diff --git a/docs/TheBook/src/main/markdown/config-gplazma.md b/docs/TheBook/src/main/markdown/config-gplazma.md
index 4a4810edf36..2705e034218 100644
--- a/docs/TheBook/src/main/markdown/config-gplazma.md
+++ b/docs/TheBook/src/main/markdown/config-gplazma.md
@@ -703,47 +703,6 @@ Properties
#### account Plug-ins
-##### argus
-
- The argus plug-in bans users by their DN. It talks to your site’s ARGUS system (see [https://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFramework](https://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFramework)) to check for banned users.
-
-Properties
-
-**gplazma.argus.hostcert**
-
- Path to host certificate
- Default: `/etc/grid-security/hostcert.pem`
-
-
-
-**gplazma.argus.hostkey**
-
- Path to host key
- Default: `/etc/grid-security/hostkey.pem`
-
-
-
-**gplazma.argus.hostkey.password**
-
- Password for host key
- Default:
-
-
-
-**gplazma.argus.ca**
-
- Path to CA certificates
- Default: `/etc/grid-security/certificates`
-
-
-
-**gplazma.argus.endpoint**
-
- URL of PEP service
- Default: `https://localhost:8154/authz`
-
-
-
##### banfile
The `banfile` plug-in bans users by their principal class and the associated name. It is configured via a simple plain text file.
diff --git a/modules/gplazma2-argus/pom.xml b/modules/gplazma2-argus/pom.xml
deleted file mode 100644
index d54f50d0c7a..00000000000
--- a/modules/gplazma2-argus/pom.xml
+++ /dev/null
@@ -1,71 +0,0 @@
-
- 4.0.0
-
-
- org.dcache
- dcache-parent
- 10.2.0-SNAPSHOT
- ../../pom.xml
-
-
- gplazma2-argus
- jar
-
- gPlazma 2 Argus plugin
-
-
-
- org.slf4j
- slf4j-api
-
-
- org.slf4j
- log4j-over-slf4j
-
-
- com.google.guava
- guava
-
-
-
- org.glite.authz
- pep-common
-
-
- org.glite.authz
- pep-java
-
-
- commons-logging
- commons-logging
-
-
-
-
- commons-httpclient
- commons-httpclient
- runtime
-
-
- org.slf4j
- jcl-over-slf4j
- test
-
-
- org.dcache
- dcache-common
- ${project.version}
-
-
- org.dcache
- gplazma2
- ${project.version}
-
-
-
- org.bouncycastle
- ${bouncycastle.bcprov}
- runtime
-
-
-
diff --git a/modules/gplazma2-argus/src/main/java/org/dcache/gplazma/plugins/ArgusPepRequestFactory.java b/modules/gplazma2-argus/src/main/java/org/dcache/gplazma/plugins/ArgusPepRequestFactory.java
deleted file mode 100644
index 1d70f78857d..00000000000
--- a/modules/gplazma2-argus/src/main/java/org/dcache/gplazma/plugins/ArgusPepRequestFactory.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package org.dcache.gplazma.plugins;
-
-import static org.glite.authz.common.profile.CommonXACMLAuthorizationProfileConstants.DATATYPE_STRING;
-import static org.glite.authz.common.profile.CommonXACMLAuthorizationProfileConstants.ID_ATTRIBUTE_ACTION_ID;
-import static org.glite.authz.common.profile.CommonXACMLAuthorizationProfileConstants.ID_ATTRIBUTE_PROFILE_ID;
-import static org.glite.authz.common.profile.CommonXACMLAuthorizationProfileConstants.ID_ATTRIBUTE_RESOURCE_ID;
-import static org.glite.authz.common.profile.CommonXACMLAuthorizationProfileConstants.ID_ATTRIBUTE_SUBJECT_ID;
-
-import org.glite.authz.common.model.Action;
-import org.glite.authz.common.model.Attribute;
-import org.glite.authz.common.model.Environment;
-import org.glite.authz.common.model.Request;
-import org.glite.authz.common.model.Resource;
-import org.glite.authz.common.model.Subject;
-import org.glite.authz.pep.profile.AuthorizationProfile;
-
-public class ArgusPepRequestFactory {
-
- /**
- * @param dn DN of the subject
- * @param resourceId id of the resource to be accessed
- * @param actionId id of the action to be performed on the resource
- * @param profile id of the access profile (i.e. WN/CE)
- * @return a glite authz request to be sent to a PEPd
- */
- public static Request create(String dn, String resourceId, String actionId,
- AuthorizationProfile profile) {
-
- Action action = new Action();
-
- Attribute actionAttrib = new Attribute();
- actionAttrib.setId(ID_ATTRIBUTE_ACTION_ID);
- actionAttrib.setDataType(DATATYPE_STRING);
- actionAttrib.setIssuer(null);
- actionAttrib.getValues().add(actionId);
- action.getAttributes().add(actionAttrib);
-
- Resource resource = new Resource();
-
- Attribute resourceAttrib = new Attribute();
- resourceAttrib.setId(ID_ATTRIBUTE_RESOURCE_ID);
- resourceAttrib.setDataType(DATATYPE_STRING);
- resourceAttrib.setIssuer(null);
- resourceAttrib.getValues().add(resourceId);
