Hello,
I have a service that submits jobs on behalf of the user. Therefore it
is required to delegate the credentials to the service, so it is
"allowed" to submit a job.
I'm a bit confused about what's required now to achieve this. I can use
the delegation service provided and make the service pick up the
credentials. I understand this concept.
However, isn't there an easier way to achieve this? By reading some of
the posts on this lists I get the impression it is sufficient to set the
properties
((Stub)test)._setProperty(Constants.AUTHORIZATION,HostAuthorization.getInstance());
((Stub)test)._setProperty(GSIConstants.GSI_MODE,GSIConstants.GSI_MODE_FULL_DELEG);
and add
<run-as>
<caller-identity />
</run-as>
to the SecurityDescriptor. If it is sufficient to add these lines to
delegate the user credentials, how would one receive the credentials on
the server side? Using
SecurityManager.getManager().setServiceOwnerFromContext();
can't be the solution. Maybe somebody can give me a hint.
Greetings,
Johannes
