diff -u -r source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/exec/JobManagerScript.java /home/lane/Development/Globus/globus_4_0_branch/ws-gram/service/java/source/src/org/globus/exec/service/exec/JobManagerScript.java --- source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/exec/JobManagerScript.java 2005-04-18 12:11:18.000000000 -0600 +++ /home/lane/Development/Globus/globus_4_0_branch/ws-gram/service/java/source/src/org/globus/exec/service/exec/JobManagerScript.java 2005-11-09 13:09:15.000000000 -0700 @@ -29,6 +29,7 @@ import org.globus.exec.generated.FilePairType; import org.globus.exec.generated.ScriptCommandEnumeration; import org.globus.exec.generated.StateEnumeration; +import org.globus.exec.service.utils.AuthorizationHelper; import org.globus.exec.service.utils.GlobusShToolsProperties; import org.globus.gram.internal.GRAMConstants; @@ -125,15 +126,21 @@ GlobusShToolsProperties toolPathProps = GlobusShToolsProperties.getInstance(); + String gridMapAndExecute = new File( + globusLocation + GLOBUS_GRIDMAP_AND_EXECUTE).toString(); String gridMapFile = null; - try { + try + { gridMapFile = ContainerSecurityConfig.getConfig().getSecurityDescriptor() .getGridMapFile(); - } catch (Exception e) + } + catch (Exception e) { throw new RuntimeException(e); } + boolean authzGridmap + = AuthorizationHelper.isAuthorizationGridmap(); Vector commandVector = new Vector(); if (!System.getProperty("user.name").equals(this.username)) { @@ -142,13 +149,15 @@ commandVector.add("-u"); commandVector.add(this.username); commandVector.add("-S"); - } - commandVector.add( - new File(globusLocation + GLOBUS_GRIDMAP_AND_EXECUTE).toString()); - if (gridMapFile != null) - { - commandVector.add("-g"); - commandVector.add(gridMapFile); + if (authzGridmap) + { + commandVector.add(gridMapAndExecute); + if (gridMapFile != null) + { + commandVector.add("-g"); + commandVector.add(gridMapFile); + } + } } commandVector.add(new File(globusLocation + SCRIPT).toString()); commandVector.add("-m"); diff -u -r source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/factory/ManagedJobFactoryService.java /home/lane/Development/Globus/globus_4_0_branch/ws-gram/service/java/source/src/org/globus/exec/service/factory/ManagedJobFactoryService.java --- source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/factory/ManagedJobFactoryService.java 2005-05-16 12:58:23.000000000 -0600 +++ /home/lane/Development/Globus/globus_4_0_branch/ws-gram/service/java/source/src/org/globus/exec/service/factory/ManagedJobFactoryService.java 2005-11-09 12:45:35.000000000 -0700 @@ -15,6 +15,7 @@ import java.util.Iterator; import java.util.LinkedList; +import org.apache.axis.MessageContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -50,6 +51,7 @@ import org.globus.wsrf.impl.notification.SubscribeHelper; import org.globus.wsrf.security.SecurityManager; import org.globus.wsrf.utils.AddressingUtils; +import org.globus.wsrf.utils.ContextUtils; import org.globus.wsrf.utils.PerformanceLog; public class ManagedJobFactoryService @@ -63,6 +65,10 @@ static I18n i18n = I18n.getI18n( org.globus.exec.utils.Resources.class.getName()); + private static FactoryServiceConfiguration SERVICE_CONFIGURATION = null; + + private static String SERVICE_PATH = null; + public ManagedJobFactoryService() { logger.trace("Creating ManagedJobFactoryService " + this); } @@ -83,6 +89,14 @@ } performanceLogger.start(); + //initialize the service path + if (ManagedJobFactoryService.SERVICE_PATH == null) + { + ManagedJobFactoryService.SERVICE_PATH + = ContextUtils.getTargetServicePath( + MessageContext.getCurrentContext()); + } + //========= Initial Termination Time Calendar requestedTermTime = @@ -224,8 +238,10 @@ * other types of jobs besides executable and multi */ + FactoryServiceConfiguration