- resource.getAttributes().add(resourceAttrib);
-
- Environment environment = new Environment();
- Attribute environmentAttrib = new Attribute();
- environmentAttrib.setId(ID_ATTRIBUTE_PROFILE_ID);
- environmentAttrib.setDataType(DATATYPE_STRING);
- environmentAttrib.setIssuer(null);
- environmentAttrib.getValues().add(profile.getProfileId());
- environment.getAttributes().add(environmentAttrib);
-
- Subject subject = new Subject();
- subject.setCategory(null);
-
- Attribute subjectAttribute = new Attribute();
- subjectAttribute.setId(ID_ATTRIBUTE_SUBJECT_ID);
- subjectAttribute.setDataType(DATATYPE_STRING);
- subjectAttribute.setIssuer(null);
- subjectAttribute.getValues().add(dn);
- subject.getAttributes().add(subjectAttribute);
-
- return profile.createRequest(subject, resource, action, environment);
- }
-}
diff --git a/modules/gplazma2-argus/src/main/java/org/dcache/gplazma/plugins/GPlazmaArgusPlugin.java b/modules/gplazma2-argus/src/main/java/org/dcache/gplazma/plugins/GPlazmaArgusPlugin.java
deleted file mode 100644
index 8df4d982558..00000000000
--- a/modules/gplazma2-argus/src/main/java/org/dcache/gplazma/plugins/GPlazmaArgusPlugin.java
+++ /dev/null
@@ -1,176 +0,0 @@
-package org.dcache.gplazma.plugins;
-
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Predicates.instanceOf;
-import static java.util.Objects.requireNonNull;
-
-import com.google.common.collect.Collections2;
-import java.security.Principal;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Properties;
-import java.util.Set;
-import org.dcache.gplazma.AuthenticationException;
-import org.glite.authz.common.model.Request;
-import org.glite.authz.common.model.Response;
-import org.glite.authz.common.model.Result;
-import org.glite.authz.pep.client.PEPClient;
-import org.glite.authz.pep.client.PEPClientException;
-import org.glite.authz.pep.client.config.PEPClientConfiguration;
-import org.glite.authz.pep.client.config.PEPClientConfigurationException;
-import org.glite.authz.pep.profile.GridWNAuthorizationProfile;
-import org.globus.gsi.gssapi.jaas.GlobusPrincipal;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Implementation of an Argus Authorisation plugin for gPlazma2
- *
- * The plugin supports blacklisting of subjects identified by X509 Certificates and/or their DN.
- *
- * @author karsten
- */
-public class GPlazmaArgusPlugin implements GPlazmaAccountPlugin {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(GPlazmaArgusPlugin.class);
-
- private static final String CREATING_ARGUS_PLUGIN_WITH_PARAMETERS_params = "Creating Argus Plugin with parameters: {}";
- private static final String COULD_NOT_CREATE_PEP_CLIENT_exception = "Could not create PEP Client";
- private static final String INVALID_CONFIGURATION_FOR_ARGUS_PLUGIN = "Invalid configuration for ARGUS plugin.";
- private static final String G_PLAZMA_ARGUS_PLUGIN_ARGS_MUST_NOT_BE_NULL = "GPlazmaArgusPlugin: args must not be null.";
- private static final String INITIALISING_PEP_CLIENT_CONFIGURATION = "Initialising PEPClientConfiguration";
- private static final String CONFIGURATION_resourceid_actionid = "Configuration: [{}]; [{}]";
- private static final String AUTHORISING_SUBJECT_dn = "Authorising subject {}.";
- private static final String CREATED_REQUEST_request = "Created request: {}";
- private static final String RECEIVED_RESPONSE_response = "Received response: {}";
- private static final String BLACKLIST_CHECK_FOR_USER_dn_FAILED_DUE_TO_EXCEPTION_IN_PLUGIN = "Blacklist check for user '{}' failed due to exception in plugin.";
- private static final String DECISION_CODE_code = "Decision code: ";
-
- private static final String KEY_PASS =
- "gplazma.argus.hostkey.password";
- private static final String HOST_KEY =
- "gplazma.argus.hostkey";
- private static final String HOST_CERT =
- "gplazma.argus.hostcert";
- private static final String TRUST_MATERIAL =
- "gplazma.argus.ca";
- private static final String ACTION_ID =
- "gplazma.argus.action";
- private static final String RESOURCE_ID =
- "gplazma.argus.resource";
- private static final String PEP_ENDPOINT =
- "gplazma.argus.endpoint";
-
- private final PEPClient _pepClient;
-
- private String _resourceId;
- private String _actionId;
-
- /**
- * Constructor
- *
- * @param properties a set of key value pairs containing the plugins configuration.
