Menu
▾
▴
Re: [gridsam-discuss] Security in GridSAM/BES
|
From: I. M. C. <i....@fd...> - 2010-12-13 15:48:08
|
Hi,
my apologizes, I forgot to remove the handlers in the client-side. Now
GridSAM works without authentication.
Then, I take up again the BES service. Thus, my server config about BES
is:
<service name="bes" provider="java:MSG" style="message" use="literal">
<wsdlFile>org/icenigrid/gridsam/resource/schema/wsdl/bes.wsdl</wsdlFile>
<requestFlow>
<!--<handler type="soapmonitor"/>-->
<!--<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="UsernameToken"/>
<parameter name="passwordCallbackClass"
value="org.icenigrid.gridsam.bes.webservice.common.PWCallback"/>
</handler>-->
</requestFlow>
<responseFlow>
<!--<handler type="soapmonitor"/>-->
</responseFlow>
<parameter name="allowedMethods" value="*"/>
<parameter name="scope" value="application"/>
<parameter name="className"
value="org.icenigrid.gridsam.bes.webservice.axis.BasicExecutionServiceAxisImpl"/>
</service>
But the execution of the BESCreateActivity (without myproxy, similar to
GridSAMSubmit) shows:
$ java -cp .. GridSAMClient BESCreateActivity -s
http://localhost:8080/gridsam/services/bes?wsdl -j test.jsdl
2010-12-13 16:38:06,170 FATAL [BESCreateActivity] (main:) unable to
create activity: java.lang.SecurityException: attempting to add an
object which is not an instance of java.security.Principal to a
Subject's Principal Set
2010-12-13 16:38:06,175 FATAL [BESCreateActivity] (main:) AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.lang.SecurityException: attempting to add an object
which is not an instance of java.security.Principal to a Subject's
Principal Set
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:mc01
I hope some glue to fix this problem. Regards.
On Mon, 2010-12-13 at 15:27 +0100, I. Marín Carrión wrote:
> Dear all,
>
> In order to focus the problem, I have left for now the BES service (and
> my own BES clients) and now I am using the GridSAM service.
>
> My intention is using the client without authentication. So, I have done
> the next changes.
>
> In server-config.wsdd: I have disabled the section "<!-- GridSAM with
> OMII WS-Security -->" and enabled the section "without WS-Security".
> Also, I have set the property allowUnauthorised to true.
>
> Also, I have deleted all lines about myproxy in the GridSAMSubmit.java.
> The new compiled jar is placed in webapps/gridsam/WEB-INF/lib and in
> client/lib.
>
> Thus, when I execute the primes_file.pl demo I always get "Jobs
> outstanding: 10. Jobs completed: 0. Jobs failed: 0". This problem
> disappears enabling the security in server-config.wsdd (even if the new
> gridsam-client.jar is still present).
>
> I hope any idea to fix this problem.
>
> Best regards.
>
> On Thu, 2010-12-09 at 14:05 +0000, Justin Bradley wrote:
> > Hi,
> >
> > In webapps/gridsam/WEB-INF/classes/GridSAMService.properties you will find a property called allowUnauthorised.
> > Try setting this to be 'true', as it is 'false' by default. Restart your container and see if this fixes your problem.
> >
> > Regards,
> > Justin
> >
> >
> > On 9 Dec 2010, at 09:45, I. Marín Carrión wrote:
> >
> > > Dear all,
> > >
> > > this is a grid developer from Complutense University of Madrid, Spain.
> > >
> > > We are using GridSAM as testing platform for our BES clients. These
> > > clients do not use any authentication method (for now) and so we have
> > > disabled any security mechanism from GridSAM. Thus, we comment the
> > > section from server-config.wsdd where "<!-- BES with OMII WS-Security
> > > -->" and uncomment where "<!-- BES withOut OMII WS-Security +
> > > Username/Password -->", but commenting also in this section the next
> > > lines:
> > >
> > > <!--<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> > > <parameter name="action" value="UsernameToken"/>
> > > <parameter name="passwordCallbackClass"
> > > value="org.icenigrid.gridsam.bes.webservice.common.PWCallback"/>
> > > </handler>-->
> > >
> > >
> > > However, when I try to submit a job using my own client, this provides
> > > an security exception: "java.lang.SecurityException: attempting to add
> > > an object which is not an instance of java.security.Principal to a
> > > Subject's Principal Set", which is thrown by
> > > org/apache/axis/client/Call.invoke().
> > >
> > > Therefore, Should I make some changes more to disable any security
> > > mechanism of GridSAM/BES?
> > >
> > > Best regards.
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > This SF Dev2Dev email is sponsored by:
> > >
> > > WikiLeaks The End of the Free Internet
> > > http://p.sf.net/sfu/therealnews-com
> > > _______________________________________________
> > > GridSAM-Discuss mailing list
> > > Gri...@li...
> > > https://lists.sourceforge.net/lists/listinfo/gridsam-discuss
> >
> > --
> > Justin Bradley
> > Senior Software Consultant
> > jb...@ec...
> > OMII-UK / EPrints Services
> > Bay 22, 4067, B32
> > University of Southampton
> >
> >
> >
> >
> >
>
>
>
> ------------------------------------------------------------------------------
> Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL,
> new data types, scalar functions, improved concurrency, built-in packages,
> OCI, SQL*Plus, data movement tools, best practices and more.
> http://p.sf.net/sfu/oracle-sfdev2dev
> _______________________________________________
> GridSAM-Discuss mailing list
> Gri...@li...
> https://lists.sourceforge.net/lists/listinfo/gridsam-discuss
|
