RE: [gt-user] Security Descriptors

Tue, 03 Jun 2008 09:35:41 -0700 

Add this line to $GLOBUS_LOCATION/container-log4j.properties and send me the
output please.
 
log4j.category.org.globus.wsrf.impl.security.authorization=DEBUG
 
Rachana


  _____  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of BRACHET Maxime
Sent: Tuesday, June 03, 2008 3:31 AM
To: Tom Scavo
Cc: [email protected]
Subject: Re: [gt-user] Security Descriptors


Hi,

Yes it helps, I successful configure the server and client but when I tried
to execute the methods, he said that I am not allowed. And it return this
error on the server :
"LocalConfigPDP: No security config file found"
But I put the parameters : 

<parameter name="someScope-authzConfigFile"

              value="/path/to/config/file" />

using an absolute path.


I there a way to debug the globus container to show if he is searching for a
particular file or something like that ?

Regards,

Maxime.


2008/6/2 Tom Scavo <[EMAIL PROTECTED]>:


This is GT 4.0, right?  Start by doing the following google search:

site:globus.org "security descriptor"

Briefly, in the security descriptor (my-security-descriptor.xml), you
would write something like:

<securityConfig xmlns="http://www.globus.org";>
 <auth-method>
   <GSITransport/>
   <GSISecureMessage/>
 </auth-method>
 <authz
value="someScope:org.globus.wsrf.impl.security.authorization.LocalConfigPDP"
/>
</securityConfig>

Then in the service descriptor (server-config.wsdd), write:

<?xml version="1.0" encoding="UTF-8"?>
<deployment name="SecurityContextEchoServiceConfig"
 xmlns="http://xml.apache.org/axis/wsdd/";
 xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
 xmlns:xsd="http://www.w3.org/2001/XMLSchema";>

 <service name="MyService" provider="Handler"
   use="literal" style="document">

   <!-- various parameters omitted here -->

   <parameter name="securityDescriptor"
              value="/path/to/my-security-descriptor.xml"/>

   <parameter name="someScope-authzConfigFile"
              value="/path/to/config/file" />

   <!-- additional parameters omitted here -->

 </service>

</deployment>

Hope this helps,
Tom


On Mon, Jun 2, 2008 at 7:25 AM, BRACHET Maxime <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I wanted to use security descriptor to restraint the access of one
service.
> To be simple I wanted to use
> "someScope:org.globus.wsrf.impl.security.authorization.LocalConfigPDP"
> But I cant find any information about The property authzConfigFile and
where
> to put the SecirityConfig part, in which file ?
> Is there any complete example of how to use Security descriptors ?
>
> Regards,
> Maxime.
>

Reply via email to