wiki:AuthNRequirements
Last modified 7 years ago Last modified on 02/08/11 17:54:02

Security related libraries and methods used in dCache

Short list

Sun Classes

jaas.jar

  • Subject (84 references)

COG-SRMlib

jgss.jar

  • modules/dcap/plugins/javatunnel/GssTunnel.java
  • org.ietf.jgss
    • ChannelBinding (3 references)
      • modules/dCacheJUnit/org/dcache/util/SimpleGSIEngineHelper.java
    • GSSContext (27 references)
      • modules/dCache/diskCacheV111/doors/GsiFtpDoorV1.java
      • modules/dCache/diskCacheV111/doors/KerberosFtpDoorV1.java
      • modules/dCache/diskCacheV111/services/authorization/KPWDAuthorizationPlugin.java
      • modules/dCache/org/dcache/pool/movers/RemoteGsiftpTransferProtocol_1.java
      • modules/dCache/org/dcache/util/GSISelectChannelEndPoint.java
      • modules/dCache/org/dcache/util/JettyAsyncGSIConnector.java
      • modules/dCache/org/dcache/util/SimpleGSIEngine.java
      • modules/dCacheJUnit/org/dcache/util/SimpleGSIEngineTest.java
      • modules/gPlazma/src/gplazma/authz/AuthorizationController.java
      • modules/gPlazma/src/gplazma/authz/plugins/gridmapfile/GridMapFileAuthzPlugin.java
      • modules/gPlazma/src/gplazma/authz/util/HostUtil.java
      • modules/gPlazma/src/gplazma/authz/util/X509CertUtil.java
      • modules/srm/src/org/dcache/srm/SRMAuthorization.java
      • modules/srm/src/org/dcache/srm/server/SrmAuthorizer.java
      • modules/srm/src/org/dcache/srm/unixfs/UnixfsAuthorization.java
    • GSSCredential (139 references)
      • modules/dCache/org/dcache/util/JettyGSIConnector.java
      • modules/srm/src/org/dcache/srm/client/SRMClientV1.java
      • modules/srm/src/org/dcache/srm/client/SRMClientV2.java
      • modules/srm/src/org/dcache/srm/request/CopyFileRequest.java
      • modules/srm/src/org/dcache/srm/request/RequestCredential.java
      • modules/srm/src/org/dcache/srm/request/sql/DatabaseRequestCredentialStorage.java
      • modules/srm/src/org/dcache/srm/server/UserCredential.java
      • modules/srm/src/org/dcache/srm/unixfs/Storage.java
      • modules/srm/src/org/dcache/srm/util/GridftpClient.java
      • modules/srmclient/gov/fnal/srm/util/Copier.java
    • GSSException (22 references)
      • modules/gPlazma/src/gplazma/authz/plugins/samlquery/SAMLAuthorizationPlugin.java
      • modules/gPlazma/src/gplazma/authz/plugins/vorolemap/VORoleMapAuthzPlugin.java
      • modules/srm/src/org/dcache/srm/security/DelegationTestClient.java
      • modules/srm/src/org/dcache/srm/security/DelegationTestEndServer.java
      • modules/srm/src/org/dcache/srm/security/DelegationTestMiddleServer.java
      • modules/srm/src/org/dcache/srm/security/SslGsiSocketFactory.java
    • GSSManager (10 references)
    • GSSName (10 references)
    • MessageProp (3 references)
    • Oid (3 references)
      • modules/srm/src/org/dcache/srm/client/PromiscuousHostAuthorization.java

glite-security-voms-api-java-1.9.8-1.jar

  • org.glite.voms
    • BasicVOMSTrustStore (2 references)
    • FQAN (6 references)
    • PKIStore (10 references)
    • PKIVerifier (2 references)
    • VOMSAttribute (7 references)
    • VOMSValidator (4 references)
  • org.glite.voms.ac
    • ACTrustStore (3 references)
    • ACValidator (3 references)
    • AttributeCertificate (2 references)
    • VOMSTrustStore (2 references)

