Testing the different authentication methods

Compile and deploy

If you were expecting to perform that tedious compile + deploy routine again, don't worry: the two services described in this section were deployed along with the previous section's service. Remember that we're only changing some parameters in the deployment descriptor; we're reusing all the server-side code. However, if you haven't compiled and deployed the example from the previous chapter, you should do so right now to be able to try out the example client which is going to be described now.

[Note]

This is also a good moment to remind you that you should be using the downloadable examples included with the tutorial. What's that? You still haven't read the Introduction to the GT3 Security Services part of the tutorial? If you haven't done so yet, please do, and remember to use the downloadable examples available in the tutorial website to follow this part of the tutorial.

The clients

We are going to invoke the methods on this instance with three different clients. This will allow us to observe how the server denies certain invocations if they don't meet the conditions specified in the security configuration file. These three clients are:

  • Encryption Client : Configured to request an encrypted conversation. $TUTORIAL_DIR/org/globus/progtutorial/clients/MathService/ClientGSIConvEncrypt.java

  • Signed Client : Configured to request a signed conversation (integrity). $TUTORIAL_DIR/org/globus/progtutorial/clients/MathService/ClientGSIConvSigned.java

  • No Security Client : Configured to request a non secure conversation. $TUTORIAL_DIR/org/globus/progtutorial/clients/MathService/ClientNoSecurity.java

Remember we used the ClientGSIConvEncrypt client in the previous section. The other two clients (ClientGSIConvSigned and ClientNoSecurity) are exactly the same and only differ in the stub properties they set to configure security.

Encryption client

The encryption client sets the following stub properties:

((Stub)math)._setProperty(Constants.GSI_SEC_CONV,Constants.ENCRYPTION);
((Stub)math)._setProperty(Constants.AUTHORIZATION,NoAuthorization.getInstance());

Let's compile this client:

javac \
-classpath ./build/classes/:$CLASSPATH \
org/globus/progtutorial/clients/MathService/ClientGSIConvEncrypt.java

And now, let's run it:

java \
-classpath ./build/classes/:$CLASSPATH \
org/globus/progtutorial/clients/MathService/ClientGSIConvEncrypt \
http://127.0.0.1:8080/ogsa/services/progtutorial/security/first/MathAuthService \
5

You should see the following output:

Added 5

ERROR: GSI Secure Conversation (signature only) authentication required for
"{http://www.globus.org/namespaces/2004/02/progtutorial/MathService}subtract" operation.

Current value: 5

Let's take a look at what just happened:

  • We can invoke add because we're allowing both encrypted and signed conversations.

  • We can't invoke subtract because we're only allowing signed conversations.

  • No problem accessing getValue since no security is required. However, this doesn't mean we can't use security.

Signed Client

This client makes a secure invocation using only a digital signature which guarantees integrity but not privacy. To do this, we have to set the following stub properties:

((Stub)math)._setProperty(Constants.GSI_SEC_CONV,Constants.SIGNATURE);
((Stub)math)._setProperty(Constants.AUTHORIZATION,NoAuthorization.getInstance());

Let's compile and run the client:

javac \
-classpath ./build/classes/:$CLASSPATH \
org/globus/progtutorial/clients/MathService/ClientGSIConvSigned.java
java \
-classpath ./build/classes/:$CLASSPATH \
org/globus/progtutorial/clients/MathService/ClientGSIConvSigned \
http://127.0.0.1:8080/ogsa/services/progtutorial/security/first/MathAuthService \
5

You should see the following output:

Added 5

Subtracted 1

Current value: 9

What just happened?

  • We can invoke add and subtract because, in both methods, we are allowing signed conversations.

  • No problem accessing getValue since no security is required.

No security

Since this client has no security at all, we don't have to set any stub properties. Let's go straight to compiling and running:

javac \
-classpath ./build/classes/:$CLASSPATH \
org/globus/progtutorial/clients/MathService/ClientNoSecurity.java
java \
-classpath ./build/classes/:$CLASSPATH \
org/globus/progtutorial/clients/MathService/ClientNoSecurity \
http://127.0.0.1:8080/ogsa/services/progtutorial/security/first/MathAuthService \
5

You should see the following output:

ERROR: GSI Secure Conversation authentication required for
"{http://www.globus.org/namespaces/2004/02/progtutorial/MathService}add" operation.

ERROR: GSI Secure Conversation (signature only) authentication required for
"{http://www.globus.org/namespaces/2004/02/progtutorial/MathService}subtract" operation.

Current value: 9

The meaning of these messages are pretty straightforward: Both add and subtract fail since both require a secure conversation. However, we have no problem accessing getValue since no security is required.