- */
- public GPlazmaArgusPlugin(Properties properties) {
-
- LOGGER.debug(CREATING_ARGUS_PLUGIN_WITH_PARAMETERS_params, properties);
-
- try {
- PEPClientConfiguration pepConfiguration = initPepConfiguration(properties);
- _pepClient = new PEPClient(pepConfiguration);
- } catch (PEPClientException e) {
- LOGGER.error(COULD_NOT_CREATE_PEP_CLIENT_exception, e);
- throw new IllegalArgumentException(INVALID_CONFIGURATION_FOR_ARGUS_PLUGIN, e);
- }
- }
-
- /**
- * Constructor
- *
- * @param pepClient client to be used by plugin
- */
- public GPlazmaArgusPlugin(PEPClient pepClient) {
- _pepClient = pepClient;
- }
-
- /**
- * This method initialises the instance's configuration, by parsing the parameters given in
- * args. Required key/value is PEPEndpoint.
- *
- * @param properties array of key value pairs containing the plugins configuration ( key1,
- * value1, key2, value2, ...)
- * @throws PEPClientConfigurationException
- */
- private PEPClientConfiguration initPepConfiguration(Properties properties)
- throws PEPClientConfigurationException {
- requireNonNull(properties, G_PLAZMA_ARGUS_PLUGIN_ARGS_MUST_NOT_BE_NULL);
-
- PEPClientConfiguration pepConfig = new PEPClientConfiguration();
-
- LOGGER.debug(INITIALISING_PEP_CLIENT_CONFIGURATION);
-
- pepConfig.addPEPDaemonEndpoint(getProperty(properties, PEP_ENDPOINT));
- _resourceId = getProperty(properties, RESOURCE_ID);
- _actionId = getProperty(properties, ACTION_ID);
- String trustMaterial = getProperty(properties, TRUST_MATERIAL);
- String hostCert = getProperty(properties, HOST_CERT);
- String hostKey = getProperty(properties, HOST_KEY);
- String keyPass = getProperty(properties, KEY_PASS);
-
- pepConfig.setTrustMaterial(trustMaterial);
- pepConfig.setKeyMaterial(hostCert, hostKey, keyPass);
-
- LOGGER.debug(CONFIGURATION_resourceid_actionid, _resourceId, _actionId);
-
- return pepConfig;
- }
-
- private String getProperty(Properties properties, String key) {
- String value = properties.getProperty(key);
- checkArgument(value != null, "Undefined property: " + key);
- return value;
- }
-
- @Override
- public void account(Set authorizedPrincipals)
- throws AuthenticationException {
-
- int decision = Result.DECISION_NOT_APPLICABLE;
-
- String dn = null;
- try {
- Collection globusPrincipals = Collections.emptySet();
- if (authorizedPrincipals != null) {
- globusPrincipals = Collections2
- .filter(authorizedPrincipals, instanceOf(GlobusPrincipal.class));
- }
-
- for (Principal principal : globusPrincipals) {
- dn = principal.getName();
-
- LOGGER.info(AUTHORISING_SUBJECT_dn, dn);
- Request request = ArgusPepRequestFactory.create(dn, _resourceId, _actionId,
- GridWNAuthorizationProfile.getInstance());
- LOGGER.debug(CREATED_REQUEST_request, request);
- Response response = _pepClient.authorize(request);
- LOGGER.debug(RECEIVED_RESPONSE_response, response);
-
- for (Result result : response.getResults()) {
- decision = result.getDecision();
- switch (decision) {
- case Result.DECISION_DENY:
- throw new AuthenticationException("user banned");
- case Result.DECISION_INDETERMINATE:
- throw new AuthenticationException("indeterminate result");
- }
- }
- }
- } catch (PEPClientException e) {
- decision = Result.DECISION_DENY;
- LOGGER.warn(BLACKLIST_CHECK_FOR_USER_dn_FAILED_DUE_TO_EXCEPTION_IN_PLUGIN, dn, e);
