11.4. Trying it out

We are now ready to give this secure service a try.

Compile and deploy

First of all, we'll need to build the service:

./globus-build-service.sh sec_first

Now, we have to deploy it. Remember that you have to do this from the globus account:

globus-deploy-gar $EXAMPLES_DIR/org_globus_examples_services_security_first.gar

Starting the container

At this point you might be thinking that we will now be running the container without the -nosec flag we've been using so far to "deactivate security". Well, you thought wrong! :-)

globus-start-container -nosec

At this point, we can clarify what the -nosec flag does. It only deactivates transport-level security, but not message-level security. So, we can still use GSI Secure Conversation and GSI Secure Message. The reason why we're not using transport-level security (yet) is because, as part of our test of this service, we will be using a tool included with the Globus Toolkit that can intercept the SOAP messages. However, this tool won't work if we use transport-level security, so you should use the -nosec flag if you want to participate in our little experiment. In the following chapters, on the other hand, you can use the -nosec flag at your discretion (unless otherwise noted).

Compiling the client

Let's compile the client:

javac \
-classpath ./build/stubs/classes/:$CLASSPATH \

Running the client

Before running the client, we will need to create a proxy certificate for our user account. We have to do this because the default behavior in the client-side is to use a proxy certificate for authentication. In the next chapter we will see how we can configure a client to use a specific set of credentials, instead of using a proxy certificate.

To create a proxy certificate, run the following from your user account:


You will see the following:

Your identity: /O=Globus/OU=GT4 Examples/CN=Globus 4 User
Enter GRID pass phrase for this identity:

The password you must enter is the one you entered when creating your user certificate (as described in the official installation guide). Once you've entered the password, you will see the following:

Creating proxy .......................................... Done
Your proxy is valid until: Sun Apr 24 04:28:26 2005

Globus proxy certificates expire by default in 12 hours. If you get a "proxy expired" or "no valid credentials found" error message later on, this probably means that your proxy certificate has expired. Simply create a new one using grid-proxy-init.

Now, run the client:

java \
-classpath ./build/stubs/classes/:$CLASSPATH \
org.globus.examples.clients.MathService_instance_4op.Client_GSISecConv_Encrypt \

If all goes well, you should see this in the client side:

Addition was successful
Subtraction was successful
Multiplication was successful
Division was successful
Current value: 20

And the following on the server side:

The caller is: /O=Globus/OU=GT4 Examples/CN=Globus 4 User

... other security information ...

Remember that the logSecurityInfo will also print out a lot of other information. Don't worry about that information right now. It will be explained later on.

Notice how the service has correctly authenticated the client, and prints out its distinguished name: /O=Globus/OU=GT4 Examples/CN=Globus 4 User.