Ok, but I'm not understanding why it's not working.
My security-descriptor.xml is like this:
<auth-method>
<GSITransport>
<protection-level>
<privacy/>
</protection-level>
</GSITransport>
</auth-method>
I want to force that all client set privacy to use the Grid Service,
but I get this Exception when I call a method:
ERROR: GSI Transport (encryption only) authentication required for "{
http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC}sendFinger<http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC%7DsendFinger>"
operation.
AxisFault
But if I put <integrity/> too in the security-descriptor it works, but I
wanna force to use privacy,
because, putting <integrity/> my client can set only integrity and access
the grid-service, what must
not to happen.
Why I get this exception If I put only <privacy/> in the security
descriptor, same with privacy setted at the client?
thanks
On Thu, Apr 24, 2008 at 1:03 PM, Rachana Ananthakrishnan <
[EMAIL PROTECTED]> wrote:
> Yes, for GT 4.0.x you will need to set it on the stub.
>
> When you add two protection levels, it implies either is acceptable. That
> is, the client can either just sign the message or encrypt it.
>
> Rachana
>
> ------------------------------
> *From:* Wilson Jr. [mailto:[EMAIL PROTECTED]
> *Sent:* Wednesday, April 23, 2008 5:04 PM
> *To:* Rachana Ananthakrishnan
> *Cc:* Globus User List
> *Subject:* Re: [gt-user] How setup GSI Transport in the Client
>
> Hi Rachana,
>
> well, I'm using GT 4.0.x, I am setting the security on the stub in the code
> of the client,
> in fact I'd like to know if I can put it in the
> client-security-descriptor.xml, I was putting
> when I was using GSISecureConversation, but using GSITransport, putting in
> the security descriptor
> of the client didn't work.
>
> And I have another doubt:
> If I define this security-descriptor for my Grid-Service:
> <?xml version="1.0" encoding="UTF-8"?>
>
> <securityConfig xmlns="http://www.globus.org";>
>
> <auth-method>
> <GSITransport>
> <protection-level>
> <integrity/>
> <privacy/>
> </protection-level>
> </GSITransport>
> </auth-method>
>
> <authz value="none"/>
>
> </securityConfig>
>
>
> This define that my client needs to Set:
> GSITransport with Integrity ?AND? Privacy ????
> or
> GSITransport with Integrity ?OR? Privacy ????
>
> In relation to run-as, for now I 'm not needing to use Delegation anymore.
>
> thanks.
>
> On Wed, Apr 23, 2008 at 9:31 AM, Rachana Ananthakrishnan <
> [EMAIL PROTECTED]> wrote:
>
>> If you are using GT 4.1.x or code from trunk, use GSISecureTransport as
>> the element name:
>>
>>
>>
>>
>> http://www.globus.org/toolkit/docs/development/4.2-drafts/security/wsaajava/wsaajava-secdesc.html#wsaajava-secdesc-clientSide
>>
>>
>>
>> In GT 4.0.x, you need to set it on the stub if encryption is required. If
>> GSI Transport with signature is needed, it will be used based on the URL
>> starting with "https".
>>
>>
>>
>>
>> http://www.globus.org/toolkit/docs/4.0/security/message/WS_AA_Message_Level_Public_Interfaces.html#s-message-public-domain
>>
>>
>>
>>
>>
>> BTW, run-as caller identity requires that the caller delegate credentials
>> to the service as part of the authentication step. So it will work only with
>> GSI Secure Conversation with delegation.
>>
>>
>>
>> Rachana
>>
>>
>> ------------------------------
>>
>> *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On
>> Behalf Of *Wilson Jr.
>> *Sent:* Tuesday, April 22, 2008 9:34 PM
>> *To:* Globus User List
>> *Subject:* [gt-user] How setup GSI Transport in the Client
>>
>>
>>
>> Hi folks,
>>
>> I was running the Globus Container with: -nosec, and then using
>> GSISecureConversation
>> at my GridService, and it works fine. I'd like to change to GSITransport,
>> then I took out the
>> -nosec, and I'm running Globus in 8443. The security-descriptor from my
>> service is this:
>> <securityConfig xmlns="http://www.globus.org";>
>>
>> <auth-method>
>> <GSITransport>
>> <protection-level>
>> <privacy/>
>> </protection-level>
>> </GSITransport>
>> </auth-method>
>>
>> <authz value="none"/>
>>
>> <run-as>
>> <caller-identity/>
>> </run-as>
>>
>> </securityConfig>
>>
>> My client has a client-security-descriptor.xml to choose the level of
>> security, before using
>> GsiSecureConversation, it was ok, but putting:
>> <GSITransport>
>> <privacy/>
>> </GSITransport>
>>
>> it doesn't work, says the attribute GSITrasnport cannot be used in the
>> descriptor, then I took out
>> and let my client-security-descriptor.xml practically empty:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <securityConfig xmlns="http://www.globus.org";>
>>
>> </securityConfig>
>>
>> and it throws this exception:
>> ERROR: GSI Transport (encryption only) authentication required for "{
>> http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC}sendFinger<http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC%7dsendFinger>"
>> operation.
>> AxisFault
>>
>>
>>
>> My question is, How do I set GSI Transport in the client?
>>
>> --
>> "É este um mundo no qual devemos esconder nossas virtudes?"
>> Willian Shakespeare
>>
>>
>> ****************
>> Wilson Júnior
>> ****************
>>
>
>
>
> --
> "É este um mundo no qual devemos esconder nossas virtudes?"
> Willian Shakespeare
>
>
> ****************
> Wilson Júnior
> ****************
>
>
--
"É este um mundo no qual devemos esconder nossas virtudes?"
Willian Shakespeare
****************
Wilson Júnior
****************