gPlazma

anam.jar

  • fnal.vox.security
    • Base64 (2 references)
    • ReadWriteSocket (3 references)

privilege-1.0.1.5.jar

  • org.opensciencegrid.authz.client
    • modules/gPlazma/src/gplazma/authz/plugins/samlquery/SAML1AuthorizationPlugin.java
  • org.opensciencegrid.authz.common
    • LocalId (6 references)

privilege-xacml-2.2.5.jar

  • org.opensciencegrid.xacml.client
    • MapCredentialClient (3 references)
  • org.opensciencegrid.xacml.common
    • FQAN (2 references)
    • LocalId (8 references)
    • XACMLConstants (3 references)

INTERNAL

  • org.dcache.auth
    • UNSPECIFIED CLASS
      • modules/dCache/diskCacheV111/doors/GssFtpDoorV1.java
      • modules/dCache/diskCacheV111/srm/dcache/DCacheAuthorization.java
      • modules/dCache/diskCacheV111/services/space/SimpleSpaceManagerAuthorizationPolicy.java
      • modules/dCache/diskCacheV111/services/space/SpaceManagerAuthorizationPolicy.java
      • modules/dCache/diskCacheV111/services/space/message/GetSpaceTokens.java
      • modules/dCache/diskCacheV111/services/space/message/Release.java
      • modules/dCache/diskCacheV111/services/space/message/Reserve.java
      • modules/dCache/diskCacheV111/services/space/message/Use.java
      • modules/dCache/diskCacheV111/srm/dcache/DcacheFileMetaData.java
      • modules/dCache/diskCacheV111/srm/dcache/PutCompanion.java
      • modules/dCache/diskCacheV111/srm/dcache/RemoveFileCompanion.java
      • modules/dCache/diskCacheV111/srm/dcache/SrmMarkSpaceAsBeingUsedCompanion.java
      • modules/dCache/diskCacheV111/srm/dcache/SrmReleaseSpaceCompanion.java
      • modules/dCache/diskCacheV111/srm/dcache/SrmReserveSpaceCompanion.java
      • modules/dCache/diskCacheV111/srm/dcache/SrmUnmarkSpaceAsBeingUsedCompanion.java
      • modules/dCache/diskCacheV111/vehicles/transferManager/RemoteGsiftpTransferManagerMessage.java
      • modules/dCache/diskCacheV111/vehicles/transferManager/TransferManagerMessage.java
      • modules/dCache/org/dcache/auth/persistence/AuthRecordPersistenceManager.java
      • modules/dCache/org/dcache/services/pinmanager1/PinManager.java
      • modules/dCache/org/dcache/services/pinmanager1/PinManagerDatabase.java
      • modules/dCache/org/dcache/services/pinmanager1/PinManagerJob.java
      • modules/dCache/org/dcache/services/pinmanager1/PinManagerPolicy.java
      • modules/dCache/org/dcache/services/pinmanager1/PinRequest.java
      • modules/dCache/org/dcache/services/pinmanager1/SimplePinManagerPolicyImpl.java
      • modules/dCacheJUnit/org/dcache/tests/auth/SubjectsTest.java
      • modules/webadmin/src/org/dcache/webadmin/model/dataaccess/impl/ServletContextCellStub.java
      • modules/dCache/org/dcache/auth/AuthorizationRecord.java
      • modules/dCache/org/dcache/xrootd2/door/XrootdDoor.java
      • modules/dCache/org/dcache/xrootd2/door/XrootdRedirectHandler.java
      • modules/dCache/diskCacheV111/srm/dcache/Storage.java
      • modules/dCache/org/dcache/services/login/MessageHandler.java
      • modules/dCache/org/dcache/services/login/RemoteLoginStrategy.java
      • modules/dCache/diskCacheV111/doors/AbstractFtpDoorV1.java
      • modules/dCache/diskCacheV111/doors/DCapDoorInterpreterV3.java
      • modules/dCache/diskCacheV111/namespace/PerformanceTest.java
      • modules/dCache/diskCacheV111/namespace/PnfsManagerV3.java
      • modules/dCache/diskCacheV111/namespace/provider/BasicNameSpaceProvider.java