- throw new AuthenticationException("check failed", e);
- } finally {
- LOGGER.info(DECISION_CODE_code, decision);
- }
- }
-}
diff --git a/modules/gplazma2-argus/src/main/resources/META-INF/gplazma-plugins.xml b/modules/gplazma2-argus/src/main/resources/META-INF/gplazma-plugins.xml
deleted file mode 100644
index 8841840f077..00000000000
--- a/modules/gplazma2-argus/src/main/resources/META-INF/gplazma-plugins.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
- argus
- org.dcache.gplazma.plugins.GPlazmaArgusPlugin
-
-
diff --git a/modules/gplazma2-argus/src/test/java/org/dcache/gplazma/plugins/GPlazmaArgusPluginITCase.java b/modules/gplazma2-argus/src/test/java/org/dcache/gplazma/plugins/GPlazmaArgusPluginITCase.java
deleted file mode 100644
index 7e60a60f00e..00000000000
--- a/modules/gplazma2-argus/src/test/java/org/dcache/gplazma/plugins/GPlazmaArgusPluginITCase.java
+++ /dev/null
@@ -1,229 +0,0 @@
-package org.dcache.gplazma.plugins;
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.io.Resources;
-import java.security.Principal;
-import java.util.Properties;
-import java.util.Set;
-import org.dcache.gplazma.AuthenticationException;
-import org.globus.gsi.gssapi.jaas.GlobusPrincipal;
-import org.junit.Ignore;
-import org.junit.Test;
-
-/**
- * These tests test the gPlazma plugin for Argus. They rely on the following configuration:
- *
- * Argus PEP Endpoint at http://swords.desy.de:8154/authz with the following configuration:
- *
- * --- pepd.ini [SERVICE] entityId = http://swords.desy.de/authz hostname = swords.desy.de port =
- * 8154 adminPort = 8155 adminPassword =
- *
- * # PIPs to apply on incoming request pips = OPENSSLSUBJECT_PIP
- *
- * [PDP] pdps = http://localhost:8152/authz
- *
- * [SECURITY] servicePrivateKey = /etc/grid-security/hostkey.pem serviceCertificate =
- * /etc/grid-security/hostcert.pem trustInfoDir = /etc/grid-security/certificates enableSSL = false
- * requireClientCertAuthentication = true
- *
- * [OPENSSLSUBJECT_PIP] parserClass = org.glite.authz.pep.pip.provider.OpenSSLSubjectPIPIniConfigurationParser
- * opensslSubjectAttributeIDs = urn:oasis:names:tc:xacml:1.0:subject:subject-id
- * opensslSubjectAttributeDatatypes = http://www.w3.org/2001/XMLSchema#string ---
- *
- * and the policies created by running these 3 commands on the PAP server: # pap-admin ap --action
- * access --resource dcache permit subject="/C=EX/O=Example Org/OU=SOMEUNIT/CN=Some One" # pap-admin
- * ap --action access --resource dcache permit subject="/C=BG/O=Bogus Org/OU=BOGUS/CN=La Bogus" #
- * pap-admin ban subject "/C=BG/O=Bogus Org/OU=BOGUS/CN=La Bogus"
- *
- *
- * # pap-admin lp should then print the following: *****************************************************************************
- * default (local):
- *
- * resource ".*" {
- *
- * action ".*" { rule deny { subject="CN=La Bogus,OU=BOGUS,O=Bogus Org,C=BG" } } }
- *
- * resource "dcache" {
- *
- * action "access" { rule permit { subject="CN=La Bogus,OU=BOGUS,O=Bogus Org,C=BG" } rule permit {
- * subject="CN=Some One,OU=SOMEUNIT,O=Example Org,C=EX" } } }
- *
- * *****************************************************************************
- *
- * and on the machine swords.desy.de with a running Argus system and the corresponding
- * certificates.
