Argus PEP Client: Java Programming Interface¶
The Argus PEP Java client library is used to communicate with the Argus PEP daemon. It authorizes request and receives response back from Argus.
Javadoc for the PEP Java client API: http://argus-authz.github.com/argus-pep-api-java/javadoc/2.X/index.html
PEP XACML Object Model¶
The PEP client XACML object model implemented in the package
org.glite.authz.common.model follow this schema:
This is a very simplified example, omitting all the error handling, on how to create a PEP client, a request, and then authorize the request and process the response.
- Create a PEP client configuration and initialize it:
PEPClientConfiguration config= new PEPClientConfiguration(); config.addPEPDaemonEndpoint("https://argus.example.org:8154/authz"); // trust and key material for the HTTPS connection with client authentication config.setTrustMaterial("/etc/grid-security/certificates"); config.setKeyMaterial("/etc/grid-security/hostcert.pem", "/etc/grid-security/hostkey.pem", "keystore_password");
- Create the PEP client based on the config:
PEPClient pep= new PEPClient(config);
At this point you have a multi-threaded PEP client that can be reuse to submit many authorization requests to the PEP server.
3. Create an authorization request for a user proxy certificate, based on a profile:
// read the user proxy PEMFileReader reader= new PEMFileReader(); X509Certificate userproxy= reader.readCertificates("/tmp/x509up_u959"); // create the request for a given profile AuthorizationProfile profile= GridWNAuthorizationProfile.getInstance(); Request request= profile.createRequest(userproxy, "http://example.org/wn/cluster1", GridWNAuthorizationProfile.ACTION_EXECUTE);
- Authorize the request with the Argus PEP daemon:
Response response= pep.authorize(request);
- Extract the user mapping information from the response:
// will throw an exception if the authorization response is not *Permit*, or if the obligation is not present Obligation posixMappingObligation= profile.getObligationPosixMapping(response); String userId= profile.getAttributeAssignmentUserId(posixMappingObligation); String groupId= profile.getAttributeAssignmentPrimaryGroupId(posixMappingObligation); List<String> groupIds= profile.getAttributeAssignmentGroupIds(posixMappingObligation);
There is also a Java-based GUI available for sending requests to a PEPd. Just click on the following image which will download the application to your desktop and start it. Once you’ve downloaded it you can restart it by double-clicking the Argus-PEP-Client.jnlp file.