      • modules/dCache/diskCacheV111/namespace/provider/PermissionHandlerNameSpaceProvider.java
      • modules/dCache/diskCacheV111/util/CheckStagePermission.java
      • modules/dCache/diskCacheV111/util/PnfsHandler.java
      • modules/dCache/diskCacheV111/vehicles/Message.java
      • modules/dCache/org/dcache/chimera/migration/FileMetaDataComparator.java
      • modules/dCache/org/dcache/chimera/migration/StorageInfoComparator.java
      • modules/dCache/org/dcache/chimera/namespace/ChimeraNameSpaceProvider.java
      • modules/dCache/org/dcache/chimera/nfsv41/door/NFSv41Door.java
      • modules/dCache/org/dcache/namespace/ACLPermissionHandler.java
      • modules/dCache/org/dcache/namespace/PosixPermissionHandler.java
      • modules/dCache/org/dcache/pinmanager/DefaultAuthorizationPolicy.java
      • modules/dCache/org/dcache/pinmanager/MovePinRequestProcessor.java
      • modules/dCache/org/dcache/pinmanager/PinRequestProcessor.java
      • modules/dCache/org/dcache/pinmanager/PinTask.java
      • modules/dCache/org/dcache/pinmanager/model/Pin.java
      • modules/dCache/org/dcache/services/pinmanager1/Pinner.java
      • modules/dCache/org/dcache/util/Transfer.java
      • modules/dCache/org/dcache/webdav/DcacheResourceFactory.java
      • modules/dCache/org/dcache/webdav/LoggingFilter.java
      • modules/dCache/org/dcache/webdav/SecurityFilter.java
      • modules/dCacheJUnit/org/dcache/chimera/migration/FileMetaDataComparatorTests.java
      • modules/dCacheJUnit/org/dcache/chimera/migration/StorageInfoComparatorTests.java
      • modules/webadmin/src/org/dcache/webadmin/controller/impl/LoginStrategyLogInService.java
      • modules/dCacheJUnit/org/dcache/tests/namespace/ACLPermissionHandlerSecondTest.java
      • modules/gPlazma/junit/org/dcache/gplazma/CheckUIDAccountPlugin.java
      • modules/gPlazma/junit/org/dcache/gplazma/strategies/MappingStrategyMapTests.java
      • modules/gPlazma/junit/org/dcache/gplazma/strategies/MappingStrategyReverseMapTests.java
      • modules/gPlazma/src/org/dcache/gplazma/validation/DoorValidationStrategy.java
      • modules/dCacheJUnit/org/dcache/auth/CachingLoginStrategyTests.java
      • modules/dCache/org/dcache/auth/Gplazma2LoginStrategy.java
      • modules/dCache/org/dcache/auth/KauthFileLoginStrategy.java
      • modules/dCache/org/dcache/auth/LoginReply.java
      • modules/dCache/org/dcache/services/login/LoginMessage.java
      • modules/dCache/org/dcache/auth/UnionLoginStrategy.java
    • FQAN (131 references)
      • modules/dCache/diskCacheV111/services/space/LinkGroupAuthorizationFile.java
      • modules/dCache/diskCacheV111/services/space/Manager.java
      • modules/gPlazma/src/org/dcache/gplazma/plugins/VOMapLineParser.java
    • FQANPrincipal (72 references)
      • modules/dCache/org/dcache/services/login/LoginCLI.java
      • modules/gPlazma/junit/org/dcache/gplazma/plugins/GPlazmaVORolePluginTest.java
      • modules/gPlazma/src/org/dcache/gplazma/plugins/GPlazmaVORolePlugin.java
    • GidPrincipal (87 references)
      • modules/dCache/org/dcache/auth/AnonymousLoginStrategy.java
      • modules/dCacheJUnit/org/dcache/tests/namespace/ACLTest.java
      • modules/dCacheJUnit/org/dcache/tests/namespace/PosixPermissionHandlerTest.java
      • modules/gPlazma/junit/org/dcache/gplazma/GPlazmaTests.java
      • modules/gPlazma/src/org/dcache/gplazma/plugins/KpwdFileUsernamePasswordAuthenticationPlugin.java
    • GroupPrincipal (84 references)
