My client app is a standalone application. It is not running inside the globus container, but it is in the same machine. This is how I tried to delegate credentials through the DelegationFactoryService:
GlobusCredential credential = null; credential = GlobusCredential.getDefaultCredential(); int lifetime = 12 * 60 * 60; ClientSecurityDescriptor secDesc = new ClientSecurityDescriptor(); secDesc.setGSISecureConv(Constants.ENCRYPTION); secDesc.setAuthz(HostAuthorization.getInstance()); EndpointReferenceType delegationFactoryEndpoint = new EndpointReferenceType(); delegationFactoryEndpoint.setAddress(new Address( credentialDelegationFactoryServiceURL)); // Get the public key to delegate on. X509Certificate[] certsToDelegateOn = null; certsToDelegateOn = DelegationUtil.getCertificateChainRP( delegationFactoryEndpoint, secDesc); X509Certificate certToSign = certsToDelegateOn[0]; // send to delegation service and get epr. EndpointReferenceType credentialEndpoint = null; credentialEndpoint = DelegationUtil.delegate( credentialDelegationFactoryServiceURL, credential, certToSign, lifetime, false, secDesc); Before calling service A, I also set security properties on the stub: (port)._setProperty(Constants.GSI_SEC_CONV, Constants.ENCRYPTION); (port)._setProperty(GSIConstants.GSI_MODE, GSIConstants.GSI_MODE_FULL_DELEG); Service A security configuration file looks like: <securityConfig xmlns="http://www.globus.org"; xmlns:tns="Service_instance"> <method name="tns:createAgreement"> <run-as> <caller-identity/> </run-as> <auth-method> <GSISecureConversation/> </auth-method> </method> <auth-method> <GSISecureConversation/> </auth-method> <!--authz value="none"/--> </securityConfig> In ServiceA.createAgreement(), before calling Service B, I do: SecurityManager.getManager().setServiceOwnerFromContext(); and also try to retrieve the credential from the EPR returned to the client by the DelegationFactoryService. However, the credential is not accepted by the DelegationService, because it is still a host credential. I confirmed that the Invocation Subject is correctly set to my client user, however System and Service subjects have host's distinguished name, not user's. Thanks for your help. On Thu, Jan 20, 2011 at 12:52 AM, Rachana Ananthakrishnan < [email protected]> wrote: > If client app did delegate to Service A, you need to see where the > delegated credential is stored and use that for Service A call. > > Your question is how the client app can get the user credential: that > depends on where it is running and whether it has access to user's > certificate or proxy certificate. > > The code you provided is something that can only be used on a service that > is implemented on the Java WS core stack. If you are looking to find the > delegated credential on the Service A, then this code should help. But from > your error message it appears that the subject is not a delegated > credential. How did you delegate from client to Service A? > > Rachana > > On Jan 19, 2011, at 7:38 PM, Alisson Wilker wrote: > > Hi, I have a simple problem that's driving me crazy. Maybe you could help > me. > > a client application should contact service A that should then contact > service B. However, when A calls service B it does it with host credentials, > not with the user credentials A received from the client app. I've tried to > delegate credentials, but how can I get user credentials on my client app? > The client app is not a globus service, so I can't make: > > Subject subject = > (Subject)MessageContext.getCurrentContext().getProperty(org.globus.wsrf.impl.security.authentication.Constants.PEER_SUBJECT); > GlobusCredential credential = null; > if( (GlobusGSSCredentialImpl)JaasGssUtil.getCredential(subject) == null ) > throw new Exception("No Credentials associated with subject "+subject); > credential = > ((GlobusGSSCredentialImpl)JaasGssUtil.getCredential(subject)).getGlobusCredential(); > > If I do so, it will throw me the exception: "No Credentials associated with > subject ". > > I think it has a simple solution, but it's driving me crazy. Need your help > please. > > Thanks in advance. > > -- > []s > Alisson Wilker > > "The success depends on three elements: courage, knowledge and opportunity. > Therefore, be bold and get ready. Because the opportunity... that will > come!" (Alisson Wilker) > > "Success is being able to do and know things that just a few people around > you did or knew by means of your responsible effort." (Alisson Wilker) > > <http://www.twitter.com/alissonwilker> > <http://picasaweb.google.com/alissonwilker> > <http://www.youtube.com/alissonwilker> > > > Rachana Ananthakrishnan > Argonne National Lab | University of Chicago > > -- []s Alisson Wilker "The success depends on three elements: courage, knowledge and opportunity. Therefore, be bold and get ready. Because the opportunity... that will come!" (Alisson Wilker) "Success is being able to do and know things that just a few people around you did or knew by means of your responsible effort." (Alisson Wilker) <http://www.twitter.com/alissonwilker> <http://picasaweb.google.com/alissonwilker> <http://www.youtube.com/alissonwilker>
