Student Exercises: Build a Service Using GT4

This is the Unix version of the student notes. If you are using Windows, you should use the Windows version of the notes.

Document Style Conventions

Tutorial TOC

Chapter 1: Deploy a Service

File modified:

1.1 Untar the gt install tarball in the GT window:

$ mkdir /tmp/tutorial
$ cd /tmp/tutorial
$ tar xzf gt-install.tar.gz

1.2 Set environment variables in the GT window:

$ cd gt-install
$ export GLOBUS_LOCATION=$PWD
$ echo $GLOBUS_LOCATION
/tmp/tutorial/gt-install

1.3 Untar the tutorial tarball in the Exercise window:

This installer contains demonstration code that has been written for today's tutorial.

$ cd /tmp/tutorial
$ tar xzf exercise-install.tar.gz
$ cd exercise-install/stickynote/source

1.4 Set environment variables in the Exercise window:

$ export GLOBUS_LOCATION=[use the value that was echoed earlier in the GT window, not $PWD]

1.5 Build and deploy the tutorial code in the Exercise window:

$ ant deploy
Buildfile: build.xml

init:

bindings:

[... many more build messages...]

BUILD SUCCESSFUL
Total time: 27 seconds

1.6 Verify that the show-note client built successfully by checking that it exists:

$ ls $GLOBUS_LOCATION/bin/show-note
/tmp/tutorial/gt-install/bin/show-note

If you get an error, see the Chapter 1 troubleshooting section.

1.7 Start a web service container without security in the GT window:

$ bin/globus-start-container -nosec
Starting SOAP server at: http://192.168.123.100:8080/wsrf/services/
With the following services:

[1]: http://192.168.123.100:8080/wsrf/services/InMemoryServiceGroupEntry
[2]: http://192.168.123.100:8080/wsrf/services/TriggerFactoryService
[3]: http://192.168.123.100:8080/wsrf/services/IndexFactoryService
[4]: http://192.168.123.100:8080/wsrf/services/Version
[5]: http://192.168.123.100:8080/wsrf/services/IndexService
[6]: http://192.168.123.100:8080/wsrf/services/NotificationConsumerService
[7]: http://192.168.123.100:8080/wsrf/services/DefaultTriggerServiceEntry
[8]: http://192.168.123.100:8080/wsrf/services/TriggerServiceEntry
[9]: http://192.168.123.100:8080/wsrf/services/IndexServiceEntry
[10]: http://192.168.123.100:8080/wsrf/services/StickyNoteService
[11]: http://192.168.123.100:8080/wsrf/services/AdminService
[12]: http://192.168.123.100:8080/wsrf/services/DefaultIndexService
[13]: http://192.168.123.100:8080/wsrf/services/DefaultIndexServiceEntry
[14]: http://192.168.123.100:8080/wsrf/services/DefaultTriggerService
[15]: http://192.168.123.100:8080/wsrf/services/ShutdownService
[16]: http://192.168.123.100:8080/wsrf/services/ContainerRegistryService
[17]: http://192.168.123.100:8080/wsrf/services/TriggerService
[18]: http://192.168.123.100:8080/wsrf/services/gsi/AuthenticationService
[19]: http://192.168.123.100:8080/wsrf/services/InMemoryServiceGroupFactory
[20]: http://192.168.123.100:8080/wsrf/services/InMemoryServiceGroup
[21]: http://192.168.123.100:8080/wsrf/services/ContainerRegistryEntryService
[22]: http://192.168.123.100:8080/wsrf/services/SubscriptionManagerService

Control will not return to the prompt. This container will stay running until you exit it with Control-C.

1.8 In the Exercise window, run the show-note client against your StickyNote service:

$ $GLOBUS_LOCATION/bin/show-note -s http://localhost:8080/wsrf/services/StickyNoteService
<ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">hello.</ns1:message>

In the GT window, you should see a message appear like the following:

2005-01-24 12:48:54,668 INFO stickynote.SingleNoteHome [Thread-2,findSingleton:29] Creating a single StickyNote.

This is just a debugging message printed by your service. See if you can find where in the code this message came from.

1.9 Write a single word (no embedded spaces) on the note from the Exercise window:

$ $GLOBUS_LOCATION/bin/write-note -s http://localhost:8080/wsrf/services/StickyNoteService cheese
Message written.