- *
- * @author karsten
- */
-public class GPlazmaArgusPluginITCase {
-
- private static final String PERMITTED_DN = "/C=EX/O=Example Org/OU=SOMEUNIT/CN=Some One";
- private static final String PERMITTED_BANNED_DN = "/C=BG/O=Bogus Org/OU=BOGUS/CN=La Bogus";
- private static final String UNKNOWN_DN = "/C=XY/O=Unknows Org/OU=UNKNOWN/CN=A Stranger";
- private static final String VALID_ENDPOINT = "http://swords.desy.de:8154/authz";
- private static final String PEP_ENDPOINT = "gplazma.argus.endpoint";
- private static final String INVALID_ENDPOINT = "https://swords.desy.de:666/authz";
- private static final String RESOURCE_ID = "gplazma.argus.resource";
- private static final String VALID_RESOURCE = "http://example.org/dcache";
- private static final String ACTION_ID = "gplazma.argus.action";
- private static final String VALID_ACTION = "http://glite.org/xacml/action/execute";
- private static final String TRUST_MATERIAL = "gplazma.argus.ca";
- private static final String VALID_CERT_PATH = "/etc/grid-security/certificates";
- private static final String HOST_CERT = "gplazma.argus.hostcert";
- private static final String VALID_HOSTCERT = Resources.getResource(
- "org/dcache/gplazma/plugins/test.crt").getFile();
- private static final String HOST_KEY = "gplazma.argus.hostkey";
- private static final String VALID_HOSTKEY = Resources.getResource(
- "org/dcache/gplazma/plugins/test.key").getFile();
- private static final String KEY_PASS = "gplazma.argus.hostkey.password";
-
- private static final Set PermittedPrincipal =
- ImmutableSet.of(new GlobusPrincipal(PERMITTED_DN));
- private static final Set BannedPrincipal =
- ImmutableSet.of(new GlobusPrincipal(PERMITTED_BANNED_DN));
- private static final Set PermittedAndBannedPrincipals =
- ImmutableSet.of(new GlobusPrincipal(PERMITTED_DN),
- new GlobusPrincipal(PERMITTED_BANNED_DN));
- private static final Set UnknownPrincipals =
- ImmutableSet.of(new GlobusPrincipal(UNKNOWN_DN));
-
- /**
- * Test successful authorisation with correct parameters
- *
- * @throws AuthenticationException
- */
- @Ignore
- @Test
- public void shouldSucceedForPermittedPrincipal()
- throws AuthenticationException {
- Properties givenConfiguration = new Properties();
- givenConfiguration.put(PEP_ENDPOINT, VALID_ENDPOINT);
- givenConfiguration.put(RESOURCE_ID, VALID_RESOURCE);
- givenConfiguration.put(ACTION_ID, VALID_ACTION);
- givenConfiguration.put(TRUST_MATERIAL, VALID_CERT_PATH);
- givenConfiguration.put(HOST_CERT, VALID_HOSTCERT);
- givenConfiguration.put(HOST_KEY, VALID_HOSTKEY);
- givenConfiguration.put(KEY_PASS, "");
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(givenConfiguration);
-
- plugin.account(PermittedPrincipal);
- }
-
- /**
- * Test successful authorisation with correct parameters
- *
- * @throws AuthenticationException
- */
- @Ignore
- @Test
- public void shouldSucceedForMultipleEndpointsAndPermittedPrincipal()
- throws AuthenticationException {
-
- Properties givenConfiguration = new Properties();
- givenConfiguration.put(PEP_ENDPOINT, INVALID_ENDPOINT);
- givenConfiguration.put(PEP_ENDPOINT, VALID_ENDPOINT);
- givenConfiguration.put(RESOURCE_ID, VALID_RESOURCE);
- givenConfiguration.put(ACTION_ID, VALID_ACTION);
- givenConfiguration.put(TRUST_MATERIAL, VALID_CERT_PATH);
- givenConfiguration.put(HOST_CERT, VALID_HOSTCERT);
- givenConfiguration.put(HOST_KEY, VALID_HOSTKEY);
- givenConfiguration.put(KEY_PASS, "");
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(givenConfiguration);
-
- plugin.account(PermittedPrincipal);
- }
-
- /**
- * Authorisation success on unknown DN (here the DN is in wrong order)
- *
- * @throws AuthenticationException
- */
- @Ignore
- @Test
- public void shouldSucceedForUnknownPrincipal()
- throws AuthenticationException {
- Properties givenConfiguration = new Properties();
- givenConfiguration.put(PEP_ENDPOINT, VALID_ENDPOINT);
- givenConfiguration.put(RESOURCE_ID, VALID_RESOURCE);
- givenConfiguration.put(ACTION_ID, VALID_ACTION);
