Take a look at this week's other delegation thread ( Subject: Re:
[gt-user] Credential Delegation - Host or Self authorization) for an
example of making your service run-as the caller using the security
descriptor.
If all you really care about it making it work for a demo, add the
conatiner's DN to your grid-mapfile and you won't have to fix the
conceptual problem.
Charles
On Dec 4, 2007, at 1:39 PM, Wilson Jr. wrote:
Hi Charles.
On Dec 4, 2007 2:02 PM, Charles Bacon <[EMAIL PROTECTED]> wrote:
On Dec 4, 2007, at 10:42 AM, Wilson Jr. wrote:
> Ok Charles, just to be sure, these are the sequence I have to do?
> gpt-build ....
> gpt-postinstall
> But like I have two SimpleCa, and already have installed a
> simpleCa, I do a setup-gsi without the -default?
> setup-gsi
Right. You don't need the -default, you just want the certs
installed.
> Ok, can I use only SecureConversation with delegation?
> Puts in my service security descriptor, Secure Conversation, with
> both Privacy and Integrity , and delegation.
> For me I'ts better 'cause DeliverToFtp, needs secureConversation
> with delegation.
I'm not sure I understand the question.
Ok, let me explain. I'm needing urgently present my project, and
then for now
I'm not putting my service to use Delegation Service, but in future
must use.
Then I'm just wanting to use Delegation with SecureConversation.
This is my environment.
My user -> contacts MyService.
MyService-> contacts OGSA-DAI Service.
The question is: I'm using deliveryToGFTP activity in Ogsa-dai,
then to use this activity
my ogsa-dai client(MyService) must implement SecureConversation
with at least limited delegation.
Then I do this in the method from MyService that contacts Ogsa-Dai:
mDRER.addServerCommsProperty(Constants.GSI_SEC_CONV ,
Constants.ENCRYPTION);
mDRER.addServerCommsProperty(Constants.GSI_SEC_CONV,
Constants.SIGNATURE);
mDRER.addServerCommsProperty(GSIConstants.GSI_MODE,
GSIConstants.GSI_MODE_FULL_DELEG);
But this it's not working, it gives this error:
org.globus.ftp.exception.ServerException, Server refused performing
the request. Custom message: Bad password. (error code 1) [Nested
exception message: Custom message: Unexpected reply: 530-Login
incorrect. : globus_gss_assist: Gridmap lookup failure: Could not
map /O=Grid/OU=GlobusTest/OU=simpleCA-pc-boys/CN=host/pc-boys
Like my service that's the client to ogsa-dai, this gets the
containercert.
What I did, I put security_descriptor.xml to MyService with
SecureConversation, with privacy, integrity and delegation.
and in the Client For MyService I do:
((javax.xml.rpc.Stub)port)._setProperty
(Constants.GSI_SEC_CONV,Constants.ENCRYPTION);
((javax.xml.rpc.Stub)port)._setProperty
(Constants.GSI_SEC_CONV,Constants.SIGNATURE);
((javax.xml.rpc.Stub)port)._setProperty( GSIConstants.GSI_MODE,
GSIConstants.GSI_MODE_FULL_DELEG);
I'd like to know, how I do in MyService to get the credential
delegated by the MyService Client, and use it to interact to OGSA-DAI.
In fact, I'd like to know too why give this error using the
Container host? It shouldn't run?
> How do I use on the calling to Ogsa-dai to reuse the credentials
> delegated by the user in Java?
That's why I sent the link to the developer's guide for the
Delegation Service. It should show you the code/interface you need
to use the Delegation service.
Charles
Thanks again.
--
"É este um mundo no qual devemos esconder nossas virtudes?"
Willian Shakespeare
****************
Wilson Júnior
****************