$ $GLOBUS_LOCATION/bin/show-note -s http://localhost:8080/wsrf/services/StickyNoteService
<ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">cheese</ns1:message>

Troubleshooting for exercise 1:

Chapter 2: Create Resources

2.1 Modify files:

Take care not to edit the files in the build/ subdirectory, as files in the build/ tree are overwritten by the "ant deploy" command. You should run ant clean first to make sure the temporary build files are cleaned up. Also, make sure you are editing the files in the TUTORIAL location, not in the GLOBUS_LOCATION.

If you are not familiar with commenting out XML or WSDL, the comment characters are <!-- and -->. For instance:

This is not commented out
<!-- This line is commented out -->
<!--
These lines
are both commented out
-->

You must modify 4 files in order to successfully complete this exercise. All modifications you need to make to source files today begin with a comment tag of "EXERCISE n: <type of modification needed>" and end with "END OF EXERCISE n <type of modification>". Some files contain more than one set of changes to be made for a given file. The 4 files to modify are:

schema/tutorial/stickynote_port_type.wsdl:
Add the create operation definition, and associated message and types. There are a total of three sections to uncomment.

src/org/globus/tutorial/stickynote/StickyNoteService.java:
Implement the create operation. There is one section to uncomment.

src/org/globus/tutorial/stickynote/client/CreateNote.java:
Write the client for the create operation. There is one section to uncomment.

deploy-jndi-config.xml:
Change the ResourceHome to support multiple resources. There is one section to comment out, and one section to uncomment.

2.2 Clean, rebuild and redeploy the tutorial code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

2.3 Kill and restart the web service container in the GT window:

$ [ctrl-c]
$ bin/globus-start-container -nosec

2.4 Create a new note from the exercise window using the new create-note client:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note--1947556620.epr
$ $GLOBUS_LOCATION/bin/show-note -e note--1947556620.epr
<ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">hello.</ns1:message>

Note that your filename will be different than the one shown. Also notice that the message displayed by the container has changed from a SingleNoteHome to the ManyNoteHome:

2005-01-24 13:31:02,139 INFO stickynote.ManyNoteHome [Thread-2,create:52] Creating a new StickyNote.

2.5 Create multiple notes:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note--18887662.epr

Write different messages on each note, verifying that they keep independent messages:

$ $GLOBUS_LOCATION/bin/write-note -e note--18887662.epr haggis
Message written.
$ $GLOBUS_LOCATION/bin/write-note -e note--1947556620.epr lutefisk
Message written.
$ $GLOBUS_LOCATION/bin/show-note -e note--1947556620.epr
<ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">lutefisk</ns1:message>
$ $GLOBUS_LOCATION/bin/show-note -e note--18887662.epr
<ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">haggis</ns1:message>

Troubleshooting for exercise 2:

Chapter 3: Destroy Resources

3.1 Modify files:

schema/tutorial/stickynote_port_type.wsdl:
Add a Destroy operation

deploy-server.wsdd:
Add the DestroyProvider operation provider

3.2 Clean, rebuild and redeploy the StickyNote code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

3.3 Kill and restart the web service container in the GT window:

$ [ctrl-c]
$ bin/globus-start-container -nosec

3.4 From the Exercise window, create a new note:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note--1107777.epr

3.5 Inspect the EPR to see what it looks like:

$ cat note--1107777.epr
<StickyNoteEndpoint xsi:type="ns1:EndpointReferenceType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns1="http://schemas.xmlsoap.org/ws/2004/03/addressing">
<ns1:Address xsi:type="ns1:AttributedURI">http://192.168.123.106:8080/wsrf/services/StickyNoteService</ns1:Address>
<ns1:ReferenceProperties xsi:type="ns1:ReferencePropertiesType">
<ns1:NoteKey xmlns:ns1="http://sticky.com">233427</ns1:NoteKey>
</ns1:ReferenceProperties>
<ns1:ReferenceParameters xsi:type="ns1:ReferenceParametersType"/>
<StickyNoteEndpoint/>

3.6 Now destroy the note Resource using its EPR:

$ $GLOBUS_LOCATION/bin/wsrf-destroy -e note-1107777.epr
Destroy operation was successful

Note that wsrf-destroy is a command-line client tool distributed with the Globus Toolkit -- it is not demonstration code.

3.7 Attempt to show the destroyed note:

Execute this command from the Exercise window.

$ $GLOBUS_LOCATION/bin/show-note -e note-1107777.epr
Error: org.oasis.wsrf.properties.ResourceUnknownFaultType

An "unknown resource" fault will be triggered if you've completed this exercise correctly.

