Access Control UI For SOS Servers



Introduction

The project’s aim is to define rules to restrict access to SOS contents on the operation and parameter level.This goal is achieved with a nice graphical user interface to enable the admin user to manage permissions for a particular enforcement point, which is the connection point for the client instead of the original SOS endpoint.The access control mechanism thus developed should be easily integrated with any SWE Client which can read permissions from a file to grant access to use the capabilities of the client

About the Student

I, the student that is working on this project, am Dushyant Sabharwal. I am a graduate in Computer Science and now pursuing my masters in GeoInformatics from IIT Bombay, India. I have earlier worked with Infosys Technologies on developing User Interfaces for enterprise products. Since this is my first association with an Open Source Organization, so i am really looking forward to the experience

Project Blog Posts

  • First Introductory blog post about the project can be found here
  • Mid-term blog post about the project can be found here

Source Code

Fork me on GitHub Source code of the project is regularly updated on Github, Timeseries Protector is the link to the repository

Weekly Reports

GSOC report week #1

Status

  • Set up the development environment in eclipse and installed the necessary software
  • Forked the timeseries protector app from Github to have an idea of the Access Control Mechanism currently implemented
  • Read the Maven documentation to get an idea of the philosophy of it's use and how it is implemented
  • Read the Apache Tiles documentation
  • Read about Agile/Scrum methodology of software development

Problems

  • Could not run the forked timeseries protector app on my local machine due to dependency failure when trying to build the project using maven in eclipse
  • Updated the settings.xml to resolve the issue but still the problem is open

Next Tasks

  • Getting up to date with Spring MVC and JSP
  • Creating User Stories for UI

GSOC report week #2

Status

  • Got up to date with Spring MVC and JSP documentation
  • Successfully installed the timeseries protector app on my local machine after resolving the dependency issues
  • Created a demo jsp page which interacts with the timeseries data, here is the link timeseries protector
  • Created the first blog post for the project

Problems

  • No major outstanding issues for the next week

Next Tasks

  • Creating user stories for UI
  • Creating workflows based on the user stories

GSOC report week #3

Status

  • Created mock ups for different user stories to discuss the UI workflow and design
  • Read about Bootstrap CSS and created demo screens for user stories
  • Implemented the user story where admin can view existing permissions in one place
OldTimeseriesPermissionManager.png
  • Implemented the user story where admin can delete single or multiple permission sets
  • The main screen where the admin can view all the permission sets which are created and can take appropriate actions
  • Below screens depict the delete user story
    oldDeletePermissionSets.png
    oldDeletePermissionSets-2.png
  • The below mock up describes the add permission set user story, this screen has gone through several iterations and will take one more because fine grain access control problem has to be resolved, the other screens such as modify permission set will also take another iteration after the add permission set screen is finalized
oldAddPermissionSetDesign.png

Problems

  • Stuck on the user story where admin can create new permission sets with fine grain access control on the resources which need to be protected
  • It is not clear whether the Read, Write and Delete restrictions are applicable to particular resources or the complete permission set

Next Tasks

  • Resolving the blocking problems
  • Implementing the remaining user stories

GSOC report week #4

Status

  • Read about prototyping in javascript from the book Definitive Guide to Javascript
  • Implemented the screen for modify permission set user story
  • Implemented the service methods for modify permission and permission set user story
  • Made UI enhancements for improving the responsiveness
  • Here is the link for github commit summary involving this week's implementation activity

Problems

  • Stuck on the "Add Permission" user story where user can add permissions to a permission set, this is a blocker for other user stories also

Next Tasks

  • Resolving the blocking problems
  • Implementing the remaining user stories

GSOC report week #5

Status

  • Developed the user story where a user can sort a permission set table based on various columns, here is the code
  • Developed the search functionality on permission set table content, here is the code
  • Developed the wizard styled screen for adding sub-permissions to a permission set, here is the code and below is the screenshot
oldWizardStyledScreen.png

Next Tasks

  • Currently the parameters for sub permissions were provided by user in an input field but with the use of timeseries interface the user should select those parameters from a dropdown
  • Mapping the user input data to the permission set object for saving the permission set in the permissions xml
  • Validating the various input form fields on various screens

GSOC report week #6

Status

  • Removed modal windows everywhere from the application, only full page jsps everywhere
  • Added the support for sorting and searching on HTML tables everywhere, change log for the above changes
  • Introduced dynamic page titles and headers along with breadcrumbs for helping the user to navigate through the app, change log
  • Completed the first draft for the mid-term blog post, it can be found here
  • Employed the use of Timeseries API for listing the parameters for the resource types which earlier were supposed to be entered by the user

Next Tasks

  • Making sure the permissions xml is written successfully when the user tries to add or modify a permission set
  • Deploying the successfully working web app on the demo server for mid-term review

GSOC report week #7

Status

  • Prepared the project for the mid term evaluation
  • Removed the hard coded urls from everywhere in the view files, now urls in view pages are independent of the project context here is the fix
  • Read about the Jackson JSON library and researched on it's use in this project's context, here is a small POC

