Hi Johan,
I used the same example code from the book , (Physical Service and Math
Service) and it specified the same mechanism which i have written.
Can you please send me some pointers/guide the way you mentioned ,
Coding example or some text
thanks
Zeeshan
Johan Tordsson wrote:
>
> Dear Zeeshan,
>
> You probably neither want to change the ownership of the service
> nor run the service as caller identity, as this leads to scenarios like
> the one you described below.
>
> Instead, delegate credentials to the service from the user. Next, let the
> service (still running as user 'globus') fetch the delegated
> credentials. These credentials can now be used for invoking other
> services (set them on the stub), or be used e.g., to specify
> ownership of a certain WS-Resource.
>
> Best regards,
>
> Johan
>
>
> On Tue, 4 Dec 2007, Zeeshan Ali Shah wrote:
>
>> Hi,
>> I am using GT Dev 4.1.3 release now and used the delegation mechanisms
>> as stated in the Globus book and online tutorial with modification of
>> security-config.xml schema.
>>
>> I edited two parts of service first its security descriptor which is now
>> <methodAuthentication>
>> <method name="CreateActivity">
>> <run-as value="caller"/>
>> </method>
>> </methodAuthentication>
>>
>> <auth-method>
>> <GSISecureConversation/>
>> <GSISecureMessage/>
>> <GSISecureTransport/>
>> </auth-method>
>> <authzChain> <pdps> <interceptor name="none"/> </pdps> </authzChain>
>>
>> and on server side under the method createActivity i wrote
>> try{
>> SecurityManager.getManager().setServiceOwnerFromContext();
>> ..............
>>
>> On client side i am using HostAuthorization, in initial invocation it
>> works fine as when the sever start the service is using the host cert
>> right ?
>>
>> Now Suppose there are two user (A,B)
>> Question 1: In first invocation the service will run as the 'User A' ,
>> what happen when the 'User B' try to invokes the same service ? Client
>> will give an error since now the service is running as of 'User A' :
>> which means that HostAuthorization and SelfAuthorization will not work
>> for 'User B' . any suggestion please
>> Question 2: Is it possible to switch back to initial service context
>> (which was host based when server started) after invocation of the
>> delegated method ?
>>
>>
>> regards
>>
>> Zeeshan
>>
>>
>>
>> Zeeshan Ali Shah wrote:
>>> Hi ,
>>> HostOrSelfAuthorization does not have the .getInstance() so i used the
>>> normal constructor as
>>>
>>> HostOrSelfAuthorization hs = new HostOrSelfAuthorization();
>>>
>>> ((Stub) besFactory)._setProperty(Constants.GSI_SEC_CONV,
>>> Constants.SIGNATURE);
>>> ((Stub) besFactory)._setProperty(GSIConstants.GSI_MODE,
>>> GSIConstants.GSI_MODE_FULL_DELEG);
>>> ((Stub) besFactory)._setProperty(Constants.AUTHORIZATION,
>>> hs); // see here
>>>
>>> but i am getting this error
>>> Failure unspecified at GSS-API level (Mechanism level: [JGLOBUS-59]
>>> Cannot request delegation without authorization (target name null))
>>>
>>> any suggestion ?
>>>
>>> Zeeshan
>>>
>>> Charles Bacon wrote:
>>>
>>>>> Questions : So, either I should not have the service run as the
>>>>> caller (If Yes than how Delegation will works ??) , or have the
>>>>> client expect its own identity after it has delegated. (How to switch
>>>>> back ?). regards Zeeshan
>>>>>
>>>> The client can call another setProperty call to switch over to Self
>>>> authorization, the exact same way your quoted code goes to host
>>>> authorization in the first place.
>>>>
>>>> Or, as we also discussed, you can use the HostOrSelfAuthorization the
>>>> whole time.
>>>>
>>>>
>>>> Charles
>>>>
>>>
>>>
>>
>
> ---------------------------------
> Johan Tordsson
> Department of Computing Science
> Umea University
> SE-901 87 Umea
> tordsson_at_cs.umu.se
>