    • KAuthFile (30 references)
      • modules/dCache/diskCacheV111/admin/UserMetaDataProviderFnal.java
    • LoginGidprincipal (3 references)
    • LoginNamePrincipal (14 references)
      • modules/dCache/diskCacheV111/doors/WeakFtpDoorV1.java
    • LoginUidPrincipal (14 references)
    • Origin (118 references)
      • modules/cells/dmg/util/Subjects.java
      • modules/dCache/org/dcache/acl/mapper/AclMapper.java
    • Password (14 references)
      • modules/gPlazma/junit/org/dcache/gplazma/plugins/UsernamePasswordAuthenticationPluginTest.java
      • modules/gPlazma/src/org/dcache/gplazma/plugins/UsernamePasswordAuthenticationPlugin.java
    • UidPrincipal (100 references)
    • UserAuthBase (8 references)
      • modules/dCacheJUnit/org/dcache/tests/auth/GridMapFileTest.java
      • modules/dCacheJUnit/org/dcache/tests/auth/KpwdTest.java
    • UserNamePrincipal (76 references)
      • modules/cells/dmg/protocols/ssh/SshStreamEngine.java
      • modules/cells/dmg/protocols/telnet/TelnetStreamEngine.java
      • modules/dcap/plugins/javatunnel/SSLTunnelSocket.java
      • modules/gPlazma/junit/org/dcache/gplazma/AddHomeRootSessionPlugin.java
    • UserPwdRecord (21 references)
    • VerifiedUserPrincipal (12 references)
  • gplazma.authz
    • AuthorizationConfig (8 references)
    • AuthorizationController (19 references)
      • modules/gPlazma/src/gplazma/authz/plugins/gridmapfile/GridMapFileHandler.java
      • modules/gPlazma/src/gplazma/authz/plugins/vorolemap/VORoleMapHandler.java
    • AuthorizationException (159 references)
      • modules/dCache/org/dcache/auth/GplazmaLoginStrategy.java
      • modules/dCacheJUnit/org/dcache/tests/auth/VoRoleTest.java
      • modules/dcap/plugins/javatunnel/GsiTunnel.java
      • modules/gPlazma/src/gplazma/authz/plugins/samlquery/XACMLAuthorizationPlugin.java
    • AuthorizationPluginLoader (4 references)
  • gplazma.authz.plugins
    • AuthorizationPlugin (15 references)
      • modules/gPlazma/src/gplazma/authz/AuthorizationPluginLoader.java
    • CachingPlugin (4 references)
    • !RecordMappingPLugin (7 references)
  • gplazma.authz.plugins.dynamic
    • GIDMapFileHandler (7 references)
    • UIDMapFileHandler (7 references)
      • modules/dCacheJUnit/org/dcache/tests/auth/UidGitMapTest.java
      • modules/gPlazma/src/gplazma/authz/records/DynamicMappingMethods.java
  • gplazma.authz.plugins.gridmapfile
    • GridMapAuthzPlugin (6 references)
    • GridMapFileHandler (3 references)
  • gplazma.authz.plugins.samlquery
    • SAML1AuthorizationPlugin (4 references)
    • SAMLAuthorizationPlugin (3 references)
    • XACMLAuthorizationPlugin (4 references)
  • gplazma.authz.plugins.saz
    • SAZAuthorizationPlugin (4 references)
  • gplazma.authz.plugins.vorolemap
    • VORoleMapAuthzPlugin (6 references)
    • VORoleMapHandler (7 references)
  • gplazma.authz.records
    • AuthorizationRecordBase (2 references)
    • DCacheSRMauthzRecordService (8 references)
      • modules/gPlazma/src/gplazma/authz/plugins/RecordMappingPlugin.java
    • DynamicAuthorizationRecord (17 references)
      • modules/gPlazma/src/gplazma/authz/plugins/AuthorizationPlugin.java
    • gPlazmaAuthorizationRecord (74 references)
      • modules/dCache/org/dcache/auth/RecordConvert.java
    • PasswordRecord (6 references)
  • gplazma.authz.util
    • HostUtil (4 references)
    • NameRolePair (19 references)
    • X509CertUtil (20 references)

