Re: [gt-user] Gridmap PDP for service

[Johannes Duschl]

On Fri, 2010-04-09 at 10:17 -0500, Martin Feller wrote:
> Just a guess: The interceptor element looks a bit different in the docs on
> http://www.globus.org/toolkit/docs/4.2/4.2.1/security/wsaajava/descriptor/
> 
> (It's a containerSecurityDescriptor and not a serviceSecurityDescriptor, but 
> still...)

I know, but I thought I could use a separate gridmap file for a service
too? Maybe this isn't possible at all and I have to use
HostAuthorization.

> Does <interceptor 
> name="gridmapAuthz:org.globus.wsrf.impl.security.GridMapPDP">
> instead of <interceptor name="gridmap"> make it work?
> 
> -Martin

That's the first thing I tried: sadly no... Are there more examples of
descriptors online somewhere?

> Johannes Duschl wrote:
> > Hello,
> > 
> > I'm running gt-4.2.1.1 on Debian Lenny and want to use a separate
> > gridmap-file for a service. The security descriptor looks like this:
> > 
> >         <serviceSecurityConfig
> >         xmlns="http://www.globus.org/security/descriptor/service";
> >         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> >         xsi:schemaLocation="http://www.globus.org/security/descriptor
> >         name_value_type.xsd"
> >         xmlns:param="http://www.globus.org/security/descriptor";>
> >         
> >             <auth-method>
> >                     <GSISecureConversation/>
> >             </auth-method>
> >         
> >             <authzChain>
> >                     <pdps>
> >                             <interceptor name="gridmap">
> >                          <parameter>
> >                              <param:nameValueParam>
> >                                         <param:parameter
> >         name="gridmap-file"
> >         
> >         value="/home/globus/grid-mapfile"/>
> >                              </param:nameValueParam>
> >                           </parameter>
> >                             </interceptor>
> >                     </pdps>
> >             </authzChain>
> >         
> >         </serviceSecurityConfig>
> >         
> > However, when I connect to the service I get the following error:
> > 
> >         org.globus.wsrf.ResourceContextException: ; nested exception
> >         is: 
> >             javax.naming.NamingException: [JWSCORE-203] Bean security
> >         initialization failed [Root exception is
> >         org.globus.wsrf.config.ConfigException: [JWSSEC-245] Error
> >         parsing file:
> >         "etc/at_jku_tk_service_core/service-instance-security.xml" [Caused 
> > by: cvc-complex-type.2.4.c: The matching wildcard is strict, but no 
> > declaration can be found for element 'param:nameValueParam'.]]
> >         Exception in thread "main" java.lang.NullPointerException
> >         
> > I assume there is something wrong with this schema
> > 
> >         xsi:schemaLocation="http://www.globus.org/security/descriptor
> >         name_value_type.xsd
> >         
> > but I have no idea what's causing the error. Anybody got a clue?
> > 
> > Greetings,
> > Johannes
> > 
>