For the archives
________________________________
From: BRACHET Maxime [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2008 9:42 AM
To: Rachana Ananthakrishnan
Subject: Re: [gt-user] Security Descriptors
It is working now,
I recheck the wsdd config file and regenerate the gar file
deploy and it works
so the parameter name is someScope-authzConfigFile .
may be a mistake typing the name.
Thanks you for you help.
________________________________
From: BRACHET Maxime [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2008 8:33
AM
To: Rachana Ananthakrishnan
Subject: Re: [gt-user] Security
Descriptors
Same result.
Maxime
2008/6/5 Rachana Ananthakrishnan
<[EMAIL PROTECTED]>:
try someScope-authzConfigFile rather
than someScope:authzConfigFile.
Rachana
________________________________
From: BRACHET Maxime [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2008 8:25
AM
To: Rachana Ananthakrishnan
Subject: Re: [gt-user] Security
Descriptors
Yes,
Here it is :
<?xml version="1.0"
encoding="UTF-8"?>
<deployment
name="defaultServerConfig"
xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<service
name="examples/security/firstm/PictureService" provider="Handler"
use="literal" style="document">
<parameter name="className"
value="org.globus.examples.services.core.firstm.impl.PictureService"/>
<wsdlFile>share/schema/examples/PictureService_instance_s/Picture_service.ws
dl</wsdlFile>
<parameter
name="allowedMethods" value="*"/>
<parameter
name="securityDescriptor"
value="etc/org_globus_examples_services_security_firstm/security-config-firs
t.xml"/>
<parameter
name="someScope:authzConfigFile" value="/tmp/Picture.authz"/>
<parameter
name="handlerClass" value="org.globus.axis.providers.RPCProvider"/>
<parameter name="scope"
value="Application"/>
<parameter name="providers"
value="GetRPProvider"/>
<parameter
name="loadOnStartup" value="true"/>
</service>
</deployment>
Regards,
Maxime.
2008/6/5 Rachana Ananthakrishnan
<[EMAIL PROTECTED]>:
I just tested it and it looks like
the search order is defined here:
public static final String[]
CONFIG_LOCATIONS =
{"",".", "/etc",
"/etc/grid-security"};
Can you paste your configuration in
server-config.wsdd?
Rachana
________________________________
From: BRACHET Maxime
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2008 1:29
AM
To: Rachana Ananthakrishnan
Cc: Tom Scavo; [email protected]
Subject: Re: [gt-user] Security
Descriptors
Hi,
Here is the debug output :
2008-06-04 09:23:41,867 DEBUG
authorization.LocalConfigPDP [main,findConfigFile:147] Trying authz file:
/home/maxime/example/service-authz.conf
2008-06-04 09:23:41,873 DEBUG
authorization.LocalConfigPDP [main,findConfigFile:147] Trying authz file:
/home/maxime/example/./service-authz.conf
2008-06-04 09:23:41,874 DEBUG
authorization.LocalConfigPDP [main,findConfigFile:147] Trying authz file:
/etc/service-authz.conf2008-06-04 09:23:41,874 DEBUG
authorization.LocalConfigPDP [main,findConfigFile:147] Trying authz file:
/etc/grid-security/service-authz.conf
2008-06-04 09:23:41,875 DEBUG
authorization.LocalConfigPDP [main,findConfigFile:149] Security config file
found: /etc/grid-security/service-authz.conf
2008-06-04 09:23:41,875 DEBUG
authorization.LocalConfigPDP [main,readConfigFile:168] Reading config file:
/etc/grid-security/service-authz.conf
2008-06-04 09:23:41,885 DEBUG
authorization.LocalConfigPDP [main,readConfigFile:184] Subject:
"/O=Grid/OU=GlobusTest/OU=simpleCA-ozzy-6.tml.hut.fi/OU=tml.hut.fi/CN=Maxime
"
Rights:
"{http://www.globus.org/namespaces/examples/security/PictureService_instance
}resize;{http://www.globus.org/namespaces/examples/security/PictureService_i
nstance}getValueRP
<http://www.globus.org/namespaces/examples/security/PictureService_instance%
7Dresize%3B%7Bhttp://www.globus.org/namespaces/examples/security/PictureServ
ice_instance%7DgetValueRP> "
He doesn't search the file I give to
him in the deploy-server.wsdd parameter someScope:authzConfigFile .
Regards,
Maxime.
2008/6/3 Rachana Ananthakrishnan
<[EMAIL PROTECTED]>:
Add this line to
$GLOBUS_LOCATION/container-log4j.properties and send me the output please.
log4j.category.org.globus.wsrf.impl.security.authorization=DEBUG
Rachana
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of BRACHET Maxime
Sent: Tuesday, June 03, 2008 3:31 AM
To: Tom Scavo
Cc: [email protected]
Subject: Re: [gt-user] Security
Descriptors
Hi,
Yes it helps, I successful configure
the server and client but when I tried to execute the methods, he said that
I am not allowed. And it return this error on the server :
"LocalConfigPDP: No security config
file found"
But I put the parameters :
<parameter
name="someScope-authzConfigFile"
value="/path/to/config/file" />
using an absolute path.
I there a way to debug the globus
container to show if he is searching for a particular file or something like
that ?
Regards,
Maxime.
2008/6/2 Tom Scavo
<[EMAIL PROTECTED]>:
This is GT 4.0, right? Start by
doing the following google search:
site:globus.org "security
descriptor"
Briefly, in the security descriptor
(my-security-descriptor.xml), you
would write something like:
<securityConfig
xmlns="http://www.globus.org";>
<auth-method>
<GSITransport/>
<GSISecureMessage/>
</auth-method>
<authz
value="someScope:org.globus.wsrf.impl.security.authorization.LocalConfigPDP"
/>
</securityConfig>
Then in the service descriptor
(server-config.wsdd), write:
<?xml version="1.0"
encoding="UTF-8"?>
<deployment
name="SecurityContextEchoServiceConfig"
xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<service name="MyService"
provider="Handler"
use="literal" style="document">
<!-- various parameters omitted
here -->
<parameter
name="securityDescriptor"
value="/path/to/my-security-descriptor.xml"/>
<parameter
name="someScope-authzConfigFile"
value="/path/to/config/file" />
<!-- additional parameters
omitted here -->
</service>
</deployment>
Hope this helps,
Tom
On Mon, Jun 2, 2008 at 7:25 AM,
BRACHET Maxime <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I wanted to use security
descriptor to restraint the access of one service.
> To be simple I wanted to use
>
"someScope:org.globus.wsrf.impl.security.authorization.LocalConfigPDP"
> But I cant find any information
about The property authzConfigFile and where
> to put the SecirityConfig part, in
which file ?
> Is there any complete example of
how to use Security descriptors ?
>
> Regards,
> Maxime.
>