WSRF and WSN provide a set of standard faults (WS-BaseFaults) that are derived from a well-defined structure for expressing error conditions. The faults returned by the StickyNote service are from the set of standard faults. We recommend that service developers who wish to define custom faults for their services derive from the BaseFault structure.

Troubleshooting for exercise 3:

Chapter 4: Add a Resource Property

4.1 Modify files:

schema/tutorial/stickynote_port_type.wsdl:
Add the definition of the lastModified RP type and add QueryResourceProperties operation

src/org/globus/tutorial/stickynote/client/ShowNote.java:
Have the show-note client report the lastModified time

src/org/globus/tutorial/stickynote/StickyNote.java:
Implement the lastModified behavior

src/org/globus/tutorial/stickynote/StickyNoteConstants.java:
Uncomment the definition of the constant

4.2 Clean, rebuild and redeploy the StickyNote code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

4.3 Kill and restart the web service container in the GT window:

$ [ctrl-c]
$ bin/globus-start-container -nosec

4.4 From the Exercise window, create a new sticky note and inspect its timestamp:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note--1947456611.epr
$ $GLOBUS_LOCATION/bin/show-note -e note--1947456611.epr
<ns1:StickyNoteResourceProperties xmlns:ns1="http://tutorial.globus.org/stickynote">
<ns1:lastModified>2005-01-06T18:14:29.153Z</ns1:lastModified>
<ns1:message>hello.</ns1:message>
</ns1:StickyNoteResourceProperties>

4.5 Modify the value of the sticky note, then verify that the timestamp was updated:

$ $GLOBUS_LOCATION/bin/write-note -e note--1947456611.epr spider
Message written.
$ $GLOBUS_LOCATION/bin/show-note -e note--1947456611.epr
<ns1:StickyNoteResourceProperties xmlns:ns1="http://tutorial.globus.org/stickynote">
<ns1:lastModified>2005-01-06T18:24:39.153Z</ns1:lastModified>
<ns1:message>spider</ns1:message>
</ns1:StickyNoteResourceProperties>

You should see that the timestamp has updated since the note was created.

Troubleshooting for exercise 4:

Chapter 5: Register with a Local Index

5.1 Modify files:

src/org/globus/tutorial/stickynote/ManyNoteHome.java:
Override the add/remove methods to perform registration

5.2 Clean, rebuild and redeploy the StickyNote code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

5.3 Kill and restart the web service container in the GT window:

$ [ctrl-c]
$ bin/globus-start-container -nosec

5.4 From the Exercise window, create a sticky note:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note-8469523889.epr

5.5 Query the local index to view its contents:

$ $GLOBUS_LOCATION/bin/wsrf-query -s http://localhost:8080/wsrf/services/DefaultIndexService '/*'
[... lots of output ...]
<ns1:MemberServiceEPR>
<ns8:Address xmlns:ns8="http://schemas.xmlsoap.org/ws/2004/03/addressing">http://192.168.123.106:8080/wsrf/services/StickyNoteService</ns8:Address>
<ns9:ReferenceProperties xmlns:ns9="http://schemas.xmlsoap.org/ws/2004/03/addressing">
<ns1:NoteKey xmlns:ns1="http://sticky.com">5550702</ns1:NoteKey>
</ns9:ReferenceProperties>
<ns10:ReferenceParameters xmlns:ns10="http://schemas.xmlsoap.org/ws/2004/03/addressing"/>
</ns1:MemberServiceEPR>
[... more output ...]

Note that wsrf-query is a standard command-line client tool distributed with the Globus Toolkit.

5.6 Verify that the NoteKey value in the above output matches the NoteKey value in your EPR:

$ grep NoteKey note-8469523889.epr
<ns1:NoteKey xmlns:ns1="http://sticky.com">5550702</ns1:NoteKey>

Notice that the value 5550702 matches the value in the index entry above.

Chapter 6: Register with a Community Index

6.1 Modify files:

$GLOBUS_LOCATION/etc/globus_wsrf_mds_index/hierarchy.xml:
Replace the "<upstream>" parameter with a value to be supplied by the instructors. Do not uncomment or otherwise touch the "<downstream>" parameter.

6.2 Kill and restart the web service container in the GT window (rebuild not needed):

$ [ctrl-c]
$ bin/globus-start-container -nosec

6.3 From the Exercise window, create a sticky note:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note--269523889.epr

At this point, students should begin to see fish entering the central tank. Each fish in the tank represents a student sticky resource that has successfully registered with the community index. The text on the side of the fish corresponds to the message in the sticky note; the IP address on the side of the fish corresponds to the IP address of the student's host.

