Ok, we're now set to give this a try.
First of all, we'll need to build the service:
./tutorial_build.sh \ org/globus/progtutorial/services/security/first \ schema/progtutorial/MathService/Math.gwsdl
Now, we have to deploy it. Remember that you should do this from the globus account:
ant deploy \ -Dgar.name=$TUTORIAL_DIR/build/lib/org_globus_progtutorial_services_security_first.gar
Since we are using the logging classes in the service, we'll need to activate logging for our service. Add the following line at the end of $GLOBUS_LOCATION/ogsilogging.properties:
org.globus.progtutorial.services.security.first.impl.MathProvider=console,info
Before we start the container, make sure you've created a proxy certificate for the globus account (this procedure was described in this page). We need to create a proxy certificate because the default behavior in GT3 is to use the proxy certificate for authentication. Of course, we can also configure the container to directly use other certificates, but the tutorial currently doesn't cover that (although it eventually will).
Once you've created the proxy certificate, start the container (using the globus account):
globus-start-container
Let's compile the client:
javac \ -classpath ./build/classes/:$CLASSPATH \ org/globus/progtutorial/clients/MathService/ClientGSIConvEncrypt.java
Before running any of the client applications, we also need to create a proxy certificate for our user account (in my case, borja). Again, the default behavior in the client-side is to use a proxy certificate for authentication, so we need to create one first.
Now, run the client:
java \ -classpath ./build/classes/:$CLASSPATH \ org/globus/progtutorial/clients/MathService/ClientGSIConvEncrypt \ http://127.0.0.1:8080/ogsa/services/progtutorial/security/first/MathService \ 5
If all goes well, you should see this in the client side:
Added 5 Subtracted 1 Current value: 4
And the following on the server side:
INFO: SECURITY INFO FOR METHOD 'add'
INFO: The caller is:/O=Globus/OU=GT3 Tutorial/CN=Borja Sotomayor
INFO: INVOCATION SUBJECT
INFO: Subject:
Principal: /O=Globus/OU=GT3 Tutorial/CN=Globus 3 Administrator
Private credential: org.globus.gsi.gssapi.GlobusGSSCredentialImpl@ae1393
INFO: SERVICE SUBJECT
INFO: NULL
INFO: SYSTEM SUBJECT
INFO: Subject:
Principal: /O=Globus/OU=GT3 Tutorial/CN=Globus 3 Administrator
Private credential: org.globus.gsi.gssapi.GlobusGSSCredentialImpl@ae1393
Notice how the caller's subject is the one in my account's certificate while the invocation and system subject is the subject of the certificate belonging to the globus account.