Page History
...
Excerpt |
---|
To provide a lightweight guide for other CBIIT applications (eg, caArray) to secure their own grid services. |
Technical Details
Overview of Grid Security Workflow
...
No Format |
---|
1. Client request sent |
...
2. Grid User's proxy is obtained from the default location on the file system and verified. |
...
3. PersonImpl getById is invoked, calling InvokePersonEJB |
...
4. InvokePersonEJB obtains the caller identity from the proxy and instantiates a GridJNDIServiceLocator |
...
5. GridJNDIServiceLocator obtains default Grid Service credentials from service.properties via CoreServicesConfiguration and creates the InitialContext. |
...
6. CoreServicesConfiguration reads the property file |
...
7. InvokePersonEJB calls the getPerson method via the po/PersonEntityServiceBean/remote. |
...
8. AuthorizationInterceptor is invoked |
...
9. LoginContext, configured by security-config.xml, starts authenticationa and authorization |
...
10. GridLoginModule is invoked. Details provided above. |
...
11. GridLoginModule obtains the expected principal/encrypted password from GridServiceAuth.properties |
...
12. DatabaseServerLoginModule verifies login success |
...
13. DatabaseServerLoginModule queries podb CSM tables to obtain the Roles associated with our Grid ("gridClient" is expected) |
...
14. Role is set in Login sharedState |
...
15. PersonEntityServiceBean verifies required "client or gridClient" role is present and queries the DB to obtain the person record. |
...
16-18. Person data is returned to the Grid User. |
Download a PDF version of the diagram COPPASecurity.pdf
Assumptions
- JBoss 4.0.5
- JAAS
- Remote EJBs for business application integration
- caGrid 1.3
- Using BDA for JBoss container configuration of secure services
- Using Common Security Module (CSM)
...