Hi,
I am using GT Dev 4.1.3 release now and used the delegation mechanisms
as stated in the Globus book and online tutorial with modification of
security-config.xml schema.
I edited two parts of service first its security descriptor which is now
<methodAuthentication>
<method name="CreateActivity">
<run-as value="caller"/>
</method>
</methodAuthentication>
<auth-method>
<GSISecureConversation/>
<GSISecureMessage/>
<GSISecureTransport/>
</auth-method>
<authzChain> <pdps> <interceptor name="none"/> </pdps> </authzChain>
and on server side under the method createActivity i wrote
try{
SecurityManager.getManager().setServiceOwnerFromContext();
..............
On client side i am using HostAuthorization, in initial invocation it
works fine as when the sever start the service is using the host cert
right ?
Now Suppose there are two user (A,B)
Question 1: In first invocation the service will run as the 'User A' ,
what happen when the 'User B' try to invokes the same service ? Client
will give an error since now the service is running as of 'User A' :
which means that HostAuthorization and SelfAuthorization will not work
for 'User B' . any suggestion please
Question 2: Is it possible to switch back to initial service context
(which was host based when server started) after invocation of the
delegated method ?
regards
Zeeshan
Zeeshan Ali Shah wrote:
> Hi ,
> HostOrSelfAuthorization does not have the .getInstance() so i used the
> normal constructor as
>
> HostOrSelfAuthorization hs = new HostOrSelfAuthorization();
>
> ((Stub) besFactory)._setProperty(Constants.GSI_SEC_CONV,
> Constants.SIGNATURE);
> ((Stub) besFactory)._setProperty(GSIConstants.GSI_MODE,
> GSIConstants.GSI_MODE_FULL_DELEG);
> ((Stub) besFactory)._setProperty(Constants.AUTHORIZATION,
> hs); // see here
>
> but i am getting this error
> Failure unspecified at GSS-API level (Mechanism level: [JGLOBUS-59]
> Cannot request delegation without authorization (target name null))
>
> any suggestion ?
>
> Zeeshan
>
> Charles Bacon wrote:
>
>>> Questions : So, either I should not have the service run as the
>>> caller (If Yes than how Delegation will works ??) , or have the
>>> client expect its own identity after it has delegated. (How to switch
>>> back ?). regards Zeeshan
>>>
>> The client can call another setProperty call to switch over to Self
>> authorization, the exact same way your quoted code goes to host
>> authorization in the first place.
>>
>> Or, as we also discussed, you can use the HostOrSelfAuthorization the
>> whole time.
>>
>>
>> Charles
>>
>
>