6.4 The community index can be inspected manually:

$ $GLOBUS_LOCATION/bin/wsrf-query -s http://129.215.30.251:8080/wsrf/services/DefaultIndexService '/*'
[... lots of output ...]
<ns1:MemberServiceEPR>
<ns8:Address xmlns:ns8="http://schemas.xmlsoap.org/ws/2004/03/addressing">http://192.168.123.106:8080/wsrf/services/StickyNoteService</ns8:Address>
<ns9:ReferenceProperties xmlns:ns9="http://schemas.xmlsoap.org/ws/2004/03/addressing">
<ns1:NoteKey xmlns:ns1="http://sticky.com">8640702</ns1:NoteKey>
</ns9:ReferenceProperties>
<ns10:ReferenceParameters xmlns:ns10="http://schemas.xmlsoap.org/ws/2004/03/addressing"/>
</ns1:MemberServiceEPR>
[... more output ...]

6.5 Verify that the NoteKey in the community index matches the NoteKey in your EPR:

$ grep NoteKey note--269523889.epr
<ns1:NoteKey xmlns:ns1="http://sticky.com">8640702</ns1:NoteKey>

Notice that the value 8640702 matches the value in the index entry above.

6.6 View the contents of the community index using WebMDS (optional)

If the instructors are not too busy solving problems, a browser-based viewer for the community index will be made available.

WebMDS is a servlet distributed with GT4 that can be used to display the content of GT4 indexes. The view of the data can be refreshed by hitting the reload button on your browser.

6.7 When you destroy a sticky resource, its entry will eventually be removed from the community index:

$ $GLOBUS_LOCATION/bin/wsrf-destroy -e note--269523889.epr
Destroy operation was successful

Chapter 7: Lease-based Lifetime

7.1 Modify files:

schema/tutorial/stickynote_port_type.wsdl:
Add a SetTerminationTime operation

src/org/globus/tutorial/stickynote/StickyNote.java:
Add the ResourceLifetime property to control termination time

deploy-server.wsdd:
Add the SetTerminationTimeProvider

7.2 Clean, rebuild and redeploy the StickyNote code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

7.3 Kill and restart the web service container in the GT window:

$ [ctrl-c]
$ bin/globus-start-container -nosec

7.4 From the Exercise window, create a sticky note:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note--1234.epr

7.5 Check the termination time of the sticky note:

$ $GLOBUS_LOCATION/bin/show-note -e note--1234.epr
<ns1:StickyNoteResourceProperties xmlns:ns1="http://tutorial.globus.org/stickynote" xmlns:ns2="http://docs.oasis-open.org/wsrf/2004/06/wsrf-WS-ResourceLifetime-1.2-draft-01.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns1:lastModified>2005-01-24T22:45:33.053Z</ns1:lastModified>
<ns1:CurrentTime xmlns:ns1="http://docs.oasis-open.org/wsrf/2004/06/wsrf-WS-ResourceLifetime-1.2-draft-01.xsd">2005-01-24T22:46:10.503Z</ns1:CurrentTime>
<ns1:TerminationTime xsi:nil="true" xmlns:ns1="http://docs.oasis-open.org/wsrf/2004/06/wsrf-WS-ResourceLifetime-1.2-draft-01.xsd"/>
<ns1:message>hello.</ns1:message>
</ns1:StickyNoteResourceProperties>

Observe that the terminationTime resource property is set to nil - this means that the newly created note has no termination time (and so will not be automatically destroyed). This means that this note will behave like the notes created in previous exercises.

7.5 Set the termination time of the sticky note:

$ $GLOBUS_LOCATION/bin/wsrf-set-termination-time -e note--1234.epr 100
requested: Mon Jan 24 16:50:14 CST 2005
scheduled: Mon Jan 24 16:50:14 CST 2005

This will set the termination time of the resource to 100 seconds in the future.

Now wait a few minutes, using 'show-note' every minute or so and observe the current time approach and pass beyond the termination time. Eventually, the resource will be destroyed automatically and you will get the following error:

$ $GLOBUS_LOCATION/bin/show-note -e note--1234.epr
Error: org.oasis.wsrf.properties.ResourceUnknownFaultType

This indicates that the Sticky Note resource no longer exists, and has been destroyed automatically.

