We are now ready to give this secure service a try.
Compile and deploy
First of all, we'll need to build the service:
./globus-build-service.sh sec_first
Now, we have to deploy it. Remember that you have to do this from the globus account:
globus-deploy-gar $EXAMPLES_DIR/org_globus_examples_services_security_first.gar
Starting the container
At this point you might be thinking that we will now be running the container without the -nosec flag we've been using so far to "deactivate security". Well, you thought wrong! :-)
globus-start-container -nosec
At this point, we can clarify what the -nosec flag does. It only deactivates transport-level security, but not message-level security. So, we can still use GSI Secure Conversation and GSI Secure Message. The reason why we're not using transport-level security (yet) is because, as part of our test of this service, we will be using a tool included with the Globus Toolkit that can intercept the SOAP messages. However, this tool won't work if we use transport-level security, so you should use the -nosec flag if you want to participate in our little experiment. In the following chapters, on the other hand, you can use the -nosec flag at your discretion (unless otherwise noted).
Compiling the client
Let's compile the client:
javac \ -classpath ./build/stubs/classes/:$CLASSPATH \ org/globus/examples/clients/MathService_instance_4op/Client_GSISecConv_Encrypt.java
Running the client
Before running the client, we will need to create a proxy certificate for our user account. We have to do this because the default behavior in the client-side is to use a proxy certificate for authentication. In the next chapter we will see how we can configure a client to use a specific set of credentials, instead of using a proxy certificate.
To create a proxy certificate, run the following from your user account:
grid-proxy-init
You will see the following:
Your identity: /O=Globus/OU=GT4 Examples/CN=Globus 4 User Enter GRID pass phrase for this identity:
The password you must enter is the one you entered when creating your user certificate (as described in the official installation guide). Once you've entered the password, you will see the following:
Creating proxy .......................................... Done Your proxy is valid until: Sun Apr 24 04:28:26 2005
![[Warning]](images/warning.png) | |
Globus proxy certificates expire by default in 12 hours. If you get a "proxy expired" or "no valid credentials found" error message later on, this probably means that your proxy certificate has expired. Simply create a new one using |
Now, run the client:
java \ -classpath ./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance_4op.Client_GSISecConv_Encrypt \ http://127.0.0.1:8080/wsrf/services/examples/security/first/MathService
If all goes well, you should see this in the client side:
Addition was successful Subtraction was successful Multiplication was successful Division was successful Current value: 20
And the following on the server side:
SECURITY INFO FOR METHOD 'add'
The caller is: /O=Globus/OU=GT4 Examples/CN=Globus 4 User
... other security information ...
![[Note]](images/note.png) | |
Remember that the |
Notice how the service has correctly authenticated the client, and prints out its distinguished name: /O=Globus/OU=GT4 Examples/CN=Globus 4 User.