Hi,
Here is the debug output :
2008-06-04 09:23:41,867 DEBUG authorization.LocalConfigPDP
[main,findConfigFile:147] Trying authz file:
/home/maxime/example/service-authz.conf
2008-06-04 09:23:41,873 DEBUG authorization.LocalConfigPDP
[main,findConfigFile:147] Trying authz file:
/home/maxime/example/./service-authz.conf
2008-06-04 09:23:41,874 DEBUG authorization.LocalConfigPDP
[main,findConfigFile:147] Trying authz file:
/etc/service-authz.conf2008-06-04 09:23:41,874 DEBUG
authorization.LocalConfigPDP [main,findConfigFile:147] Trying authz file:
/etc/grid-security/service-authz.conf
2008-06-04 09:23:41,875 DEBUG authorization.LocalConfigPDP
[main,findConfigFile:149] Security config file found:
/etc/grid-security/service-authz.conf
2008-06-04 09:23:41,875 DEBUG authorization.LocalConfigPDP
[main,readConfigFile:168] Reading config file:
/etc/grid-security/service-authz.conf
2008-06-04 09:23:41,885 DEBUG authorization.LocalConfigPDP
[main,readConfigFile:184] Subject: "/O=Grid/OU=GlobusTest/OU=
simpleCA-ozzy-6.tml.hut.fi/OU=tml.hut.fi/CN=Maxime"
Rights: "{
http://www.globus.org/namespaces/examples/security/PictureService_instance}resize;{http://www.globus.org/namespaces/examples/security/PictureService_instance}getValueRP
"
He doesn't search the file I give to him in the deploy-server.wsdd parameter
someScope:authzConfigFile .
Regards,
Maxime.
2008/6/3 Rachana Ananthakrishnan <[EMAIL PROTECTED]>:
> Add this line to $GLOBUS_LOCATION/container-log4j.properties and send me
> the output please.
>
> log4j.category.org.globus.wsrf.impl.security.authorization=DEBUG
>
> Rachana
>
> ------------------------------
> *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On
> Behalf Of *BRACHET Maxime
> *Sent:* Tuesday, June 03, 2008 3:31 AM
> *To:* Tom Scavo
> *Cc:* [email protected]
> *Subject:* Re: [gt-user] Security Descriptors
>
> Hi,
>
> Yes it helps, I successful configure the server and client but when I tried
> to execute the methods, he said that I am not allowed. And it return this
> error on the server :
> "LocalConfigPDP: No security config file found"
> But I put the parameters :
>
> <parameter name="someScope-authzConfigFile"
> value="/path/to/config/file" />
>
> using an absolute path.
>
> I there a way to debug the globus container to show if he is searching for
> a particular file or something like that ?
>
> Regards,
>
> Maxime.
>
> 2008/6/2 Tom Scavo <[EMAIL PROTECTED]>:
>
>> This is GT 4.0, right? Start by doing the following google search:
>>
>> site:globus.org "security descriptor"
>>
>> Briefly, in the security descriptor (my-security-descriptor.xml), you
>> would write something like:
>>
>> <securityConfig xmlns="http://www.globus.org";>
>> <auth-method>
>> <GSITransport/>
>> <GSISecureMessage/>
>> </auth-method>
>> <authz
>> value="someScope:org.globus.wsrf.impl.security.authorization.LocalConfigPDP"/>
>> </securityConfig>
>>
>> Then in the service descriptor (server-config.wsdd), write:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <deployment name="SecurityContextEchoServiceConfig"
>> xmlns="http://xml.apache.org/axis/wsdd/";
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
>>
>> <service name="MyService" provider="Handler"
>> use="literal" style="document">
>>
>> <!-- various parameters omitted here -->
>>
>> <parameter name="securityDescriptor"
>> value="/path/to/my-security-descriptor.xml"/>
>>
>> <parameter name="someScope-authzConfigFile"
>> value="/path/to/config/file" />
>>
>> <!-- additional parameters omitted here -->
>>
>> </service>
>>
>> </deployment>
>>
>> Hope this helps,
>> Tom
>>
>> On Mon, Jun 2, 2008 at 7:25 AM, BRACHET Maxime <[EMAIL PROTECTED]> wrote:
>> > Hi,
>> >
>> > I wanted to use security descriptor to restraint the access of one
>> service.
>> > To be simple I wanted to use
>> > "someScope:org.globus.wsrf.impl.security.authorization.LocalConfigPDP"
>> > But I cant find any information about The property authzConfigFile and
>> where
>> > to put the SecirityConfig part, in which file ?
>> > Is there any complete example of how to use Security descriptors ?
>> >
>> > Regards,
>> > Maxime.
>> >
>>
>
>