Problem

  • Deserializing the JSON to Permissionset object is not working, this is part of the user story where the admin can save a permission set
  • Since Permissionset is part of the security API which is a third party code in my project's context so to modify the Permissionset class definitions was not feasible. Instead i created a proxy class called MixIns so that the converter can have a default constructor when deserializing the JSON to Permissionset object, but this work around could not solve the problem and i am still working on this issue

Next Tasks

  • To solve the above mentioned issue which is a blocker for 3 user stories
  • To work on the next set of user stories

GSOC report week #8

Status

  • Changed the wizard styled UI for creating a sub permission to a single page one here is the code change
  • Resolved the issue of deserialization from JSON to permission set with help from my mentor Henning Bredel here is the code fix
  • (1)The functionality of saving a sub permission as part of a permission set is now complete
  • (2)The functionality of modifying a sub permission as part of a permission set is also complete
  • (3)The functionality of deleting single or multiple sub permissions is complete from UI to backend deletePermission.png
  • (4)The functionality of deleting a permission set from the permissions xml is also complete, earlier there was no change in the file, now the issue has been fixed
  • here is the code change for features 1-4

Next Tasks

  • To complete the functionality where a new permission set can be saved, currently only the UI is in place
  • To work on the user story where the user can copy an existing permission set to save a new one
  • To work on resolving the issues, which have been tracked here

GSOC report week #9

Status

  • Completed the user story where the admin can copy an existing permission set, here is the description and screen
  • Completed the user story where the admin can copy an existing sub permission, here is the description and screen
  • Completed the user story where the admin user is restricted to create a new permission set with a duplicate name, here is the description and screen
  • Worked on the issues and enhancements which were surfaced during an overall review of the app by the mentors, here is the list
  • Completed the enhancement where the user can see the number of resource parameters selected by him, here is the enhancement

Resource Count

  • Completed the enhancement where the breadcrumbs will always be visible to the user so that he does not have to scroll here is the enhancement, for the screen the above image can be taken as a reference
  • Completed the UI enhancement where the user can resize the selection dropdowns instead of scrolling through them, here is the enhancement

Resizeable Dropdowns
  • Fixed other minor bugs and enhancements as well

Problem

  • Stuck on the user story because designing the workflow from UI to backend is taking time since while creating a new permission set when a user creates a new sub permission and clicks on save, where will the new sub permission be saved ? there is no existing permission set in the permissions.xml! This issue can be solved by using the browser's local storage but there are other workflows also which need to be worked out for e.g. if a user wants to modifies that sub permission in the same context, and my other concern is to adopt a method which is in harmony with the current architecture

Next Tasks

  • To wrap up the current problems and issues
  • To complete the download permissions.xml user story

GSOC report week #10

Status

  • Completed the user story where a user can create a new permission set, here is the code change. The sub permissions which are created for a new permission set are stored temporarily in the browser local storage.
Create_New_Permission_Set.png
  • Revamped the user story which is the "save as new" feature for permission sets and sub permissions here is the code change

  • Enhanced the UI Validation mechanism of the application, making it uniform, intuitive and dynamic, here is the enhancement listed
UI_validation.png
  • Enhanced the selection mechanism for resource types, introduced a toggle and clear button which can toggle the selection of resource types and clear the selection respectively, here is the enhacement

toggle_selection.png
  • Fixed other enhancements and issues
  • Currently working on the download permissions.xml and UI help documentation user stories

Next Tasks

  • To complete the user stories i am currently working upon and to fix pending issues as many as possible

GSOC report week #11

Status

  • Completed the download part of the user story where the admin can download permissions xml on which he has been working on and currently working on the "view" part where he can view the xml. Here is the code change
  • Fixed the issue where while clicking on the cancel button user was not redirected to the parent page, here is the issue
  • Fixed the enhancement where urls in every view page were supposed to be decoded, here is the enhancement and here is the code fix
  • Created a new UI widget for "subject domain" field where a user can create options dynamically for the dropdown box by adding custom values, here is the code change
    Subject_Domain_Widget.png

  • Enabled the web app protection using the Tomcat's HTTP BASIC Authentication mechanism, here is the code change
  • Fixed other issues and enhancements

Next Tasks

  • Completing the "view" part of the user story
  • Completing the UI Documentation user story

GSOC report week #12

Status

  • Completed the user story, user can now view the permissions xml also and download the file from the modal window, here is the code completion for the user story
Download_Xml.png
  • Completed the user story which gives the facility of help text to the user in the UI so that he can make a better choice for parameters
Help_Text_2.png
  • Completed the user story which allows the user to specify actions at operational level such as Read and Update
operational_level.png
Clicking on the appropriate button will select the suitable action options
  • Fixed the bug which occured when a user tries to save a permission set without sub permissions, now the user is forced to have atleast 1 sub permission for a permission set

