Access Keys:
Skip to content (Access Key - 0)

CDS

Programmatically Obtaining a Delegated Credential

[ CDS: Administrators Guide | Design | Developers Guide | Users Guide | caGrid: Documentation Guides ]

Obtaining a delegated credential allows one user (delegatee) to act on another user's behalf (delegator). In order to obtain a delegated credential the delegatee must have been granted access by the delegator to their credential. This is accomplished when the delegator delegates their credential to the CDS with a policy that grants the delegatee the right to obtain the credential. In order to obtain the delegator's credential the delegatee must (1) Specify which credential they wish to obtain and (2) authenticate with the CDS. A DelegatedCredentialReference is used to specify which credential a delegatee wishes to obtain. When a delegator delegates their credential they are given a DelegatedCredentialReference which they can give to the delegatee(s) such that they can later supply to the CDS to obtain a credential (Guide to Delegating Credentials). To authenticate with the CDS, the delegatee uses their own credential and assuming that the delegatee was granted access to by the delegator, the delegatee will be able to obtain a credential. The example source code below illustrates how to use the CDS client API to retrieve a delegated credential. For the purposed of the guide we assume that the DelegatedCredentialReference variable, reference was provided to us by a delegator.

import gov.nih.nci.cagrid.common.security.ProxyUtil;

import org.cagrid.gaards.cds.client.DelegatedCredentialUserClient;
import org.cagrid.gaards.cds.delegated.stubs.types.DelegatedCredentialReference;
import org.globus.gsi.GlobusCredential;


public class DelegationExample {

    public static void getDelegateCredential(DelegatedCredentialReference reference) throws Exception {
        // The default credential or the user that is currently logged in.

        GlobusCredential credential = ProxyUtil.getDefaultProxy();

        // Create and Instance of the delegate credential client, specifying the
        // DelegatedCredentialReference and the credential of the delegatee. The
        // DelegatedCredentialReference specifies which credential to obtain.
        // The delegatee's credential is required to authenticate with the CDS such
        // that the CDS may determing if the the delegatee has been granted access
        // to the credential in which they wish to obtain.

        DelegatedCredentialUserClient client = new DelegatedCredentialUserClient(reference, credential);

        // The get credential method obtains a signed delegated credential from
        // the CDS.

        GlobusCredential delegatedCredential = client.getDelegatedCredential();

        // Set the delegated credential as the default, the delegatee is now
        // logged in as the delegator.

        ProxyUtil.saveProxyAsDefault(delegatedCredential);

    }

}
Last edited by
Stephen Langella (1178 days ago)
Adaptavist Theme Builder Powered by Atlassian Confluence