Full List

Sun Classes

jaas.jar

  • com.sun.security.auth
  • com.sun.security.auth.login
  • javax.security.auth
  • Subject (84 references)
  • javax.security.auth.callback
  • javax.security.auth.login
  • javax.security.auth.spi

References within dCache: Subject is the only class that is used from this jar.

COG-SRMlib

jgss.jar

  • org.ietf.jgss
    • ChannelBinding (3 references)
    • GSSContext (27 references)
    • GSSCredential (139 references)
    • GSSException (22 references)
    • GSSManager (10 references)
    • GSSName (10 references)
    • MessageProp (3 references)
    • Oid (3 references)

Uses within dCache: see above

BouncyCastle

bcprov-jdk1.5-143.jar ==== - BouncyCastle

  • many workspaces and tons of classes

Uses within dCache: Used by the ARGUS API.

gLite

glite-security-trustmanager-1.8.16-1.norefresh.jar

  • org.glite.security.trustmanager
    • ContextFactory
    • ContextWrapper
    • CRLCertChecker
    • CRLFileTrustManager
    • ProxyCertPathValidator
    • SSLContextWrapper
    • TimeoutSSLSocketFactory
    • UpdatingKeyManager
  • org.glite.security.trustmanager.axis
    • AXISSocketFactory
    • AXISSocketFactoryFactory
    • SSLConfigSender
  • org.glite.security.trustmanager.tomcat
    • TMSSLImplementation
    • TMSSLServerSocketFactory

Usages within dCache: None. This jar may be savely removed

glite-security-util-java-1.4.0-1.jar

  • org.glite.security
    • SecurityContext
    • SecurityException
    • SecurityInfo
    • SecurityInfoContainer
  • org.glite.security.util
    • CaseInsensitiveProperties
    • CertUtil
    • DirectoryList
    • DN
    • DNHandler
    • DNImpl
    • FileCertReader
    • FileEndingIterator
    • KeyStoregenerator
    • Namespace
    • NamespaceRule
    • Password
    • PrivateKeyReader
    • X500Principal
  • org.glite.security.util.axis
    • InitSecurityContext
  • org.glite.security.voms
    • BasicVOMSTrustStore
    • FQAN

org.glite.voms.FQAN:modules/gPlazma/src/gplazma/authz/plugins/vorolemap/VORoleMapExtract.java

  • VOMSAttribute
  • VOMSValidator
  • org.glite.security.voms.ac
    • ACGenerator
    • ACTrustStore
    • ACValidator
    • AttVertIssuer
    • AttributeCertificate
    • AttributeCertificateInfo
    • Holder
    • leftAttrSyntax
    • ObjectDigestInfo
    • Util
    • V2Form

Usages within dCache: None. This jar may be savely removed.

