Hello - I use the run-as configuration, but that also doesnt work - you think it should work?
-------- Original-Nachricht -------- > Datum: Thu, 4 Oct 2007 10:05:59 -0500 > Von: "Rachana Ananthakrishnan" <[EMAIL PROTECTED]> > An: [EMAIL PROTECTED], [email protected] > Betreff: RE: [gt-user] (How?) Does JaasSubject.doAs() work?? > How does local user name get changed here? The invocation only sets up the > delegated credentials, so any WS invocation you do from test() will have > the > callers credential, but not the local account the caller is mapped to. > > > > We use gridmap files to map from caller to local user name and some of the > higher level services explicitly use sudo to change to the local user > account. So unless you have a security manager with some policy that > explicitly determines the local user account to use for file creation, you > will not see the file created as delegated user. > > > > BTW, you can use the security descriptor configuration to automatically > set > up callers credential as the invocation credential by using the run-as > configuration property. For GT 4.0.x, here is the configuration: > > > > http://www.globus.org/toolkit/docs/4.0/security/authzframe/security_descript > or.html#s-authzframe-secdesc-configRunas > > > > Hope this helps, > > Rachana > > > > _____ > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of [EMAIL PROTECTED] > Sent: Wednesday, October 03, 2007 4:52 PM > To: [email protected] > Subject: [gt-user] (How?) Does JaasSubject.doAs() work?? > > > > Hello, > > > > I try to create a file in a webservice. The problem is that the file has > to > have the owner of the delegated credential. I thought I can do it somehow > with the JaasSubject, but the file owner is always globus. > > > > thx pod69 > > > > public void test() throws IOException, GSSException{ > SecurityManager.getManager().setServiceOwnerFromContext(); > > org.apache.axis.MessageContext mctx = > org.apache.axis.MessageContext.getCurrentContext(); > SecurityManager manager = SecurityManager.getManager(mctx); > Subject subject = (Subject) > mctx.getProperty(Constants.INVOCATION_SUBJECT); > System.out.println(mctx.getUsername()); > JaasSubject.doAs(subject, new ExampleAction()); > } > > class ExampleAction implements java.security.PrivilegedAction { > public Object run() { > File file=null; > try { > file = new File("/tmp/test"); > > // Create file if it does not exist > boolean success = file.createNewFile(); > if (success) { > // File did not exist and was created > } else { > // File already exists > } > } catch (IOException e) { > } > return null; > } > } > > > > > > > > > -- > Psssst! Schon vom neuen GMX MultiMessenger gehört? > Der kanns mit allen: http://www.gmx.net/de/go/multimessenger > -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
