To provide a lightweight guide for other CBIIT applications (eg, caArray) can secure their own grid services.
nci-commons-core
version 1.2.4 or greater see http://maven.5amsolutions.com/archiva/browse/com.fiveamsolutions/nci-commons-corejbosssx.jar
as dependency to handle encryption of pre-shared key
<login-module code="com.fiveamsolutions.nci.commons.authentication.CommonsGridLoginModule" flag="optional"> <module-option name="gridServicePrincipal">${gridServicePrincipal}</module-option> <module-option name="gridServiceCredential">${gridServiceCredential}</module-option> <module-option name="gridServicePrincipalSeparator">||</module-option> </login-module> |
<gridServicePrincipal>Gr1DU5er</gridServicePrincipal> <gridServiceCredential>ltHZmZ1rqYq8j2uyHEABIQ==</gridServiceCredential> |
'po'
to your application's name
INSERT INTO CSM_GROUP (GROUP_NAME, GROUP_DESC, APPLICATION_ID) VALUES ('gridClient', 'Grid Service Invocation Group', (select application_id from csm_application where application_name = 'po')); |
Key |
Default Value |
Description |
---|---|---|
gridServicePrincipalSeparator |
|| |
The separator used to encord the gridServicePrincipal and grid user's identity when Using the com.fiveamsolutions.nci.commons.authentication.CommonsGridLoginModule |
GridSecurityJNDIServiceLocator
class to authenticate using both the Grid User's Identity (eg, /O=caBIG/OU=caGrid/OU=Training/OU=Dorian/CN=coppagridtest
instead of a typical remote service user. In short, you'll base your implementation off of your existing Locator (eg, JNDIServiceLocator
) and replace existing occurrences with the new GridSecurityJNDIServiceLocator