Chapter 8: Resource as Notification Producer

8.1 Modify files:

schema/tutorial/stickynote_port_type.wsdl:
Add Subscribe operation

src/org/globus/tutorial/stickynote/StickyNote.java:
Add TopicList code

deploy-server.wsdd:
Add the SubscribeProvider

etc/post-deploy.xml:
Uncomment watch-note launch script generation

8.2 Clean, rebuild and redeploy the StickyNote code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

8.3 Kill and restart the web service container in the GT window:

$ [ctrl-c]
$ bin/globus-start-container -nosec

8.4 From the Exercise window, create a sticky note:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note--27772.epr

8.5 Create a third window for watching the sticky note:

$ cd /tmp/tutorial/exercise-install/stickynote/source
$ export GLOBUS_LOCATION=[your GL here]

Ensure that JAVA_HOME and GLOBUS_LOCATION are correctly set in the new window.

8.5 Launch the sticky note watcher:

$ $GLOBUS_LOCATION/bin/watch-note -e note---27772.epr
Waiting for notification. Ctrl-C to end.

Control will not return to the prompt. The container hosting the watch client will stay running until you exit with Control-C.

8.6 Modify the value of the sticky note:

$ $GLOBUS_LOCATION/bin/write-note -e note---27772.epr coconut
Message written.

You have successfully completed this chapter when watch-note shows the new value of the note.

You can write to the note some more times, and watch-note will display the updated value each time.

8.7 Kill the watch-note container:

$ [ctrl-c]
$

We will not use the third command window again.

Chapter 9: Find a Resource

9.1 Modify files:

etc/post-deploy.xml:
Uncomment search-note launch script generation

9.2 Clean, rebuild and redeploy the StickyNote code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

9.3 Kill and restart the web service container in the GT window:

$ [ctrl-c]
$ bin/globus-start-container -nosec

9.4 From the Exercise window, create a sticky note and write your name on it:

$ $GLOBUS_LOCATION/bin/create-note -s http://localhost:8080/wsrf/services/StickyNoteService
new note created...
EPR written to file: note--121358.epr
$ $GLOBUS_LOCATION/bin/write-note -e note--121358.epr VelvetCapezzuto
Message written.

9.5 Find a note from the local index based on content:

$ $GLOBUS_LOCATION/bin/search-note -s http://localhost:8080/wsrf/services/DefaultIndexService VelvetCapezzuto
Note 0: <ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">VelvetCapezzuto</ns1:message>

9.6 Find a note from the community index based on content:

$ $GLOBUS_LOCATION/bin/search-note -s http://129.215.30.251:8080/wsrf/services/DefaultIndexService VelvetCapezzuto
Note 0: <ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">VelvetCapezzuto</ns1:message>

Note that you are finding these notes without referring to a specific location. There is no need for you to know the EPR!

Chapter 10: Service-Level Security

10.1 Modify files:

deploy-server.wsdd:
Add securityDescriptor parameter

etc/grid-mapfile:
Add your certificate subject. Details later. Leave alone for now.

etc/security-config.xml:
No modification needed

10.2 Clean, rebuild and redeploy the StickyNote code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

10.3 In the GT window, get a certificate and create a proxy.

$ bin/grid-cert-request -caEmail false
A certificate request and private key will be created.
You will be asked to enter a PEM pass phrase.
This pass phrase is akin to your account password,
and is used to protect your key file.
If you forget your pass phrase, you will need to
obtain a new certificate.

Enter PEM pass phrase: asdf
Verifying password - Enter PEM pass phrase: asdf
Generating a 1024 bit RSA private key
A private key and a certificate request has been generated with the subject:

/O=Grid/CN=bacon

The private key is stored in /home/bacon/.globus/userkey.pem
The request is stored in /home/bacon/.globus/usercert_request.pem

Upload the generated request file to http://gcs.globus.org:8080/gcs/usercert.html. Choose to download the resulting file to the same directory where the userkey.pem is saved. Now create a proxy from your new certificate:

$ bin/grid-proxy-init -globus
Your identity: /C=US/O=Globus Alliance/OU=User/CN=101ca1dcd9b.8029cef5
Enter GRID pass phrase for this identity:
Creating proxy ................................. Done
Proxy verify OK
Your proxy is valid until Tue Feb 01 03:40:22 CST 2005

Copy the value following "Your identity:" into the file $GLOBUS_LOCATION/etc/globus_tutorial_stickynote/grid-mapfile
The identity should be in quotes and followed by your username. For example:

