Support #1329

Ability to post news on a VRE from the OpenAIRE workflow manager

Added by Alessia Bardi about 4 years ago. Updated almost 4 years ago.

Status:ClosedStart date:Nov 10, 2015
Priority:NormalDue date:
Assignee:Massimiliano Assante% Done:

100%

Category:-
Milestones:
Duration:

Description

We would like to be able to post news on a VRE (yet to be asked) from an external service.
Specifically, we would like the D-Net workflow manager to notify via news the completion of a workflow.

Massi already explained that only applications/services inside the VRE can write on the news feed and proposed the following:
1. We should write a servlet that can be called from the outside via REST
2. The servlet, deployed on the VRE, can write on the news feed
3. On the D-Net side we have to write the code that calls the servlet in the VRE to fire the publication of the news

The approach seems to be feasible but we need to address the authentication/authorization (AA) phase, so that only authorised applications can call the servlet.
Two approaches seem to be available:
1. AA via HTTPS with user/password
2. AA via token (similar to OAuth)

At first sight, we would prefer to go for the first option (AA via HTTPS) using a dedicated user.


Related issues

Related to BlueBRIDGE - Project Task #700: T10.3 Federated Resources Management [Months: 1-29] Closed Mar 07, 2016 Apr 30, 2016
Related to gCube - Feature #1781: Social Networking Library: REST interface Closed Dec 10, 2015 Jan 16, 2016

History

#1 Updated by Pasquale Pagano about 4 years ago

Alessia Bardi wrote:

We would like to be able to post news on a VRE (yet to be asked) from an external service.
Specifically, we would like the D-Net workflow manager to notify via news the completion of a workflow.

Is the D-Net workflow manager a servlet standard web app? Is it running on tomcat?
If yes, you could install Smartgears in the container and add a web.xml ocnfiguration files somewhere (i don't remember the details) and then your workflow manager will become a service in the VRE.

Massi already explained that only applications/services inside the VRE can write on the news feed and proposed the following:
1. We should write a servlet that can be called from the outside via REST
2. The servlet, deployed on the VRE, can write on the news feed
3. On the D-Net side we have to write the code that calls the servlet in the VRE to fire the publication of the news

The approach seems to be feasible but we need to address the authentication/authorization (AA) phase, so that only authorised applications can call the servlet.
Two approaches seem to be available:
1. AA via HTTPS with user/password
2. AA via token (similar to OAuth)

At first sight, we would prefer to go for the first option (AA via HTTPS) using a dedicated user.

Both are feasible.

Clearly I may completely wrong since I did not get fully the picture.

#2 Updated by Massimiliano Assante about 4 years ago

The idea is that we deploy a war (containing a simple servlet) into the D4Science gateways which (upon auth to be verified) would act as a bridge between external applications and the VRE.

The servlet will be contacted over https through http posts (i think). So the external application will have only to pass parameters though it. If we go in this direction we already have almost everything in place, except that the application that calls the servlet method must be authenticated/authorized somehow.

#3 Updated by Pasquale Pagano about 4 years ago

Yes, i agree with you. It remains the fact that without enriching the container where the service runs with SmartGears we will enable an unknown service to post on a VRE and this is conceptually wrong. If we will do it and it costs nothing, we will have a proper integration of a d-net service in d4science.

#4 Updated by Massimiliano Assante about 4 years ago

@pasquale.pagano@isti.cnr.it , perhaps there's a misunderstanding here. When @alessia.bardi@isti.cnr.it wrote < inside the VRE > she meant the VRE of the gateway, not the services of the VRE. Indeed the servlet we will deploy will have to run in the tomcat instance running the D4Science Gateway, not a smartGear tomcat.

#5 Updated by Massimiliano Assante about 4 years ago

@lucio.lelii@isti.cnr.it could you tell if the authorisation service can be used for this specific type of interaction. AFAIK it should.

#6 Updated by Lucio Lelii about 4 years ago

A solution could be to register a user to the new VRE, generate a token for that user and then using the token to contact the service bridge realized by Massi.
The bridge will validate the token contacting the AuthorizationService, authorizing or rejecting the call.

#7 Updated by Massimiliano Assante about 4 years ago

  • Related to Project Task #698: T10.1 Integrate Computing Infrastructure Resources [Months: 1-29] added

#8 Updated by Massimiliano Assante about 4 years ago

  • Related to deleted (Project Task #698: T10.1 Integrate Computing Infrastructure Resources [Months: 1-29])

#9 Updated by Massimiliano Assante about 4 years ago

  • Related to Project Task #700: T10.3 Federated Resources Management [Months: 1-29] added

#10 Updated by Massimiliano Assante about 4 years ago

  • Related to Feature #1781: Social Networking Library: REST interface added

#11 Updated by Massimiliano Assante about 4 years ago

  • Status changed from New to Closed

Feature https://support.d4science.org/issues/1781 has been opened to track this activity

#12 Updated by Alessia Bardi about 4 years ago

If I understand correctly, thanks to #1781 we won't need a service bridge but we will be able to use the Social Networking Library to post news on the VRE directly from one of our D-Net services. Is this the case?

#13 Updated by Massimiliano Assante about 4 years ago

Yes, the idea is to expose a subset of the methods of SNL via REST, still need to understand better how to enforce authorisations on these. However the first method the SNL-REST will expose will be the one for posting so that you can start playing with it.

#14 Updated by Massimiliano Assante almost 4 years ago

  • % Done changed from 0 to 100

#15 Updated by Alessia Bardi almost 4 years ago

  • Assignee changed from Massimiliano Assante to _DNET-TEAM
  • Status changed from Closed to In Progress

Massi can you set this ticket to new again?
I have re-assigned it to the DNET team (I do not know why it was assigned to you), but we will be able to work on it after February. Thanks.

#16 Updated by Massimiliano Assante almost 4 years ago

I think you need another new ticket for this and put this as related. I mean this ticket purpose was to provide you with support for posting in VREs from outside the D4Science infra. We completed this activity and now is your turn to exploit it, for this I would use another new ticket. Sounds good?

#17 Updated by Alessia Bardi almost 4 years ago

  • Assignee changed from _DNET-TEAM to Massimiliano Assante
  • Status changed from In Progress to Closed

Ok.

Also available in: Atom PDF