Thanks for the quick reply, Rachana, We also planned to use DelegationService before, but we don't want to involve more overhead.
Since the problem is caused of protocol, it looks like a remote delegated credential storage mechanism is necessary. Regards, --Zhaohui 2007/11/29, Rachana Ananthakrishnan <[EMAIL PROTECTED]>: > > Hi, > > > > With transport security (https) you cannot delegate as part of the > protocol. In the toolkit we use Delegation Service to delegate independent > of the protocol. Details can be found here: > http://www.globus.org/toolkit/docs/4.0/security/delegation/ > > > > In a nutshell, your client will contact the delegation service installed > in the same container as your service to delegate its credential and will > receive an EPR to the delegated credential. This EPR needs to be sent as a > part of the method invocation to your service. The EPR can then be used to > retrieve the client's delegated credential. Any mechanism can be used to > secure your invocation, since the delegation credential EPR is an > application level parameter. > > > > Rachana > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Zhaohui Ding > *Sent:* Wednesday, November 28, 2007 6:25 PM > *To:* [email protected] > *Subject:* [gt-user] How to get delegated credential with Transport level > security > > > > Hi all, > > Here is what I want to implement, > Client side delegate credential to Server side, and server side can > retrieve the delegated credential. I used conversation security to implement > this before, it works fine. Due to the performance issue, I hope to replace > conversation security by transport security. > I tried the functions provided by GlobusGSSContextImpl, but the > delegated credential can't be retrieved. Can anyone give me some > instructions? Thanks! > > Please see followed messages, > *Client code: > > ((Stub) job)._setProperty(Constants.GSI_TRANSPORT, Constants.SIGNATURE); > ((Stub) job)._setProperty(GSIConstants.GSI_MODE, > GSIConstants.GSI_MODE_FULL_DELEG); > ((Stub) job)._setProperty(Constants.AUTHORIZATION , new > HostAuthorization()); > > > Server code: > > MessageContext mctx = MessageContext.getCurrentContext(); > GlobusGSSContextImpl transport_sec = (GlobusGSSContextImpl) > mctx.getProperty(Constants.TRANSPORT_SECURITY_CONTEXT); > GSSCredential credential = null; > GSSCredential credential2 = null; > try { > credential = > transport_sec.getDelegatedCredential(); > credential2 = transport_sec.getDelegCred(); > logger.debug("1:" + credential); > logger.debug("2:" + credential2); > logger.debug("getIntegState():" + > transport_sec.getIntegState()); > logger.debug("getCredDelegState():" + > transport_sec.getCredDelegState()); > logger.debug("getlifetime():" + > transport_sec.getLifetime()); > logger.debug("isInitiator():" + > transport_sec.isInitiator()); > logger.debug("isProtReady():" + > transport_sec.isProtReady()); > logger.debug("isEstablished():" + > transport_sec.isEstablished()); > logger.debug("isDelegationFinished():" + > transport_sec.isDelegationFinished()); > logger.debug ("getConfState():" + > transport_sec.getConfState()); > } catch (Exception e) { > logger.error(e.getMessage());* * > throw new RemoteException("Retrive user credential > failed!"); > } > > The log on server side: > > 2007-11-28 15:37:41,984 DEBUG > impl.JobImpl[ServiceThread-9,createResource:346] 1:null > 2007-11-28 15:37:41,985 DEBUG > impl.JobImpl[ServiceThread-9,createResource:348] 2:null > * * > 2007-11-28 15:37:41,985 DEBUG > impl.JobImpl[ServiceThread-9,createResource:349] getIntegState():true > 2007-11-28 15:37:41,986 DEBUG > impl.JobImpl[ServiceThread-9,createResource:350] getCredDelegState():false > 2007-11-28 15:37:41,986 DEBUG > impl.JobImpl[ServiceThread-9,createResource:351] getlifetime():353594 > 2007-11-28 15:37:41,987 DEBUG > impl.JobImpl[ServiceThread-9,createResource:352] isInitiator():false > 2007-11-28 15:37:41,987 DEBUG > impl.JobImpl[ServiceThread-9,createResource:353] isProtReady():true > 2007-11-28 15:37:41,988 DEBUG > impl.JobImpl[ServiceThread-9,createResource:354] isEstablished():true > 2007-11-28 15:37:41,988 DEBUG > impl.JobImpl[ServiceThread-9,createResource:355] isDelegationFinished():false > 2007-11-28 15:37:41,989 DEBUG > impl.JobImpl[ServiceThread-9,createResource:356] getConfState():true > > *Regards, > --Zhaohui >