glite-security-voms-api-java-1.9.8-1.jar

  • org.glite.voms
    • BasicVOMSTrustStore (2 references)
    • CertUtil
    • DirectoryList
    • FileCertReader
    • FileEndingIterator
    • FQAN (6 references)
    • LSCFile
    • PKIStore (10 references)
    • PKIUtils
    • PKIVerifier (2 references)
    • SigningPolicy
    • VOMSAttribute (7 references)
    • VOMSKeyManager
    • VOMSTrustManager
    • VOMSValidator (4 references)
  • org.glite.voms.ac
    • ACCerts
    • ACGenerator
    • ACTarget
    • ACTargets
    • ACTrustStore (3 references)
    • ACValidator (3 references)
    • AttCertIssuer
    • AttributeCertificate (2 references)
    • AttributeCerttificateInfo
    • AttributeHolder
    • FullAttributes
    • GenericAttribute
    • Holder
    • leftAttrSyntax
    • NameConverter
    • ObjectDigestInfo
    • Util
    • V2Form
    • VOMSTrustStore (2 references)
  • org.glite.voms.contract
    • ExtensionData
    • MyProxyuCertInfo
    • PathNamingScheme
    • ProxyPolicy
    • Test
    • UserCredentials
    • VOMSDecoder
    • VOMSErrorMessage
    • VOMSESFileparser
    • VOMSException
    • VOMSParser
    • VOMSProtocol
    • VOMSProxyBuilder
    • VOMSProxyConstants
    • VOMSProxyInit
    • VOMSRequestFactory
    • VOMSRequestFragment
    • VOMSRequestOptions
    • VOMSResponse
    • VOMSServerInfo
    • VOMSServerMap
    • VOMSSocket
    • VOMSSyntaxException

Usages within dCache: none

opensaml-1.0.1.jar

  • org.opensaml
    • BindingException
    • ExpiredAssertionException
    • FatalProfileException
    • InvalidAssertionException
    • InvalidCryptoException
    • MalformedExpection
    • ProfileException
    • QName
    • ReplayedAssertionException
    • RetryableProfileException
    • SAMLAction
    • SAMLAssertion
    • SAMLAttribute
    • SAMLAttributeDesignator
    • SAMLAttributeQuery
    • SAMLAttributeStatement
    • SAMLAudienceRestrictionContition
    • SAMLAuthenticationQuery
    • SAMLAuthenticationStatement
    • SAMLAuthorityBinding
    • SAMLAuthorizationDecisionQuery
    • SAMLAuthorizationDecisionStatement
    • SAMLBinding
    • SAMLCondition
    • SAMLConfig
    • SAMLDecision
    • SAMLDoNotCacheCondition
    • SAMLException
    • SAMLIdentifier
    • SAMLNameIdentifier
    • SAMLObject
    • SAMLPOSTProfile
    • SAMLQuery
    • SAMLRequery
    • SAMLResponse
    • SAMLSignedObject
    • SAMLSOAPBinding
    • SAMLStatement
    • SAMLSubject
    • SAMLSubject
    • SAMLSubjectQuery
    • SAMLSubjectStatement
    • SOAPException
    • TrustException
    • UnknownAssertionException
    • UnsupportedExtensionException
    • XML

Usages within dCache: none, but referenced by external libs.

gPlazma

anam.jar

  • fnal.vox.security
    • ANAM
    • ANAMUtil
    • Base64 (2 references)
    • CA
    • CertInputStream
    • CrlFilter
    • Http
    • Login
    • MyAction
    • MyANAM
    • PolicyFilter
    • ReadWriteSocket (3 references)
    • WrapUnwrap

privilege-1.0.1.5.jar

  • org.opensciencegrid.authz.client (internal references)
  • org.opensciencegrid.authz.common
    • LocalId (6 references)
  • org.opensciencegrid.authz.saml
  • org.opensciencegrid.authz.service
  • org.opensciencegrid.authz.stubs

privilege-xacml-2.2.5.jar

  • org.opensciencegrid.xacml.client
    • MapCredentialClient (3 references)
  • org.opensciencegrid.xacml.common
    • FQAN (2 references)
    • LocalId (8 references)
    • XACMLConstants (3 references)
  • org.opensciencegrid.xacml.service
  • org.opensciencegrid.xacml.stubs

Notes: FQAN may probably be replaced by other implementations.

org.dcache.auth

  • FQAN (131 references)
  • FQANPrincipal (72 references)
  • GidPrincipal (87 references)
  • GroupPrincipal (84 references)
  • KAuthFile (30 references)
  • LoginGidprincipal (3 references)
  • LoginNamePrincipal (14 references)
  • LoginUidPrincipal (14 references)
  • Origin (118 references)
  • Password (14 references)
  • UidPrincipal (100 references)
  • UserAuthBase (8 references)
  • UserNamePrincipal (76 references)
  • UserPwdRecord (21 references)
  • VerifiedUserPrincipal (12 references)

