NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Old Version 27

changes.mady.by.user Unknown User (parnellt)

Saved on

compared with

New Version 28

changes.mady.by.user Unknown User (parnellt)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Add CommonsGridLoginModule to JAAS login module (security-config.xml)
    • (warning) requires nci-commons-core version 1.2.4 or greater see http://maven.5amsolutions.com/archiva/browse/com.fiveamsolutions/nci-commons-core
    • (warning) requires jbosssx.jar as runtime dependency to handle decryption of encrypted pre-shared key within CommonsGridLoginModule class. Typically included with JBoss by default, please verify.
      Code Block
      xml
      xml
      titleAdd to JAAS Login Module (security-config.xml)
      <login-module code="com.fiveamsolutions.nci.commons.authentication.CommonsGridLoginModule" flag="optional">
    <module-option name="gridServicePrincipal">${gridServicePrincipal}</module-option>
    <module-option name="gridServiceCredential">${gridServiceCredential}</module-option>
    <module-option name="gridServicePrincipalSeparator">||</module-option>
</login-module>
    • Define gridServicePrincipal & gridServiceCredential properties within appropriate properties file so that the login module configuration file is properly configured as a part of the build and deployment process for your application
      Code Block
      xml
      xml
      titleExample snippet to add Maven2 properties
              <gridServicePrincipal>Gr1DU5er</gridServicePrincipal>
        <gridServiceCredential>ltHZmZ1rqYq8j2uyHEABIQ==</gridServiceCredential>
      (info) The unencrypted value for ltHZmZ1rqYq8j2uyHEABIQ== is Pa44Wurd
  2. Introduce a new grid service instance CSM Group
    (warning) Update the application name 'po' to your application's name
    Code Block
    sql
    sql
    titleSample SQL for Postgres to define a new CSM Group
    INSERT INTO CSM_GROUP (GROUP_NAME, GROUP_DESC, APPLICATION_ID) 
VALUES ('gridClient', 'Grid Service Invocation Group', (select application_id from csm_application where application_name = 'po'));
  3. Update @Remote EJBs endpoints to allow the new CSM Group using the @RolesAllowed annotation
    Code Block
    java
    java
    titleExample with only grid access
    @RolesAllowed("gridClient")
public void myRemoteEndpointMethod() { ... }
    Code Block
    java
    java
    titleExample granting both grid and web clients access
    @RolesAllowed({"webClient","gridClient"})
public void myRemoteEndpointMethod() { ... }

...