A secure service

The service interface

The interface for our secure grid service is just our ordinary everyday add, subtract, and getValue from the first chapters of the previous part (GT3 Core).

[Note]

The GWSDL file for this example can be found here: $TUTORIAL_DIR/schema/progtutorial/MathService/Math.gwsdl

There is no need to create a new GWSDL file since adding security to a service doesn't affect the interface description (i.e. the GWSDL file)

The service implementation

We will be using an OperationProvider to implement our service. This operation provider will include the add, subtract, and getValue implementations, callback methods (although we'll only implement postCreate), and an additional private method logSecurityInfo which will log certain security information. In this example, the information logged by this method won't be very useful, but it will be relevant in future examples.

[Note]

The full code for the OperationProvider can be found in $TUTORIAL_DIR/org/globus/progtutorial/services/security/first/impl/MathProvider.java

We'll now take a close look at the more relevant parts of the code.

The implementation of the public methods is very simple. Notice how we're calling logSecurityInfo in all of them:

public void add(int a) throws RemoteException
{
  logSecurityInfo("add");
  value = value + a;
}

public void subtract(int a) throws RemoteException
{
  logSecurityInfo("subtract");
  value = value - a;
}

public int getValue() throws RemoteException
{
  logSecurityInfo("getValue");
  return value;
}

The postCreate callback method simply calls logSecurityInfo:

public void postCreate(GridContext context) throws GridServiceException
{
  logSecurityInfo("postCreate");
}

Finally, the logSecurityInfo writes some security information to the container's log. As mentioned earlier, this code won't have any relevance until we move on to the following examples. In fact, we won't be paying special attention to any of this code (except the part where it writes the caller's identity to the log, highlighted in bold)

private void logSecurityInfo(String methodName)
{
  Subject subject;
  logger.info("SECURITY INFO FOR METHOD '" + methodName + "'");
  
  // Print out the caller
  String identity = SecurityManager.getManager().getCaller();
  logger.info("The caller is:" + identity);

  // Print out the caller's subject
  subject = JaasSubject.getCurrentSubject();
  logger.info("INVOCATION SUBJECT");
  logger.info(subject==null?"NULL":subject.toString());

  // Print out service subject
  logger.info("SERVICE SUBJECT");
  subject = SecurityManager.getManager().getServiceSubject(base);
  logger.info(subject==null?"NULL":subject.toString());

  // Print out system subject
  logger.info("SYSTEM SUBJECT");
  try{
    subject = SecurityManager.getManager().getSystemSubject();
    logger.info(subject==null?"NULL":subject.toString());
  }catch(Exception e)
  {
      logger.warn("Unable to obtain service subject");
  }
}

Notice how enabling security in a grid service doesn't affect the server-side code at all (at least at this point; more complicated security scenarios will require that we add code on the server-side).