Access Keys:
Skip to content (Access Key - 0)

CSM

Developers Guide

[ CSM: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides ]

This guide provides only a brief introduction to the topic of integrating with CSM's Authorization Service using the CSM security API. The API is written in Java and the guide assumes that the reader is familiar with the Java language. For a more complete discussion of the CSM API, you should refer to Chapter 2: Using the CSM API of the caCORE CSM v4.2 Programmer's Guide.

The CSM-API implementation of instance-level security was designed specifically for CACORE and is not secure for caGrid data services that use CQL to specify queries.  The details of this problem are described in the following forum discussion: cabig-kc.nci.nih.gov

A new version of the CSM service is currently in development that will provide a secure implementation of instance-level security for caGrid. This new releae will also be easier to integrate with.

Integrating with the CSM Authorization Service

It is possible to check access permissions at run-time using the org.cagrid.gaards.csm.service.CSM class. It is also possible to use the CSM class to provision user access rights. However, details on this topic are outside the scope of this guide.

To use the CSM authorization service, add the following imports to the classes that wish to perform authorization:

import org.cagrid.gaards.csm.service.CSM;
import org.cagrid.gaards.csm.service.CSMUtils;
import org.cagrid.gaards.csm.service.GridGrouperRemoteGroupSynchronizer;

Next, create an instance of CSM by providing appropriate CSMProperties and GridGrouperRemoteGroupSynchronizer objects.

try {
   CSM csm = new CSM(CSMUtils.getCSMProperties(), new GridGrouperRemoteGroupSynchronizer());
   boolean hasPermission = csm.checkPermission(applicationId, "userIdentity", "objectId", "privilege");
   if (hasPermission) {
      // add logic for users who have access permission
   } else {
      // add logic for users who lack access permission
   }
} catch (CSException e) {
   // deal with the error caused by the AuthorizationManager
}

The checkPermission method called in the sample code takes four arguments: the applicationId of the CSM application to check, the user identity of the user requesting access, the resource name of the entity the user wishes to access, and the permission representing the action or operation the user wishes to use on the resource. Replace these values with values specific to your application. The resource name value should match the name of a protection element, the permission value should match the name of a privilege, and the username should match the user grid identity used to create a permission (or should match the grid user id of a member of a group used to create a permission). For more information on permissions, privileges, users, groups and protection elements, refer to the Administrator's Guide Overview or any of the resource management guides listed in the Administrator's Guide.
Last edited by
Keith Gasper (708 days ago) , ...
Adaptavist Theme Builder Powered by Atlassian Confluence