuthorizationException(e.getMessage(), e);
        }
        
        if (!basedir.equals(comparisonDir)) {
            logger.debug("Configured base directory policy normalized from '" +
                    basedir + "' into '" + comparisonDir + "'");
        }


        String subdir = null;
        if (dnhash != null) {
            subdir = comparisonDir + "/" + dnhash;
        }


        if (!altTargetURI.getPath().startsWith(comparisonDir)) {


            throw new AuthorizationException(
                    "You may only save images to alternate " +
                            "locations starting with base directory '" +
                            comparisonDir + "'");
        }


        if (subdir != null &&
                !altTargetURI.getPath().startsWith(subdir)) {


            throw new AuthorizationException(
                    "You may only save images to alternate " +
                            "locations starting with base directory '" +
                            subdir + "'");
        }

View Full Code Here

                               throws AuthorizationException,
                                      ResourceRequestDeniedException {


        final VirtualMachineDeployment dep = vm.getDeployment();
        if (dep == null) {
            throw new AuthorizationException(
                        "internal error, no deployment, vm #" + vm.getID());
        }


        final int requestedSecs = dep.getMinDuration();
        if (requestedSecs == VirtualMachineDeployment.NOTSET) {

View Full Code Here

            return rc;
        }
        catch(AuthzDBException wsdbex)
        {
            logger.error("internal db problem", wsdbex);
            throw new AuthorizationException("Internal problem with the data base " + wsdbex.toString()); 
        }
    }

View Full Code Here

            throws AuthorizationException
    {
        String [] results = url.split("://", 2);
        if(results == null || results.length != 2)
        {
            throw new  AuthorizationException("Poorly formed repository url, no scheme " + url);
        }
        String scheme = results[0];
        String remaining = results[1];


        results = remaining.split("/", 2);
        if(results == null || results.length != 2)
        {
            throw new  AuthorizationException("Poorly formed repository url, no host separator " + url);
        }
        String hostname = results[0];
        String objectName = results[1];


        results = new String[3];

View Full Code Here

        String keyName;


        String [] results = objectName.split("/", 2);
        if(results == null || results.length != 2)
        {
            throw new  AuthorizationException("Poorly formed bucket/key " + objectName);
        }
        bucketName = results[0];
        keyName = results[1];


        try
        {
            int parentId = authDB.getFileID(bucketName, -1, AuthzDBAdapter.OBJECT_TYPE_S3);
            if (parentId < 0)
            {
                throw new AuthorizationException("No such bucket " + bucketName);
            }
            int fileId = authDB.getFileID(keyName, parentId, AuthzDBAdapter.OBJECT_TYPE_S3);
            int [] rc = new int[2];
            rc[0] = parentId;
            rc[1] = fileId;
            
            return rc;
        }
        catch(AuthzDBException wsdbex)
        {
            logger.error("trouble looking up the cumulus information ", wsdbex);
            throw new AuthorizationException("Trouble with the database " + wsdbex.toString());
        }
    }

View Full Code Here

        {
            ownerID = this.authDB.getCanonicalUserIdFromDn(dn);
        }
        catch(AuthzDBException aex)
        {
            throw new AuthorizationException("Could not find the user " + dn, aex);
        }


        for (int i = 0; i < parts.length; i++)
        {
            if (!parts[i].isPropRequired() && !parts[i].isUnPropRequired())
            {
                logger.debug("groupauthz not examining '" +
                                parts[i].getImage() + "': no prop/unprop needed");
                continue;
            }


            String incomingImageName = parts[i].getImage();


            if(parts[i].isUnPropRequired())
            {
                unPropImageName = parts[i].getAlternateUnpropTarget();
                if(unPropImageName == null)
                {
                    unPropImageName = incomingImageName;
                    
                    String commonPath = "/common/";
                    if(incomingImageName.indexOf(commonPath) > 0)
                    {
                        // replace common path with user path
                        String userPath = "/" + ownerID + "/";
                        unPropImageName = unPropImageName.replaceFirst(commonPath, userPath);
                        parts[i].setAlternateUnpropTarget(unPropImageName);
                    }                                                                        
                }
                else
                {
                    different_target = true;
                }
            }            


            if (different_target) {
                logger.debug("Image '" + incomingImageName + "' requested, unpropagation " +
                        "image is different: '" + unPropImageName + "'");
            } else {
                logger.debug("Image '" + incomingImageName + "' requested (unprop is same)");
            }
            
            try
            {
                // see if we are allowed to read the image
                long size = checkUrl(incomingImageName, dn, false, 0);


                // if unpropagting, see if we are allowed to write to the unprop name
                if(unPropImageName != null)
                {                    
                    checkUrl(unPropImageName, dn, true, size);
                }
            }
            catch (WorkspaceDatabaseException e)
            {
                final String msg = "ERROR: Partition in " +
                    "binding is not a valid URI? Can't make decision. " +
                        " Error message: " + e.getMessage();
                buf.append(msg);
                logger.error(buf.toString(), e);
                throw new AuthorizationException(msg);
            }
        }
    }

View Full Code Here

0 1

TOP

Related Classes of org.nimbustools.api.services.rm.AuthorizationException

org.globus.workspace.groupauthz.DecisionLogic

org.globus.workspace.groupauthz.GroupAuthz

org.globus.workspace.manager.DelegatingManager

org.globus.workspace.service.binding.authorization.Callout

org.globus.workspace.service.binding.authorization.DefaultAuthorize

org.globus.workspace.service.binding.authorization.DisabledCallout

org.globus.workspace.sqlauthz.AuthzDecisionLogic

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.