Hi Rachana, The problem it was this, I was setting the security on the client, and it wasn't working:
I was setting at the factory: ((javax.xml.rpc.Stub)factoryPort)._setProperty(org.globus.wsrf.security.Constants.GSI_TRANSPORT, org.globus.wsrf.security.Constants.ENCRYPTION); and at the grid-service: ((javax.xml.rpc.Stub)port)._setProperty(org.globus.wsrf.security.Constants.GSI_TRANSPORT, org.globus.wsrf.security.Constants.ENCRYPTION); The fact it was that in the time to set Encryption at the port(grid-service) I copied the code from the factory and it was: ((javax.xml.rpc.Stub)factoryPort)._setProperty(org.globus.wsrf.security.Constants.GSI_TRANSPORT, org.globus.wsrf.security.Constants.ENCRYPTION); My mistake, thaks for all. On Thu, Apr 24, 2008 at 3:57 PM, Rachana Ananthakrishnan < [EMAIL PROTECTED]> wrote: > It is working, in that the server is refusing client requests that don't > use encryption. What did you set on the stub in your client? > > stub._setProperty(Constants.GSITransport, Constants.ENCRYPTION); > > Refer to the link I pasted in my previous email. > > Rachana > > > ------------------------------ > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Wilson Jr. > *Sent:* Thursday, April 24, 2008 1:49 PM > > *To:* Rachana Ananthakrishnan > *Cc:* Globus User List > *Subject:* Re: [gt-user] How setup GSI Transport in the Client > > Ok, but I'm not understanding why it's not working. > > My security-descriptor.xml is like this: > <auth-method> > <GSITransport> > <protection-level> > <privacy/> > </protection-level> > </GSITransport> > </auth-method> > > I want to force that all client set privacy to use the Grid Service, > but I get this Exception when I call a method: > > ERROR: GSI Transport (encryption only) authentication required for "{ > http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC}sendFinger<http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC%7DsendFinger>" > operation. > AxisFault > > > But if I put <integrity/> too in the security-descriptor it works, but I > wanna force to use privacy, > because, putting <integrity/> my client can set only integrity and access > the grid-service, what must > not to happen. > > Why I get this exception If I put only <privacy/> in the security > descriptor, same with privacy setted at the client? > > thanks > > On Thu, Apr 24, 2008 at 1:03 PM, Rachana Ananthakrishnan < > [EMAIL PROTECTED]> wrote: > >> Yes, for GT 4.0.x you will need to set it on the stub. >> >> When you add two protection levels, it implies either is acceptable. That >> is, the client can either just sign the message or encrypt it. >> >> Rachana >> >> ------------------------------ >> *From:* Wilson Jr. [mailto:[EMAIL PROTECTED] >> *Sent:* Wednesday, April 23, 2008 5:04 PM >> *To:* Rachana Ananthakrishnan >> *Cc:* Globus User List >> *Subject:* Re: [gt-user] How setup GSI Transport in the Client >> >> Hi Rachana, >> >> well, I'm using GT 4.0.x, I am setting the security on the stub in the >> code of the client, >> in fact I'd like to know if I can put it in the >> client-security-descriptor.xml, I was putting >> when I was using GSISecureConversation, but using GSITransport, putting in >> the security descriptor >> of the client didn't work. >> >> And I have another doubt: >> If I define this security-descriptor for my Grid-Service: >> <?xml version="1.0" encoding="UTF-8"?> >> >> <securityConfig xmlns="http://www.globus.org";> >> >> <auth-method> >> <GSITransport> >> <protection-level> >> <integrity/> >> <privacy/> >> </protection-level> >> </GSITransport> >> </auth-method> >> >> <authz value="none"/> >> >> </securityConfig> >> >> >> This define that my client needs to Set: >> GSITransport with Integrity ?AND? Privacy ???? >> or >> GSITransport with Integrity ?OR? Privacy ???? >> >> In relation to run-as, for now I 'm not needing to use Delegation anymore. >> >> thanks. >> >> On Wed, Apr 23, 2008 at 9:31 AM, Rachana Ananthakrishnan < >> [EMAIL PROTECTED]> wrote: >> >>> If you are using GT 4.1.x or code from trunk, use GSISecureTransport as >>> the element name: >>> >>> >>> >>> >>> http://www.globus.org/toolkit/docs/development/4.2-drafts/security/wsaajava/wsaajava-secdesc.html#wsaajava-secdesc-clientSide >>> >>> >>> >>> In GT 4.0.x, you need to set it on the stub if encryption is required. If >>> GSI Transport with signature is needed, it will be used based on the URL >>> starting with "https". >>> >>> >>> >>> >>> http://www.globus.org/toolkit/docs/4.0/security/message/WS_AA_Message_Level_Public_Interfaces.html#s-message-public-domain >>> >>> >>> >>> >>> >>> BTW, run-as caller identity requires that the caller delegate credentials >>> to the service as part of the authentication step. So it will work only with >>> GSI Secure Conversation with delegation. >>> >>> >>> >>> Rachana >>> >>> >>> ------------------------------ >>> >>> *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On >>> Behalf Of *Wilson Jr. >>> *Sent:* Tuesday, April 22, 2008 9:34 PM >>> *To:* Globus User List >>> *Subject:* [gt-user] How setup GSI Transport in the Client >>> >>> >>> >>> Hi folks, >>> >>> I was running the Globus Container with: -nosec, and then using >>> GSISecureConversation >>> at my GridService, and it works fine. I'd like to change to GSITransport, >>> then I took out the >>> -nosec, and I'm running Globus in 8443. The security-descriptor from my >>> service is this: >>> <securityConfig xmlns="http://www.globus.org";> >>> >>> <auth-method> >>> <GSITransport> >>> <protection-level> >>> <privacy/> >>> </protection-level> >>> </GSITransport> >>> </auth-method> >>> >>> <authz value="none"/> >>> >>> <run-as> >>> <caller-identity/> >>> </run-as> >>> >>> </securityConfig> >>> >>> My client has a client-security-descriptor.xml to choose the level of >>> security, before using >>> GsiSecureConversation, it was ok, but putting: >>> <GSITransport> >>> <privacy/> >>> </GSITransport> >>> >>> it doesn't work, says the attribute GSITrasnport cannot be used in the >>> descriptor, then I took out >>> and let my client-security-descriptor.xml practically empty: >>> <?xml version="1.0" encoding="UTF-8"?> >>> <securityConfig xmlns="http://www.globus.org";> >>> >>> </securityConfig> >>> >>> and it throws this exception: >>> ERROR: GSI Transport (encryption only) authentication required for "{ >>> http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC}sendFinger<http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC%7dsendFinger>" >>> operation. >>> AxisFault >>> >>> >>> >>> My question is, How do I set GSI Transport in the client? >>> >>> -- >>> "É este um mundo no qual devemos esconder nossas virtudes?" >>> Willian Shakespeare >>> >>> >>> **************** >>> Wilson Júnior >>> **************** >>> >> >> >> >> -- >> "É este um mundo no qual devemos esconder nossas virtudes?" >> Willian Shakespeare >> >> >> **************** >> Wilson Júnior >> **************** >> >> > > > -- > "É este um mundo no qual devemos esconder nossas virtudes?" > Willian Shakespeare > > > **************** > Wilson Júnior > **************** > > -- "É este um mundo no qual devemos esconder nossas virtudes?" Willian Shakespeare **************** Wilson Júnior ****************