Next Tasks

  • Fix the remaining issues on the issue tracker
  • Improvise on the UI documentation

GSOC report week #13

Status

  • Fixed the enhancement (not really) ,since doing this in this version of the app was not feasible so we instead gave the user with the option to select enforcement points url which map to services already configured in the sos-instances-data.xml. Implementation of this enhancement involved a lot of work flows which had to be modified in the UI for e.g. if a user tries to modify a permission set by changing an enforcement point url from the dropdown then the user is given a warning saying "permissions from the previous enforcement point url will be deleted".

mappingeps.png
  • Fixed the bug where the resources while creating a permission were fetched from multiple sos-instances. A mapping is done now between the enforcement point url and serviceid of the sos-instance
  • Fixed the bug where the resource values in permissions.xml were not encoded

Next Tasks

  • To work on the User documentation and final blog post

Topic attachments
I Attachment Action Size Date Who Comment
Copy_Permission_Sets.pngpng Copy_Permission_Sets.png manage 47 K 21 Jul 2014 - 14:18 DushyantSabharwal  
Create_New_Permission_Set.pngpng Create_New_Permission_Set.png manage 52 K 21 Jul 2014 - 14:07 DushyantSabharwal Create New Permission to New Permission Set
Create_Permission.pngpng Create_Permission.png manage 64 K 15 Aug 2014 - 12:48 DushyantSabharwal Create Permission
Download_Xml.pngpng Download_Xml.png manage 77 K 04 Aug 2014 - 14:37 DushyantSabharwal Download Permissions Xml
FixedbreadCrumb.pngpng FixedbreadCrumb.png manage 39 K 14 Jul 2014 - 15:52 DushyantSabharwal Fixed Bread Crumbs
Help_Text_2.pngpng Help_Text_2.png manage 32 K 04 Aug 2014 - 14:51 DushyantSabharwal Help UI documentation
List_Permission_Sets.pngpng List_Permission_Sets.png manage 35 K 16 Aug 2014 - 06:09 DushyantSabharwal List Permission Sets
Modify_Permission_Set.pngpng Modify_Permission_Set.png manage 70 K 16 Aug 2014 - 06:18 DushyantSabharwal Modify Permission Set
OldTimeseriesPermissionManager.pngpng OldTimeseriesPermissionManager.png manage 23 K 18 Aug 2014 - 06:08 DushyantSabharwal Old Timeseries Permission Manager
Resource_Count.pngpng Resource_Count.png manage 35 K 14 Jul 2014 - 15:10 DushyantSabharwal  
Subject_Domain_Widget.pngpng Subject_Domain_Widget.png manage 26 K 28 Jul 2014 - 14:10 DushyantSabharwal Subject Domain Widget
UI_validation.pngpng UI_validation.png manage 41 K 21 Jul 2014 - 14:28 DushyantSabharwal UI Validations
breadCrumb.pngpng breadCrumb.png manage 3 K 14 Jul 2014 - 15:14 DushyantSabharwal Fixed Bread Crumbs
createPermission.pngpng createPermission.png manage 17 K 07 Jul 2014 - 12:21 DushyantSabharwal Create Sub Permission UI
deletePermission.pngpng deletePermission.png manage 45 K 07 Jul 2014 - 12:37 DushyantSabharwal Deleting sub permissions
mainscreen.pngpng mainscreen.png manage 23 K 03 Jun 2014 - 07:24 DushyantSabharwal This is the main screen where the admin can see all the permission sets existing in the system
mappingeps.pngpng mappingeps.png manage 14 K 12 Aug 2014 - 06:17 DushyantSabharwal Mapping Enforcement Points
oldAddPermissionSetDesign.pngpng oldAddPermissionSetDesign.png manage 41 K 18 Aug 2014 - 06:12 DushyantSabharwal Add Permission Set Mock up
oldDeletePermissionSets-2.pngpng oldDeletePermissionSets-2.png manage 16 K 18 Aug 2014 - 06:10 DushyantSabharwal  
oldDeletePermissionSets.pngpng oldDeletePermissionSets.png manage 24 K 18 Aug 2014 - 06:10 DushyantSabharwal  
oldWizardStyledScreen.pngpng oldWizardStyledScreen.png manage 52 K 18 Aug 2014 - 06:19 DushyantSabharwal Old Wizard Styled Screen
operational_level.pngpng operational_level.png manage 12 K 04 Aug 2014 - 15:13 DushyantSabharwal Actions at Operational Level
resizeable_dropdowns.pngpng resizeable_dropdowns.png manage 47 K 14 Jul 2014 - 16:02 DushyantSabharwal Resizeable Dropdowns
toggle_selection.pngpng toggle_selection.png manage 38 K 21 Jul 2014 - 14:50 DushyantSabharwal Toggle Resources
Topic revision: r28 - 27 Jun 2016, UnknownUser
Legal Notice | Privacy Statement


This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Wiki? Send feedback