Yes, the DN of the client should be added to the gridmap file configured for the services, so that they can be authorized. Rachana
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salman Zubair Toor Sent: Sunday, August 05, 2007 9:44 AM To: gt-user Cc: Johan Tordsson; P-O Östberg Subject: [gt-user] Exception while delegating user credentials.... Hi all, I want to delegate the user credentials to the service so that service can submit the jobs on behalf of user but I get Error: Client Site code: _______________________________ .......... ExtendedGSSManager manager = (ExtendedGSSManager)ExtendedGSSManager.getInstance(); cred = manager.createCredential(GSSCredential.INITIATE_AND_ACCEPT); GlobusCredential userGlobusCred = ((GlobusGSSCredentialImpl)cred).getGlobusCredential(); iA = new IdentityAuthorization(userGlobusCred.getIdentity()); }catch (Exception e){System.out.println("Eror: "+e);} try{ ((Stub) port )._setProperty(Constants.GSI_SEC_CONV, Constants.ENCRYPTION); ((Stub) port)._setProperty(Constants.AUTHORIZATION,iA); ((Stub) port)._setProperty(GSIConstants.GSI_MODE, GSIConstants.GSI_MODE_FULL_DELEG); (Stub) port)._setProperty(GSIConstants.GSI_CREDENTIALS, cred); ......... _______________________________ Service Side code : _______________________________ Subject subject = JaasSubject.getCurrentSubject(); if (subject != null) { cred = JaasGssUtil.getCredential(subject); } _______________________________ It delivers the credentials but throws this Exception. Submission ID: uuid:59a6f3e0-435f-11dc-896a-81489780028d 2007-08-05 16:22:51,934 INFO client.GramJob [ServiceThread-11,submit:415] <startTime name="submission">1186323771934</startTime> 2007-08-05 16:22:51,941 INFO client.GramJob [ServiceThread-11,fetchDelegationFactoryEndpoints:645] <startTime name="fetchDelegFactoryEndoints">1186323771941</startTime> 2007-08-05 16:22:52,272 INFO client.GramJob [ServiceThread-11,fetchDelegationFactoryEndpoints:652] <endTime name="fetchDelegFactoryEndoints">1186323772272</endTime> 2007-08-05 16:22:52,273 INFO client.GramJob [ServiceThread-11,delegate:730] <startTime name="fetchDelegCertChainRP">1186323772273</startTime> 2007-08-05 16:22:52,397 INFO client.GramJob [ServiceThread-11,delegate:739] <endTime name="fetchDelegCertChainRP">1186323772397</endTime> 2007-08-05 16:22:52,398 INFO client.GramJob [ServiceThread-11,delegate:764] <startTime name="delegate">1186323772398</startTime> 2007-08-05 16:22:52,521 WARN authorization.GridMapAuthorization [ServiceThread-10,isPermitted:158] Gridmap authorization failed: peer "/O=Grid/O=NorduGrid/CN=host/styx.uppmax.uu.se" not in gridmap file. 2007-08-05 16:22:52,521 WARN authorization.ServiceAuthorizationChain [ServiceThread-10,authorize:292] "/O=Grid/O=NorduGrid/CN=host/styx.uppmax.uu.se" is not authorized to use operation: {http://www.globus.org/08/2004/delegationService}requestSecurityToken on this service 2007-08-05 16:22:52,530 ERROR delegation.DelegationUtil [ServiceThread-11,delegate:440] org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationExceptio n: "/O=Grid/O=NorduGrid/CN=host/styx.uppmax.uu.se" is not authorized to use operation: {http://www.globus.org/08/2004/delegationService}requestSecurityToken on this service java.io.IOException: Job request error: org.globus.delegation.DelegationException: [Caused by: org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationExceptio n: "/O=Grid/O=NorduGrid/CN=host/styx.uppmax.uu.se" is not authorized to use operation: {http://www.globus.org/08/2004/delegationService}requestSecurityToken on this service] at org.globus.services.core.problemsolver.impl.ProblemSolverGRAMClient.processJ ob(ProblemSolverGRAMClient.java:334) at org.globus.services.core.problemsolver.impl.ProblemSolverGRAMClient.submitRS L(ProblemSolverGRAMClient.java:230) at org.globus.services.core.problemsolver.impl.ProblemSolverGRAMClient.multiJob Submission(ProblemSolverGRAMClient.java:498) at org.globus.services.core.problemsolver.impl.SolverJobSubmission.multiJobProc essing(ProblemSolverService.java:243) at org.globus.services.core.problemsolver.impl.ProblemSolverService.solverJobSu bmission(ProblemSolverService.java:184) at org.globus.services.core.problemsolver.impl.ProblemSolverService.findResourc e(ProblemSolverService.java:174) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384 ) at org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107) at org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeM ethodAction.java:42) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:379) at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55) at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90) at org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97) at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:2 81) at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java: 32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450) at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285) at org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664) at org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382) at org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:147 ) at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291) Anybody can guide me what exactly is wrong in this code. Should I enter "/O=Grid/O=NorduGrid/CN=host/styx.uppmax.uu.se" in gridmap-file. Thanks. Salman Toor.
