Re: [gt-user] how to use host credential in GT4 Web Service and RFT error

Ravi Madduri Tue, 09 Oct 2007 02:50:49 -0700

If I understand what you are doing, you should be not be invoking RFT using
host creds but instead use a delegated credential of a user. For that you
would have to have the user create a delagated cred resource in the
delegation service and then pass the EPR to RFT request.


On 10/8/07, Xu Xiao <[EMAIL PROTECTED]> wrote:
>
> hi,
>
>    I wrote two services A and B using java. and I want to run service
> A's client in service B. I'd better use host credential when calling
> service A, right ?  Please tell me how to use host credential in
> service B so that when I call service A in service B I can use it. Can
> you give me an example.
>    And another question. If I want to call RFT client in service B.
> and I got the following exception in container.log:
> 2007-10-08 14:16:38 [WARN] Gridmap authorization failed: peer
> "/O=Grid/OU=GlobusTest/OU=simpleCA-server132/CN=host/freedom" not in
> gridmap file.
> 2007-10-08 14:16:38 [WARN]
> "/O=Grid/OU=GlobusTest/OU=simpleCA-server132/CN=host/freedom" is not
> authorized to use operation:
> {http://www.globus.org/08/2004/delegationService}requestSecurityToken
> on this service
> 2007-10-08 14:16:38 [ERROR]
>
> org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException
> :
> "/O=Grid/OU=GlobusTest/OU=simpleCA-server132/CN=host/freedom" is not
> authorized to use operation:
> {http://www.globus.org/08/2004/delegationService}requestSecurityToken
> on this service
> . Caused by AxisFault
> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> faultSubcode:
> faultString:
> org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException
> :
> &quot;/O=Grid/OU=GlobusTest/OU=simpleCA-server132/CN=host/freedom&quot;
> is not authorized to use operation:
> {http://www.globus.org/08/2004/delegationService}requestSecurityToken
> on this service
> faultActor:
> faultNode:
> faultDetail:
>         {
> http://xml.apache.org/axis/}stackTrace:org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException
> :
> &quot;/O=Grid/OU=GlobusTest/OU=simpleCA-server132/CN=host/freedom&quot;
> is not authorized to use operation:
> {http://www.globus.org/08/2004/delegationService}requestSecurityToken
> on this service
>         at
> org.globus.wsrf.impl.security.authorization.ServiceAuthorizationChain.authorize
> (ServiceAuthorizationChain.java:301)
>         at
> org.globus.wsrf.impl.security.authorization.ServiceAuthorizationChain.authorize
> (ServiceAuthorizationChain.java:272)
>         at
> org.globus.wsrf.impl.security.authorization.ServiceAuthorizationChain.authorize
> (ServiceAuthorizationChain.java:235)
>         at
> org.globus.wsrf.impl.security.authorization.AuthorizationHandler.invoke(
> AuthorizationHandler.java:173)
>         at org.apache.axis.strategies.InvocationStrategy.visit(
> InvocationStrategy.java:32)
>         at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>         at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>         at org.apache.axis.server.AxisServer.invoke(AxisServer.java:248)
>         at org.globus.wsrf.container.ServiceThread.doPost(
> ServiceThread.java:676)
>         at org.globus.wsrf.container.ServiceThread.process(
> ServiceThread.java:397)
>         at org.globus.wsrf.container.GSIServiceThread.process(
> GSIServiceThread.java:151)
>         at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java
> :302)
>
>         {http://xml.apache.org/axis/}hostname:freedom
>
>
> org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException
> :
> "/O=Grid/OU=GlobusTest/OU=simpleCA-server132/CN=host/freedom" is not
> authorized to use operation:
> {http://www.globus.org/08/2004/delegationService}requestSecurityToken
> on this service
>         at org.apache.axis.message.SOAPFaultBuilder.createFault(
> SOAPFaultBuilder.java:221)
>         at org.apache.axis.message.SOAPFaultBuilder.endElement(
> SOAPFaultBuilder.java:128)
>         at org.apache.axis.encoding.DeserializationContext.endElement(
> DeserializationContext.java:1087)
>         at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
> Source)
>         at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement
> (Unknown
> Source)
>         at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch
> (Unknown
> Source)
>         at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
> Source)
>         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
> Source)
>         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
> Source)
>         at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>         at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
> Source)
>         at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse
> (Unknown
> Source)
>         at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
>         at org.apache.axis.encoding.DeserializationContext.parse(
> DeserializationContext.java:227)
>         at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:645)
>         at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
>         at
> org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse
> (AddressingHandler.java:305)
>         at
> org.apache.axis.message.addressing.handler.AddressingHandler.invoke(
> AddressingHandler.java:110)
>         at org.apache.axis.strategies.InvocationStrategy.visit(
> InvocationStrategy.java:32)
>         at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>         at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>         at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
>         at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>         at org.apache.axis.client.Call.invoke(Call.java:2710)
>         at org.apache.axis.client.Call.invoke(Call.java:2386)
>         at org.apache.axis.client.Call.invoke(Call.java:2309)
>         at org.apache.axis.client.Call.invoke(Call.java:1766)
>         at
> org.globus.delegationService.DelegationFactoryPortTypeSOAPBindingStub.requestSecurityToken
> (DelegationFactoryPortTypeSOAPBindingStub.java:1230)
>         at org.globus.delegation.DelegationUtil.delegate(
> DelegationUtil.java:432)
>         at pact.grid.easytools.util.BaseRFTClient.delegateCredential(
> BaseRFTClient.java:304)
>         at pact.grid.easytools.util.GlobusRFTClient.runRFT(
> GlobusRFTClient.java:151)
>         at
> pact.grid.easytools.transfer.impl.TransferClientImpl.exeRFTtrans(
> TransferClientImpl.java:200)
>         at hit.pact.crawler.daemons.node.host.ExeFileTransfer.exeTransfer(
> ExeFileTransfer.java:117)
>         at
> hit.pact.crawler.daemons.node.host.RawFileProcessor.callTransfer(
> RawFileProcessor.java:206)
>         at
> hit.pact.crawler.daemons.node.host.RawFileProcessor$RealProcess.run(
> RawFileProcessor.java:280)
> runRFT:Error: org.globus.delegation.DelegationException:  [Caused by:
>
> org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException
> :
> "/O=Grid/OU=GlobusTest/OU=simpleCA-server132/CN=host/freedom" is not
> authorized to use operation:
> {http://www.globus.org/08/2004/delegationService}requestSecurityToken
> on this service]
>
>   I created a credential for user globus. And it sames that host
> credential is used instead of globus's.  Please tell me how to solve
> this error. An example code will be appreciated.
>
> Thanks.
>
>


-- 
-- Ravi

Ravi K Madduri
The Globus Alliance | Argonne National Laboratory
http://www-unix.mcs.anl.gov/~madduri

Re: [gt-user] how to use host credential in GT4 Web Service and RFT error

Reply via email to