[gridsam-discuss] Security in GridSAM/BES

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear all,

this is a grid developer from Complutense University of Madrid, Spain. 

We are using GridSAM as testing platform for our BES clients. These
clients do not use any authentication method (for now) and so we have
disabled any security mechanism from GridSAM. Thus, we comment the
section from server-config.wsdd where "<!-- BES with OMII WS-Security
-->" and uncomment where "<!-- BES withOut OMII WS-Security +
Username/Password -->", but commenting also in this section the next
lines:

<!--<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
                <parameter name="action" value="UsernameToken"/>
                <parameter name="passwordCallbackClass"
value="org.icenigrid.gridsam.bes.webservice.common.PWCallback"/>
            </handler>-->

However, when I try to submit a job using my own client, this provides
an security exception: "java.lang.SecurityException: attempting to add
an object which is not an instance of java.security.Principal to a
Subject's Principal Set", which is thrown by
org/apache/axis/client/Call.invoke().

Therefore, Should I make some changes more to disable any security
mechanism of GridSAM/BES?

Best regards.