Let's give it a try...

Ok, we're now set to give this a try.

Compile and deploy

First of all, we'll need to build the service:

./tutorial_build.sh \
org/globus/progtutorial/services/security/first \
schema/progtutorial/MathService/Math.gwsdl

Now, we have to deploy it. Remember that you should do this from the globus account:

ant deploy \
-Dgar.name=$TUTORIAL_DIR/build/lib/org_globus_progtutorial_services_security_first.gar

Activating logging

Since we are using the logging classes in the service, we'll need to activate logging for our service. Add the following line at the end of $GLOBUS_LOCATION/ogsilogging.properties:

org.globus.progtutorial.services.security.first.impl.MathProvider=console,info

Starting the container

Before we start the container, make sure you've created a proxy certificate for the globus account (this procedure was described in this page). We need to create a proxy certificate because the default behavior in GT3 is to use the proxy certificate for authentication. Of course, we can also configure the container to directly use other certificates, but the tutorial currently doesn't cover that (although it eventually will).

Once you've created the proxy certificate, start the container (using the globus account):

globus-start-container

Compiling the client

Let's compile the client:

javac \
-classpath ./build/classes/:$CLASSPATH \
org/globus/progtutorial/clients/MathService/ClientGSIConvEncrypt.java

Before running any of the client applications, we also need to create a proxy certificate for our user account (in my case, borja). Again, the default behavior in the client-side is to use a proxy certificate for authentication, so we need to create one first.

Now, run the client:

java \
-classpath ./build/classes/:$CLASSPATH \
org/globus/progtutorial/clients/MathService/ClientGSIConvEncrypt \
http://127.0.0.1:8080/ogsa/services/progtutorial/security/first/MathService \
5

If all goes well, you should see this in the client side:

Added 5
Subtracted 1
Current value: 4

And the following on the server side:

INFO: SECURITY INFO FOR METHOD 'add'
INFO: The caller is:/O=Globus/OU=GT3 Tutorial/CN=Borja Sotomayor

INFO: INVOCATION SUBJECT
INFO: Subject:
        Principal: /O=Globus/OU=GT3 Tutorial/CN=Globus 3 Administrator
        Private credential: [email protected]

INFO: SERVICE SUBJECT
INFO: NULL

INFO: SYSTEM SUBJECT
INFO: Subject:
        Principal: /O=Globus/OU=GT3 Tutorial/CN=Globus 3 Administrator
        Private credential: [email protected]

Notice how the caller's subject is the one in my account's certificate while the invocation and system subject is the subject of the certificate belonging to the globus account.