11.2. The security descriptor

The heart of a secure service is its security descriptor. This file specifies the security configuration for a service. One of the really neat things about the security descriptor is that it centralizes practically all the security configuration for a service. So, if we decide to modify some security aspects of a service, we will only need to modify the security descriptor, not the Java files.

In the next chapter, we will take a much closer look at this special file and its syntax. For now, we will be using the following security descriptor:

<securityConfig xmlns="http://www.globus.org">

	<authz value="none"/>

</securityConfig>
[Note]

This is file $EXAMPLES_DIR/org/globus/examples/services/security/first/etc/security-config-first.xml

This security descriptor simply specifies that we will not be performing any authorization (none). As we will see in the next chapter, the fact that we have not specified anything else basically means that the client will be free to use any type of security it wants. For example, we will be configuring our client to use GSI Secure Conversation.

Of course, we'll need to tell our service that we want it to use that security descriptor. To do this, we have to add the following parameter to the WSDD file. Notice that the path to the security descriptor is relative to $GLOBUS_LOCATION.

<parameter name="securityDescriptor"
	value="etc/org_globus_examples_services_security_first/security-config-first.xml"/>
[Note]

The WSDD file for this service is $EXAMPLES_DIR/org/globus/examples/services/security/first/deploy.wsdd

Our service's name is "examples/security/first/MathService".