There is a service side scenario on that page and I am pasting it below.
This is how you would get credentials and the update to the credentials on
refresh at the service end.
Rachana
1.2. Service-side scenario
1.2.1. Registering a listener
This section describes the usage scenario where a service is provided with a
delegated credential EPR and needs to access the credential. Typically, as a
part of an application the delegated credential EPR is sent to the service
and it is assumed that the delegation service is co-hosted (that is, it runs
in the same hosting environment).
The service needs to create a listener object that implements the
org.globus.delegation.DelegationRefreshListener interface and register the
listener with the Delegation Service. Upon registering the listener, the
Delegation Service checks that the delegator identity matches either the
identity passed in the subject object or the identity contained in the peer
subject associated with the current message context. Once the listener has
been authorized the delegated credential is made available to the listener.
static void
registerDelegationListener(EndpointReferenceType epr,
DelegationRefreshListener listener,
Subject subject)This method registers the listener listener with
the delegation resource referenced by epr. The operation is permitted only
if the identity in the subject object matches that of the user who delegated
the credential.
static void
registerDelegationListener(EndpointReferenceType epr,
DelegationRefreshListener listener)This method provides the same
functionality as the previous one, except that the subject object is picked
up from the property org.globus.wsrf.security.Constants.PEER_SUBJECT in the
current message context. If the identity of the user who delegated the
credential matches that of the subject object referred to by the property,
then the operation is permitted.
> -----Original Message-----
> From: Herbert Rosmanith [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 15, 2007 2:55 PM
> To: Rachana Ananthakrishnan
> Cc: [email protected]
> Subject: Re: [gt-user] accessing delegated credentials in a WS
>
> > Credential access is via Java API, once the service that needs the
> > credential is provided with EPR of the delegated credential.
> >
> > Here is a brief overview:
> >
> > http://www.globus.org/toolkit/docs/development/4.2-
> drafts/security/delegatio
> > n/developer/delegation-developer-archdes.html#id2470028
>
> I have read this page before.
>
> > Code specific usage scenarios:
> >
> > http://www.globus.org/toolkit/docs/development/4.2-
> drafts/security/delegatio
> > n/developer/delegation-developer-scenarios.html
>
> I have read this page before.
>
> Thanks for the link, but they only seem to deal with the client side. Even
> the "Globus Toolkit 4" book by Sotomayor/Childers cover the service side
> of delegation with only one sentence:
>
> " ... Then, the service that wants to use those credentials must contact
> the
> delegation service to retrieve them".
>
> nothing else! that's the only information in the whole GT4 book!
>
> anyway, in the meantime, I'v found out that I can get the X509Certificates
> from
> SecurityManager and RessourceContext. I've found out the hard way:
> grep'ing
> gt4.0.5-source code. Reading java code. Re-compiling. Re-starting globus-
> container,
> -zig times. Thank you for nothing, 500 pages "Globus Toolkit 4" book.
>
> however, accessing the X509Certificates is only half the work. another
> thing that's
> unclear to me is the creation of a job-proxy. what does a client have to
> tell a service,
> so that the service automatically creates a X509_USER_{CERT,PROXY,KEY}?
> how
> is this implemented in the service?
>
>
> > Following is tutorial that covers the delegation service:
> >
> > http://www-unix.globus.org/toolkit/tutorials/javaWSSecurity/
>
> Ouch, there is a ".PPT" file on a site called "Unix.globus" :-(
> (http://www-
> unix.globus.org/toolkit/tutorials/javaWSSecurity/SecurityTutorialPresentat
> ion.ppt)
>
> Unfortunately, the office version I have on my linux desktop scrambles
> .PPT files.
>
> anyway. thanks for the security-tutorial source code. I'm currently
> reading it to
> see if it answers my questions.
>
> kind regards,
> H.Rosmanith