serviceConfiguration + = getServiceConfiguration(); String execJobServicePath - = serviceConfiguration.getManagedExecutableJobServicePath(); + = serviceConfiguration.getManagedExecutableJobServicePath(); ManagedJobHome execJobHome = (ManagedJobHome)ConfigurationHelper .getResourceHome(execJobServicePath); @@ -378,17 +394,30 @@ return response; } - private static FactoryServiceConfiguration serviceConfiguration; - + public static FactoryServiceConfiguration getServiceConfiguration() { - try { - serviceConfiguration = (FactoryServiceConfiguration) - ConfigurationHelper.getServiceConfiguration(); - } catch (Exception e) { - String errorMessage = i18n.getMessage( - Resources.JNDI_MJFS_CONFIG_ERROR); - logger.error(errorMessage, e); - throw new RuntimeException(errorMessage, e); + if (ManagedJobFactoryService.SERVICE_CONFIGURATION == null) + { + try + { + ManagedJobFactoryService.SERVICE_CONFIGURATION + = (FactoryServiceConfiguration) + ConfigurationHelper.getServiceConfiguration(); + } + catch (Exception e) + { + String errorMessage = i18n.getMessage( + Resources.JNDI_MJFS_CONFIG_ERROR); + logger.error(errorMessage, e); + throw new RuntimeException(errorMessage, e); + } } - }; + + return ManagedJobFactoryService.SERVICE_CONFIGURATION; + } + + public static String getServicePath() + { + return ManagedJobFactoryService.SERVICE_PATH; + } } diff -u -r source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/utils/UserProxyCreator.java /home/lane/Development/Globus/globus_4_0_branch/ws-gram/service/java/source/src/org/globus/exec/service/utils/UserProxyCreator.java --- source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/utils/UserProxyCreator.java 2005-04-18 12:11:24.000000000 -0600 +++ /home/lane/Development/Globus/globus_4_0_branch/ws-gram/service/java/source/src/org/globus/exec/service/utils/UserProxyCreator.java 2005-11-09 13:06:02.000000000 -0700 @@ -18,6 +18,7 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; +import java.util.Vector; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -89,59 +90,52 @@ = new File(factoryHomeConfiguration.getGlobusLocation() + "/libexec/globus-gram-local-proxy-tool").toString(); - String[] command; + String gridMapAndExecute + = new File(factoryHomeConfiguration + .getGlobusLocation() + + "/libexec/globus-gridmap-and-execute").toString(); + String gridMapFile + = ContainerSecurityConfig.getConfig() + .getSecurityDescriptor().getGridMapFile(); + boolean authzGridmap + = AuthorizationHelper.isAuthorizationGridmap(); + + Vector commandVector = new Vector(); if (!System.getProperty("user.name").equals( - this.credential.localUserId)) { - String gridMapAndExecute - = new File(factoryHomeConfiguration.getGlobusLocation() - + "/libexec/globus-gridmap-and-execute").toString(); - String gridMapFile - = ContainerSecurityConfig.getConfig() - .getSecurityDescriptor().getGridMapFile(); + this.credential.localUserId)) + { + commandVector.add(sudo); + commandVector.add("-u"); + commandVector.add(this.credential.localUserId); + commandVector.add("-S"); + if (authzGridmap) + { + commandVector.add(gridMapAndExecute); if (gridMapFile != null) { - command = new String[] { - sudo, - "-u", - this.credential.localUserId, - "-S", - gridMapAndExecute, - "-g", - gridMapFile, - proxyTool, - factoryHomeConfiguration.getGlobusLocation(), - "-write", - this.credential.userProxyFile.getPath() - }; - } else - { - command = new String[] { - sudo, - "-u", - this.credential.localUserId, - "-S", - gridMapAndExecute, - proxyTool, - factoryHomeConfiguration.getGlobusLocation(), - "-write", - this.credential.userProxyFile.getPath() - }; + commandVector.add("-g"); + commandVector.add(gridMapFile); } - } else { - command = new String[] { - proxyTool, - factoryHomeConfiguration.getGlobusLocation(), - "-write", - this.credential.userProxyFile.getPath() - }; + } } - if (logger.isDebugEnabled()) { - StringBuffer commandBuffer = new StringBuffer(command.length*2); - for (int index=0; index 0) { + commandVector.add(proxyTool); + commandVector.add( + factoryHomeConfiguration.getGlobusLocation()); + commandVector.add("-write"); + commandVector.add( + this.credential.userProxyFile.getPath()); + + if (logger.isDebugEnabled()) + { + StringBuffer commandBuffer + = new StringBuffer(commandVector.size()*2); + for (int index=0; index 0) + { commandBuffer.append(" "); } - commandBuffer.append(command[index]); + commandBuffer.append(commandVector.get(index)); } if (logger.isDebugEnabled()) { @@ -150,7 +144,8 @@ } } - proc = Runtime.getRuntime().exec(command); + proc = Runtime.getRuntime().exec( + (String[]) commandVector.toArray(new String[0])); stdout = proc.getInputStream(); @@ -268,7 +263,10 @@ for (int i = 0; i < chain.length; i++) { // this will skip the self-signed certificates - if (chain[i].getSubjectDN().equals(chain[i].getIssuerDN())) continue; + if (chain[i].getSubjectDN().equals(chain[i].getIssuerDN())) + { + continue; + } writePEM(out, chain[i]); } } catch (CertificateEncodingException e) { @@ -295,5 +293,4 @@ } return null; } - } --- source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/utils/AuthorizationHelper.java 2005-11-11 14:19:50.139651000 -0600 +++ source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/utils/AuthorizationHelper.java 2005-11-11 14:16:20.000000000 -0600 @@ -0,0 +1,73 @@ +/* + * Portions of this file Copyright 1999-2005 University of Chicago + * Portions of this file Copyright 1999-2005 The University of Southern California. + * + * This file or a portion of this file is licensed under the + * terms of the Globus Toolkit Public License, found at + * http://www.globus.org/toolkit/download/license.html. + * If you redistribute this file, with or without + * modifications, you must include this notice in the file. + */ +package org.globus.exec.service.utils; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.globus.exec.service.factory.ManagedJobFactoryService; +import org.globus.exec.utils.Resources; +import org.globus.util.I18n; +import org.globus.wsrf.Constants; +import org.globus.wsrf.container.ServiceHost; +import org.globus.wsrf.impl.security.descriptor.SecurityDescriptor; +import org.globus.wsrf.impl.security.descriptor.ServiceSecurityConfig; + +public class AuthorizationHelper +{ + static Log logger = LogFactory.getLog(AuthorizationHelper.class.getName()); + + private static I18n i18n = I18n.getI18n(Resources.class.getName()); + + private static final String GRIDMAP_AUTHZ_PDP_NAME = "gridmap"; + + private static boolean authorizationGridmap = false; + + static + { + logger.debug("getting factory service name"); + String factoryServiceName = ManagedJobFactoryService.getServicePath(); + + try + { + logger.debug("getting security descriptor for JNDI path " + + factoryServiceName); + SecurityDescriptor securityDescriptor + = ServiceSecurityConfig.getSecurityDescriptor( + factoryServiceName); + logger.debug("getting authz PDP name"); + String authzPDPName = securityDescriptor.getAuthz(); + + logger.debug("Detected authorization PDP plugin" + +" \"" + authzPDPName + "\""); + + if (authzPDPName.equals(GRIDMAP_AUTHZ_PDP_NAME)) + { + AuthorizationHelper.authorizationGridmap = true; + } + } + catch (Exception e) + { + logger.debug( + "Unable to determine authorization PDP plugin name.", e); + throw new RuntimeException( + "Unable to determine authorization PDP plugin name.", e); + } + } + + private AuthorizationHelper() { } + + public static boolean isAuthorizationGridmap() + { + logger.debug("Entering/Exiting isAuthorizationGridmap()"); + return AuthorizationHelper.authorizationGridmap; + } +}