- givenConfiguration.put(TRUST_MATERIAL, VALID_CERT_PATH);
- givenConfiguration.put(HOST_CERT, VALID_HOSTCERT);
- givenConfiguration.put(HOST_KEY, VALID_HOSTKEY);
- givenConfiguration.put(KEY_PASS, "");
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(givenConfiguration);
-
- plugin.account(UnknownPrincipals);
- }
-
- /**
- * Test result DENY authorisation with banned user
- *
- * @throws AuthenticationException
- */
- @Ignore
- @Test(expected = AuthenticationException.class)
- public void shouldFailForBannedPrincipal()
- throws AuthenticationException {
- Properties givenConfiguration = new Properties();
- givenConfiguration.put(PEP_ENDPOINT, VALID_ENDPOINT);
- givenConfiguration.put(RESOURCE_ID, VALID_RESOURCE);
- givenConfiguration.put(ACTION_ID, VALID_ACTION);
- givenConfiguration.put(TRUST_MATERIAL, VALID_CERT_PATH);
- givenConfiguration.put(HOST_CERT, VALID_HOSTCERT);
- givenConfiguration.put(HOST_KEY, VALID_HOSTKEY);
- givenConfiguration.put(KEY_PASS, "");
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(givenConfiguration);
-
- plugin.account(BannedPrincipal);
- }
-
- /**
- * Test result DENY authorisation with banned user
- *
- * @throws AuthenticationException
- */
- @Ignore
- @Test(expected = AuthenticationException.class)
- public void shouldFailForPermittedAndBannedPrincipal()
- throws AuthenticationException {
- Properties givenConfiguration = new Properties();
- givenConfiguration.put(PEP_ENDPOINT, VALID_ENDPOINT);
- givenConfiguration.put(RESOURCE_ID, VALID_RESOURCE);
- givenConfiguration.put(ACTION_ID, VALID_ACTION);
- givenConfiguration.put(TRUST_MATERIAL, VALID_CERT_PATH);
- givenConfiguration.put(HOST_CERT, VALID_HOSTCERT);
- givenConfiguration.put(HOST_KEY, VALID_HOSTKEY);
- givenConfiguration.put(KEY_PASS, "");
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(givenConfiguration);
-
- plugin.account(PermittedAndBannedPrincipals);
- }
-
- /**
- * Test result DENY with invalid/unreachable PEP
- *
- * @throws AuthenticationException
- */
- @Ignore
- @Test(expected = AuthenticationException.class)
- public void shouldFailForNonExistentPepEndpoint()
- throws AuthenticationException {
- Properties givenConfiguration = new Properties();
- givenConfiguration.put(PEP_ENDPOINT, INVALID_ENDPOINT);
- givenConfiguration.put(RESOURCE_ID, VALID_RESOURCE);
- givenConfiguration.put(ACTION_ID, VALID_ACTION);
- givenConfiguration.put(TRUST_MATERIAL, VALID_CERT_PATH);
- givenConfiguration.put(HOST_CERT, VALID_HOSTCERT);
- givenConfiguration.put(HOST_KEY, VALID_HOSTKEY);
- givenConfiguration.put(KEY_PASS, "");
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(givenConfiguration);
-
- plugin.account(BannedPrincipal);
- }
-}
diff --git a/modules/gplazma2-argus/src/test/java/org/dcache/gplazma/plugins/GPlazmaArgusPluginTest.java b/modules/gplazma2-argus/src/test/java/org/dcache/gplazma/plugins/GPlazmaArgusPluginTest.java
deleted file mode 100644
index 1a5830a630d..00000000000
--- a/modules/gplazma2-argus/src/test/java/org/dcache/gplazma/plugins/GPlazmaArgusPluginTest.java
+++ /dev/null
@@ -1,143 +0,0 @@
-package org.dcache.gplazma.plugins;
-
-import java.security.Principal;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-import org.dcache.gplazma.AuthenticationException;
-import org.glite.authz.common.model.Request;
-import org.glite.authz.common.model.Response;
-import org.glite.authz.common.model.Result;
-import org.glite.authz.pep.client.PEPClient;
-import org.glite.authz.pep.client.PEPClientException;
-import org.glite.authz.pep.client.config.PEPClientConfiguration;
-import org.globus.gsi.gssapi.jaas.GlobusPrincipal;
-import org.junit.Test;
-
-/**
- * @author karsten
- */
-public class GPlazmaArgusPluginTest {
-
- private static final String GLOBUS_DN = "CN=Some One/O=Example Org/OU=SOMEUNIT/C=EX";
- private static final String VALID_DN = "CN=Some One,OU=SOMEUNIT,O=Example Org,C=EX";
- private static final String BANNED_DN = "CN=La Bogus,OU=BOGUS,O=Bugus Org,C=BG";
-
- private static final Set ValidPrincipals = new HashSet(
