I just tested it and it looks like the search order is defined here:
public static final String[] CONFIG_LOCATIONS =
{"",".", "/etc", "/etc/grid-security"};
Can you paste your configuration in server-config.wsdd?
Rachana
_____
From: BRACHET Maxime [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2008 1:29 AM
To: Rachana Ananthakrishnan
Cc: Tom Scavo; [email protected]
Subject: Re: [gt-user] Security Descriptors
Hi,
Here is the debug output :
2008-06-04 09:23:41,867 DEBUG authorization.LocalConfigPDP
[main,findConfigFile:147] Trying authz file:
/home/maxime/example/service-authz.conf
2008-06-04 09:23:41,873 DEBUG authorization.LocalConfigPDP
[main,findConfigFile:147] Trying authz file:
/home/maxime/example/./service-authz.conf
2008-06-04 09:23:41,874 DEBUG authorization.LocalConfigPDP
[main,findConfigFile:147] Trying authz file:
/etc/service-authz.conf2008-06-04 09:23:41,874 DEBUG
authorization.LocalConfigPDP [main,findConfigFile:147] Trying authz file:
/etc/grid-security/service-authz.conf
2008-06-04 09:23:41,875 DEBUG authorization.LocalConfigPDP
[main,findConfigFile:149] Security config file found:
/etc/grid-security/service-authz.conf
2008-06-04 09:23:41,875 DEBUG authorization.LocalConfigPDP
[main,readConfigFile:168] Reading config file:
/etc/grid-security/service-authz.conf
2008-06-04 09:23:41,885 DEBUG authorization.LocalConfigPDP
[main,readConfigFile:184] Subject:
"/O=Grid/OU=GlobusTest/OU=simpleCA-ozzy-6.tml.hut.fi/OU=tml.hut.fi/CN=Maxime
"
Rights:
"{http://www.globus.org/namespaces/examples/security/PictureService_instance
}resize;{http://www.globus.org/namespaces/examples/security/PictureService_i
nstance}getValueRP"
He doesn't search the file I give to him in the deploy-server.wsdd parameter
someScope:authzConfigFile .
Regards,
Maxime.
2008/6/3 Rachana Ananthakrishnan <[EMAIL PROTECTED]>:
Add this line to $GLOBUS_LOCATION/container-log4j.properties and send me the
output please.
log4j.category.org.globus.wsrf.impl.security.authorization=DEBUG
Rachana
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of BRACHET Maxime
Sent: Tuesday, June 03, 2008 3:31 AM
To: Tom Scavo
Cc: [email protected]
Subject: Re: [gt-user] Security Descriptors
Hi,
Yes it helps, I successful configure the server and client but when I tried
to execute the methods, he said that I am not allowed. And it return this
error on the server :
"LocalConfigPDP: No security config file found"
But I put the parameters :
<parameter name="someScope-authzConfigFile"
value="/path/to/config/file" />
using an absolute path.
I there a way to debug the globus container to show if he is searching for a
particular file or something like that ?
Regards,
Maxime.
2008/6/2 Tom Scavo <[EMAIL PROTECTED]>:
This is GT 4.0, right? Start by doing the following google search:
site:globus.org "security descriptor"
Briefly, in the security descriptor (my-security-descriptor.xml), you
would write something like:
<securityConfig xmlns="http://www.globus.org";>
<auth-method>
<GSITransport/>
<GSISecureMessage/>
</auth-method>
<authz
value="someScope:org.globus.wsrf.impl.security.authorization.LocalConfigPDP"
/>
</securityConfig>
Then in the service descriptor (server-config.wsdd), write:
<?xml version="1.0" encoding="UTF-8"?>
<deployment name="SecurityContextEchoServiceConfig"
xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<service name="MyService" provider="Handler"
use="literal" style="document">
<!-- various parameters omitted here -->
<parameter name="securityDescriptor"
value="/path/to/my-security-descriptor.xml"/>
<parameter name="someScope-authzConfigFile"
value="/path/to/config/file" />
<!-- additional parameters omitted here -->
</service>
</deployment>
Hope this helps,
Tom
On Mon, Jun 2, 2008 at 7:25 AM, BRACHET Maxime <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I wanted to use security descriptor to restraint the access of one
service.
> To be simple I wanted to use
> "someScope:org.globus.wsrf.impl.security.authorization.LocalConfigPDP"
> But I cant find any information about The property authzConfigFile and
where
> to put the SecirityConfig part, in which file ?
> Is there any complete example of how to use Security descriptors ?
>
> Regards,
> Maxime.
>