Notes: FQAN may probably be replaced by external implementation (e.g. org.glite.security.voms.FQAN) It seems like a good idea to have some basic Principal class in the AuthN library, to allow the different EMI Modules to exchange their Princals.

gplazma.authz

  • AuthorizationConfig (8 references)
  • AuthorizationController (19 references)
  • AuthorizationException (159 references)
  • AuthorizationPluginLoader (4 references)

Notes: gPlazma1 only

gplazma.authz.plugins

  • AuthorizationPlugin (15 references)
  • CachingPlugin (4 references)
  • !RecordMappingPLugin (7 references)

gplazma.authz.plugins.dynamic

  • GIDMapFileHandler (7 references)
  • UIDMapFileHandler (7 references)

gplazma.authz.plugins.gridmapfile

  • GridMapAuthzPlugin (6 references)
  • GridMapFileHandler (3 references)

gplazma.authz.plugins.samlquery

  • SAML1AuthorizationPlugin (4 references)
  • SAMLAuthorizationPlugin (3 references)
  • XACMLAuthorizationPlugin (4 references)

gplazma.authz.plugins.saz

  • SAZAuthorizationPlugin (4 references)

gplazma.authz.plugins.vorolemap

  • runVORoleMap
  • VORoleMapAuthzPlugin (6 references)
  • VORoleMapExtract
  • VORoleMapHandler (7 references)

gplazma.authz.records

  • AuthorizationRecordBase (2 references)
  • DCacheSRMauthzRecordService (8 references)
  • DynamicAuthorizationRecord (17 references)
  • DynamicMappingMethods
  • gPlazmaAuthorizationRecord (74 references)
  • PasswordRecord (6 references)
  • runDCacheSRMauthzRecordService

gplazma.authz.util

  • HostUtil (4 references)
  • NameRolePair (19 references)
  • X509CertUtil (20 references)

Summary

Right now we include 10 security/authorization related JARs into dCache and have another 10 different namespaces implemented as part of dCache. Of the included JARs glite-security-trustmanager-1.8.16-1.norefresh.jar and glite-security-util-java-1.4.0-1.jar seem to be unused, since they are not referenced by any code in dCache. From the remaining 7 JARs, jaas.jar is Java Authentication and Authorization Service, jgss.jar contains the Commodity Grid Kit (see http://wiki.cogkit.org/wiki/Main_Page) and is heavily used. glite-security-voms-api-java-1.9.8-1.jar is used in dCache code as well as by the ARGUS plugin. Then there is anam.jar from which only Base64 and ReadWriteSocket are used at all and only in SAZAuthorizationPlugin. From privilege-1.0.1.5.jar only LocalId is used and only in SAML1AuthorizationPlugin. privilege-xacml-2.2.5.jar provides 4 classes that are used in XACMLAuthorizationPlugin with exception of FQAN which is used in X509CertUtil.

In a first step, all unreferenced jars should be removed if possible. Then similar classes (e.g. FQAN, Principals) should be joined. Some gPlazma1-plugins may be substituted in gPlazma2 with ARGUS Obligation Handlers (e.g. Grid Map POSIX Account Mapping OH: https://twiki.cern.ch/twiki/bin/view/EGEE/AuthZOH#Account_and_Group_Mapping).

Requirements for AuthN-lib

  • basic Principal and Grid-specific principals (e.g. FQANPrincipal) + Credentials
  • Group-Map/Account?-Map file wrappers
  • DN class + Tools
  • FQAN class + Tools
  • DNFQAN class + Tools
  • X509 Certificates classes + Tools
  • Credential classes
  • Exception classes
  • XACML Toolkit
  • SAML Toolkit
  • Session tools: scope/context, id, session static variables (attributes)