- Arrays.asList(new GlobusPrincipal(VALID_DN)));
-
- @Test(expected = NullPointerException.class)
- public void testGPlazmaArgusPluginWithArgsNull() {
- new GPlazmaArgusPlugin((Properties) null);
- }
-
- @Test
- public void testResponsePermit() throws PEPClientException, AuthenticationException {
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(
- MockPEPClient.create(null, Result.DECISION_PERMIT));
- plugin.account(ValidPrincipals);
- }
-
- @Test(expected = AuthenticationException.class)
- public void testResponseDeny() throws PEPClientException, AuthenticationException {
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(
- MockPEPClient.create(null, Result.DECISION_DENY));
- plugin.account(ValidPrincipals);
- }
-
- @Test(expected = AuthenticationException.class)
- public void testResponseIndeterminate() throws PEPClientException, AuthenticationException {
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(
- MockPEPClient.create(null, Result.DECISION_INDETERMINATE));
- plugin.account(ValidPrincipals);
- }
-
- @Test
- public void testResponseNotApplicable() throws PEPClientException, AuthenticationException {
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(
- MockPEPClient.create(null, Result.DECISION_NOT_APPLICABLE));
- plugin.account(ValidPrincipals);
- }
-
- @Test(expected = AuthenticationException.class)
- public void testMixedResponsePermitDeny() throws PEPClientException, AuthenticationException {
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(
- MockPEPClient.create(null, Result.DECISION_PERMIT, Result.DECISION_DENY));
- plugin.account(ValidPrincipals);
- }
-
- @Test(expected = AuthenticationException.class)
- public void testMixedResponsePermitNotApplicableIndeterminatePermit()
- throws PEPClientException, AuthenticationException {
-
- GPlazmaArgusPlugin plugin = new GPlazmaArgusPlugin(
- MockPEPClient.create(null, Result.DECISION_PERMIT, Result.DECISION_NOT_APPLICABLE,
- Result.DECISION_INDETERMINATE, Result.DECISION_PERMIT));
- plugin.account(ValidPrincipals);
- }
-
- @Test(expected = AuthenticationException.class)
- public void testException() throws PEPClientException, AuthenticationException {
-
- new GPlazmaArgusPlugin(
- MockPEPClient.create(new PEPClientException(), Result.DECISION_PERMIT)).account(
- ValidPrincipals);
- }
-
- /**
- * Mock PEPClient to test arbitrary responses
- *
- * @author karsten
- */
- private static class MockPEPClient extends PEPClient {
-
- private final Response _response;
- private final PEPClientException _exception;
-
- public static MockPEPClient create(PEPClientException exception, int... decisions)
- throws PEPClientException {
- return new MockPEPClient(createConfig(), createResponse(decisions), exception);
- }
-
- private MockPEPClient(PEPClientConfiguration config, Response response,
- PEPClientException exception)
- throws PEPClientException {
- super(config);
- _exception = exception;
- _response = response;
- }
-
- @Override
- public Response authorize(Request request) throws PEPClientException {
- if (_exception != null) {
- throw _exception;
- }
- return _response;
- }
-
- private static PEPClientConfiguration createConfig() {
- PEPClientConfiguration dummyConfig = new PEPClientConfiguration();
- dummyConfig.addPEPDaemonEndpoint("");
- return dummyConfig;
- }
-
- private static Response createResponse(int... decisions) {
- Response response = new Response();
- for (int i : decisions) {
- Result result = new Result();
- result.setDecision(i);
- response.getResults().add(result);
- }
- return response;
- }
-
- }
-
-
-}
diff --git a/modules/gplazma2-argus/src/test/resources/org/dcache/gplazma/plugins/test.crt b/modules/gplazma2-argus/src/test/resources/org/dcache/gplazma/plugins/test.crt
deleted file mode 100644
index 9d9f1863f5f..00000000000
--- a/modules/gplazma2-argus/src/test/resources/org/dcache/gplazma/plugins/test.crt
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICnzCCAggCCQCQaPCpJXsqoDANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC
-RVgxEDAOBgNVBAgTB0V4YW1wbGUxEzARBgNVBAcTCkV4YW1wbGV0b24xFDASBgNV
-BAoTC0V4YW1wbGUgTHRkMRAwDgYDVQQLEwdUZXN0aW5nMREwDwYDVQQDEwhTb21l
-IE9uZTEiMCAGCSqGSIb3DQEJARYTc29tZW9uZUBleGFtcGxlLmNvbTAeFw0xMjAz
-MDkxMTQ3NDlaFw0xMzA3MjIxMTQ3NDlaMIGTMQswCQYDVQQGEwJFWDEQMA4GA1UE
-CBMHRXhhbXBsZTETMBEGA1UEBxMKRXhhbXBsZXRvbjEUMBIGA1UEChMLRXhhbXBs
-ZSBMdGQxEDAOBgNVBAsTB1Rlc3RpbmcxETAPBgNVBAMTCFNvbWUgT25lMSIwIAYJ
-KoZIhvcNAQkBFhNzb21lb25lQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDDGyQtsdTZCPEZ7j8UlIeCMgmOVVyV8n3rDjggcvl7u9VckU6I
-ord089YlQdZUvJAfSDba0hA1Vh0LSrIeWmpDYNgyB9YBg5zXBBaXuDmljUeqL+XF
-y6a4pTZ3+yv3QRP4yh5JDG+lveaNh4NWjswuNPHTLgx0+2MoWApNGvpU3QIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4GBABFnmAuj1BFtS4E5lOKh+G1hVCxo+OtFe6N9H7a8
-VuLEFRr7s6rbJej65Ef0rpexfK6mJ18V8Bm25KGDf9OPEViPf0hA9ZxcfE5siheX
-ur7g8la/CjADdFAJwHMhHFkf31rDtPEr7qL/3paoQiPb0Q2WvPd6zZkbocBmrH7u
-Hy8I
------END CERTIFICATE-----
diff --git a/modules/gplazma2-argus/src/test/resources/org/dcache/gplazma/plugins/test.key b/modules/gplazma2-argus/src/test/resources/org/dcache/gplazma/plugins/test.key
deleted file mode 100644
index 65edf91504a..00000000000
--- a/modules/gplazma2-argus/src/test/resources/org/dcache/gplazma/plugins/test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDDGyQtsdTZCPEZ7j8UlIeCMgmOVVyV8n3rDjggcvl7u9VckU6I
-ord089YlQdZUvJAfSDba0hA1Vh0LSrIeWmpDYNgyB9YBg5zXBBaXuDmljUeqL+XF
-y6a4pTZ3+yv3QRP4yh5JDG+lveaNh4NWjswuNPHTLgx0+2MoWApNGvpU3QIDAQAB
-AoGBAJYOuOugG2l1lCHyeHe2qOY839al1pjJMYlonUhvxWwiEj6oz3MNWvZLV8e9
-9D+l617z5qSz7Z1oBtyZbZckyRaDha7tuKAmLpZpnAcKkBw/9rA5CQfrwJ7yR9Q1
-uc1lC8ianOYjL8sZ0dafcr6yg++bvvfdEi+Xqijb8uTfIMBtAkEA4nIWHCV+h/u3
-r+5kJb0qIvehBibiv/w/sAgm+iuWmdmfxPNEoedgZnsBiUH69P07bSE1cTrifWbR
-Oexr+0ifswJBANyR8o+6lCAEA9NhWb88Pt/4SEOlhKk+t0Ae47Gft089ppkIDPFv
-95DWQa2GYkXq6XUVGK+67BbOCJ5DQXG9cS8CQQCs30vh0P338kMZHHV4GiHA8CsN
-90HEL16vlImtEvm2Gl3OjaknsOv3UJCrqKNdxLVJasDR4JJoCcZQ4hzNiXPhAkBe
-QagsL4k5HT4dSI63oCEmSM1oywSj5n8c0ZZvw1bsb+YPo1cUncpnhIfQhYrdYgOd
-2wQPpItbO3SHXSpMVq5VAkBAbGCpgV8KCN3pKDa9Mn/BihcAp6bGjw4DJ8qVW6ag
-Qa5zHdqeBhjVCKxHGF2a0597dZq8RnkODAt9ZjvbuRIw
------END RSA PRIVATE KEY-----
diff --git a/packages/pom.xml b/packages/pom.xml
index a8fff140fe0..b7be98cd99e 100644
--- a/packages/pom.xml
+++ b/packages/pom.xml
@@ -105,11 +105,6 @@
missingfiles-semsg
${project.version}
-
- org.dcache
- gplazma2-argus
- ${project.version}
-
org.dcache
gplazma2-fermi
diff --git a/pom.xml b/pom.xml
index 5d871f617e3..c2f13b4a271 100644
--- a/pom.xml
+++ b/pom.xml
@@ -259,33 +259,6 @@
-
- org.glite.authz
- pep-common
- 2.3.1
-
-
- org.glite.authz
- pep-java
- 2.3.0
-
-
- log4j
- log4j
-
-
-
-
- commons-httpclient
- commons-httpclient
- 3.1
-
-
- commons-logging
- commons-logging
-
-
-
gov.fnal
vox-alldepends
@@ -1467,7 +1440,6 @@
modules/common-security
modules/cells
modules/gplazma2
- modules/gplazma2-argus
modules/gplazma2-fermi
modules/gplazma2-grid
modules/gplazma2-krb5
diff --git a/skel/share/defaults/gplazma.properties b/skel/share/defaults/gplazma.properties
index c6835c5ca64..255257e71e4 100644
--- a/skel/share/defaults/gplazma.properties
+++ b/skel/share/defaults/gplazma.properties
@@ -227,27 +227,6 @@ gplazma.vomsdir.refresh-interval.unit = HOURS
# ---- Path to the grid-vorolemap file
gplazma.vorolemap.file=${dcache.paths.grid-security}/grid-vorolemap
-# ---- Password of the host key, if any
-gplazma.argus.hostkey.password=
-
-# ---- Path to the PEM encoded host key
-gplazma.argus.hostkey=${dcache.authn.hostcert.key}
-
-# ---- Path to the PEM encoded host certificate
-gplazma.argus.hostcert=${dcache.authn.hostcert.cert}
-
-# ---- Path to the directory containing trusted CA certificates
-gplazma.argus.ca=${dcache.authn.capath}
-
-# ---- Argus resource ID
-gplazma.argus.resource=dcache
-
-# ---- Argus action ID
-gplazma.argus.action=access
-
-# ---- Argus endpoint
-gplazma.argus.endpoint=https://localhost:8154/authz
-
# ---- Path to kpwd file
gplazma.kpwd.file = ${dcache.paths.etc}/dcache.kpwd