Re: [gt-user] Invocation from GT4 service to https axis service

Andrea Turli Wed, 06 May 2009 09:35:52 -0700

Hi all,

I'm trying to consume a secure Axis Web service (the voms server in https)
from a GT4 service running  in a -nosec container (GT4.1)


Finally I've understood what follows: I generated stubs with standard Axis'
wsdl2java from "glite-security-voms-admin-2.0.2.wsdl" released by voms
developers. This wsdl defines all wsdl:operation like the one I pasted as
example:

     <wsdl:operation name="getVOName">
        <wsdlsoap:operation soapAction=""/>
        <wsdl:input name="getVONameRequest">
           <wsdlsoap:body encodingStyle="
http://schemas.xmlsoap.org/soap/encoding/"; namespace="
http://glite.org/wsdl/services/org.glite.security.voms.service.admin";
use="encoded"/>
        </wsdl:input>
        <wsdl:output name="getVONameResponse">
           <wsdlsoap:body encodingStyle="
http://schemas.xmlsoap.org/soap/encoding/"; namespace="
http://glite.org/wsdl/services/org.glite.security.voms.service.admin";
use="encoded"/>
        </wsdl:output>
        <wsdl:fault name="VOMSException">
           <wsdlsoap:fault encodingStyle="
http://schemas.xmlsoap.org/soap/encoding/"; name="VOMSException" namespace="
http://glite.org/wsdl/services/org.glite.security.voms.service.admin";
use="encoded"/>
        </wsdl:fault>
     </wsdl:operation>

where soapAction="". As far as I understood googling a bit
(http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=5502
<http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=5502%20>) this is not
GT4 compliant cause "expect soapAction to be populated".

So for test, I've tried to specify, in a given operation of that wsdl, the
correct soapAction. Then I've re-generated the stubs and everything works!

After this long explaination (sorry) my question is: could it be possible to
inject the correct soapAction at stub creation time, in order to have GT4
compliant stubs?
Or could you suggest me another workaround?

