Administration
Securing a Grid Service
 |
 |
 |
 |
Table of Contents |
 |
 |
 |
 |
Open CaGridTutorialService in Introduce
In a system terminal execute the following commands to launch Introduce
%> cd %CAGRID_LOCATION% %> ant introduce
- Click the Modify Service button. In the file browser that pops up, browse to and select the C:\CaGridTutorialService directory and click the Open button. The Modify Service Interface window will appear.
Configure Secure Communication
To ensure the integrity and privacy of the communication between clients and the CaGridTutorialService, we must configure the service to require secure communication. In most cases and for the purpose of this tutorial you will use transport layer security or https. To configure your service to require https complete the following steps:
- From the Modify Service Interface window, select the Security tab.
- Select the Custom radio button.
- Select the Transport Level Security check box.
- Select Privacy from the Communication Method drop down in the Transport Layer Security (TLS) section.
 |
| Modifying service level security parameters |
Configure Authorization with Grid Grouper
 |
| {} |
GridGrouper is a group/virtual organization management solution for the grid, providing a group based authorization solution for the grid, where grid services and applications enforce authorization policy based on membership to groups defined and managed at the grid level. For this tutorial we will restrict access to the findGenesSharePathways method of the CaGridTutorialService to users who are members of a Trainees group in the training GridGrouper. This can be done using Introduce by completing the following steps:
- From the Modify Service Interface window, select the Operations tab.
- Select the findGenesSharePathways method and click the Modify button, this will bring up the Build/Modify Operation window for the findGenesSharePathways method.
- From Build/Modify Operation window for the findGenesSharePathways method, select the Security tab.
- Within the Security tab select the Authorization tab.
- From the Authorization Mechanism drop down menu, select Grid Grouper, the GridGrouper configuration details should appear.
- From the Load Grid Grouper section in the lower left hand portion of the screen, select the URL, https://training.cagrid.org:8443/wsrf/services/cagrid/GridGrouper
from the drop down and click the Load button. You will see the training GridGrouper load in the GridGrouper Browser section on the left hand side. - In the GridGrouper Expression Editor on the right hand side, select AND.
- In the GridGrouper Browser, traverse the Training GridGrouper (https://training.cagrid.org:8443/wsrf/services/cagrid/GridGrouper) => Training => Trainees, selecting the Trainees group.
- Click the Add Group button in the lower right part of the window.
- Click the Done button, this will close Build/Modify Operation window.
- Click the Save button, Introduce will save and write out the service with the security configuration you specified, that is only users whom are members of Trainees group may access the findGenesSharePathways method of the CaGridTutorialService.
Deploy the Secure Grid Service
- Click the Deploy Service button at the top of the Introduce portal. Using the file selection dialog, browse to the root directory of your newly created data service ( C:\CaGridTutorialService ). When the service deployment dialog appears, set the Deployment Location to GLOBUS_LOCATION using the drop down provided.
 |
| Deployment properties |
- Click the Deploy button to deploy the data service to the Globus Location.
Restart Secure Globus Container
- Using a new command prompt, change to the Globus location directory and start up Globus. (If globus is already running, be sure to terminate it before you proceed with starting another one.)
%> cd %GLOBUS_LOCATION%\bin %> globus-start-container.bat -containerDesc ..\..\certificates\security-descriptor.xml