"/C=US/O=Globus Alliance/OU=User/CN=101497d3dcd.3dcd5aef" ranantha
"/C=US/O=Globus Alliance/OU=User/CN=10187397229.feeb1182" lcc
"/C=US/O=Globus Alliance/OU=User/CN=101ca1dcd9b.8029cef5" bacon

10.4 Start a web service container with security in the GT window:

$ bin/globus-start-container
[... more container output ...]
[47]: https://140.221.57.104:8443/wsrf/services/ManagedJobFactoryService
[48]: https://140.221.57.104:8443/wsrf/services/TestServiceRequest

10.5 From the Exercise window, run the client:

$ $GLOBUS_LOCATION/bin/create-note -s https://localhost:8443/wsrf/services/StickyNoteService -z none
new note created...
EPR written to file: note-672627063.epr
$ $GLOBUS_LOCATION/bin/create-note -s https://localhost:8443/wsrf/services/StickyNoteService -z self
new note created...
EPR written to file: note--807655197.epr

Notice two things. First of all, because we started the container with security, the URLs start with "https://" instead of "http://". Secondly, because our client derives from the base client, we have a -z option that lets us specify what kind of authorization the client will attempt to perform.

10.6 Now that we have created a note, only those in the grid-mapfile can edit it:

$ $GLOBUS_LOCATION/bin/write-note -e note--807655197.epr -z none cheese
Message written.
$ $GLOBUS_LOCATION/bin/show-note -e note--807655197.epr -z none
<ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">cheese</ns1:message>

10.7 Any user, including an anonymous user can read the note.

$GLOBUS_LOCATION/bin/show-note -e note--1785350628.epr -z none -a
<ns1:StickyNoteResourceProperties xmlns:ns1="http://tutorial.globus.org/stickynote"><ns1:lastModified>2005-01-10T22:02:26.564Z</ns1:lastModified><ns1:message>cheese</ns1:message></ns1:StickyNoteResourceProperties>

The -a option sets up the client invocation to be anonymous. Note that the anonymous user cannot create a new note, because that requires gridmap authorization.

Troubleshooting for exercise 10

Chapter 11 (Optional): Resource-Level Security

Security configuration can be done at the resource level and it takes precedence over service level settings. But unlike service security setting, programmatic altering of a resource is required to secure a resource. The resource needs to implement the org.globus.wsrf.security.SecureResource interface.

In the previous exercise every user in the service level gridmap was able to write to all notes. In this exercise, resource security is used to restrict write access to only the creator of the sticky note. This is done by creating a resource level gridmap at the time of resource creation and populating it with the identity of the creator.

11.1 Modify files:

src/org/globus/tutorial/stickynote/StickyNote.java:
Add resource security descriptor that sets up a grid-map file with only the identity of the client creating the note

11.2 Clean, rebuild and redeploy the StickyNote code:

Execute these commands from the /tmp/tutorial/stickynote/source/ directory of the Exercise window.

$ ant clean
$ ant deploy

11.3 Start a web service container with security in the GT window:

$ bin/globus-start-container
[... more container output ...]
[47]: https://140.221.57.104:8443/wsrf/services/ManagedJobFactoryService
[48]: https://140.221.57.104:8443/wsrf/services/TestServiceRequest

11.4 From the Exercise window, run the client:

$ $GLOBUS_LOCATION/bin/create-note -s https://localhost:8443/wsrf/services/StickyNoteService -z none
new note created...
EPR written to file: note-672627063.epr
$ $GLOBUS_LOCATION/bin/create-note -s https://localhost:8443/wsrf/services/StickyNoteService -z self
new note created...
EPR written to file: note--807655197.epr

11.5 Now only the creator of the note has permission to edit it:

$ $GLOBUS_LOCATION/bin/write-note -e note--807655197.epr -z none cheese
Message written.
$ $GLOBUS_LOCATION/bin/show-note -e note--807655197.epr -z none
<ns1:message xmlns:ns1="http://tutorial.globus.org/stickynote">cheese</ns1:message>

11.6 Any user, including an anonymous user can read the note:

$GLOBUS_LOCATION/bin/show-note -e note--1785350628.epr -z none -a
<ns1:StickyNoteResourceProperties xmlns:ns1="http://tutorial.globus.org/stickynote"><ns1:lastModified>2005-01-10T22:02:26.564Z</ns1:lastModified><ns1:message>cheese</ns1:message></ns1:StickyNoteResourceProperties>

The -a option sets up the client invocation to be anonymous.

This concludes the hands-on portion of the Build a Service Tutorial Using GT4.