Thank you very much,

Andrea




On Mon, Apr 27, 2009 at 10:43 PM, Andrea Turli <[email protected]> wrote:
> I'm trying to consume a secure Axis Web service (the voms server in
> https) but also specifying GSI_TRANSPORT In particular, I'm using this
> code in a -nosec container (GT4.1)
>
>    static {
>        Util.registerTransport();
>    }
>  ....
>        VOMSAdminServiceLocator locator = new VOMSAdminServiceLocator();
>        URL vomsAdminURL = new
>  URL("https://my_server:8443/voms/myVO/services/VOMSAdmin";);
>
>        VOMSAdmin stub = locator.getVOMSAdmin(vomsAdminURL);
>
>                // credentials
>                stub._setProperty(GSIConstants.GSI_CREDENTIALS,
credentials);
>
>                // Authentication method
>                stub._setProperty(Constants.GSI_TRANSPORT,
Constants.ENCRYPTION);
>
>                // delegation
>                stub._setProperty(GSIConstants.GSI_MODE,
>  GSIConstants.GSI_MODE_NO_DELEG);
>
>                // set Context lifetime
>                stub._setProperty(Constants.CONTEXT_LIFETIME, 300);
>
>
>        try {
>            stub.createUser(user);
>            logger.info("User created with CN " + username + " with DN " +
dn
>                    + " with CA " + ca + " with mail " + email);
>        } catch (Exception e) {
>            e.printStackTrace();
>            throw e;
>        }
>
> Also by specifying GSI_TRANSPORT instead of GSI_SECURE_CONV (I haven't
> understood exactly why and when) I got this exception:
>  AxisFault
>   faultCode: {
http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
>   faultSubcode:
>   faultString: No client transport named 'https' found!
>   faultActor:
>   faultNode:
>   faultDetail:
>        {http://xml.apache.org/axis/}stackTrace:No client transport named
>  'https' found!
>        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:170)
>        at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>        at org.apache.axis.client.Call.invoke(Call.java:2710)
>        at org.apache.axis.client.Call.invoke(Call.java:2386)
>        at org.apache.axis.client.Call.invoke(Call.java:2309)
>        at org.apache.axis.client.Call.invoke(Call.java:1766)
>        at
org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905)
>        at
org.gcube.vomanagement.vomsAdmin.impl.VOMSAdminImpl.createUser(VOMSAdminImpl.java:137)
>        at
org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:395)
>        at
org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694)
>        at
org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91)
>        at
org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34)
>        at
org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279)
>        at
org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250)
>        at
org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164)
>        at
org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:585)
>        at
org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384)
>        at
org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107)
>        at
org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42)
>        at java.security.AccessController.doPrivileged(Native Method)
>        at javax.security.auth.Subject.doAs(Subject.java:396)
>        at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55)
>        at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90)
>        at
org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97)
>        at
org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281)
>        at
org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319)
>        at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>        at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450)
>        at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285)
>        at
org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664)
>        at
org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382)
>        at
org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>
>        {http://xml.apache.org/axis/}hostname:grids16.eng.it
>
>  No client transport named 'https' found!
>        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:170)
>        at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>        at org.apache.axis.client.Call.invoke(Call.java:2710)
>        at org.apache.axis.client.Call.invoke(Call.java:2386)
>        at org.apache.axis.client.Call.invoke(Call.java:2309)
>        at org.apache.axis.client.Call.invoke(Call.java:1766)
>        at
org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905)
>        at
org.gcube.vomanagement.vomsAdmin.impl.VOMSAdminImpl.createUser(VOMSAdminImpl.java:137)
>        at
org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:395)
>        at
org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694)
>        at
org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91)
>        at
org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34)
>        at
org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279)
>        at
org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250)
>        at
org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164)
>        at
org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84)
>>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:585)
>        at
org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384)
>        at
org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107)
>        at
org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42)
>        at java.security.AccessController.doPrivileged(Native Method)
>        at javax.security.auth.Subject.doAs(Subject.java:396)
>        at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55)
>        at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90)
>        at
org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97)
>        at
org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281)
>        at
org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319)
>        at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>        at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450)
>        at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285)
>        at
org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664)
>        at
org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382)
>        at
org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>
>
>  Can anyone give me a clarification and/or some snippet of code to
> understand how can I correctly manage VOMS server from a GT4 service?
>
>  Thank you in advance,
>  Andrea
>
>
>
>> On Fri, Apr 24, 2009 at 10:19 AM, Andrea Turli <[email protected]>
wrote:
>>>
>>> Finally we manage to communicate with VOMS from a GT container by
>>> setting "Constants.GSI_TRANSPORT" as stub property.
>>>
>>> Thanks Tim for your precious suggestion
>>>
>>> Andrea
>>>
>>> On Wed, Mar 4, 2009 at 12:07 AM, Tim Freeman <[email protected]>
wrote:
>>>> On Tue, 24 Feb 2009 16:53:16 +0100
>>>> Andrea Turli <[email protected]> wrote:
>>>>
>>>>>               // credentials
>>>>>               stub._setProperty(GSIConstants.GSI_CREDENTIALS,
credentials);
>>>>>
>>>>>               // Authentication method
>>>>>               stub._setProperty(Constants.GSI_SEC_CONV,
>>>>> Constants.ENCRYPTION);
>>>>>
>>>>>               // delegation
>>>>>               stub._setProperty(GSIConstants.GSI_MODE,
>>>>> GSIConstants.GSI_MODE_NO_DELEG);
>>>>>
>>>>>               // set Context lifetime
>>>>>               stub._setProperty(Constants.CONTEXT_LIFETIME, 300);
>>>>
>>>> Are you intentionally setting "Constants.GSI_SEC_CONV" there?  Only an
educated
>>>> guess, but I wouldn't think secure conversation is the appropriate
choice for
>>>> VOMS admin service.  Try setting the "Constants.GSI_TRANSPORT" to
>>>> "Constants.SIGNATURE" or "Constants.ENCRYPTION" instead?
>>>>
>>>> Tim
>>>>
>>>>
>>>
>>
>

Re: [gt-user] Invocation from GT4 service to https axis service

Reply via email to