Bugzilla – Bug 4474
globus-gridmap-and-execute problem with additional PDPs
Last modified: 2007-06-27 09:57:17
You need to
before you can comment on or make changes to this bug.
Multiple authorization PDPs may be specified in the security descriptor. If the
"gridmap" PDP is still listed as one of the active PDPs, then
globus-gridmap-and-execute should not be disabled.
What about this bug? target milestone was 4.0.3 but seems like still not fixed!
Actually, I'm not sure this makes sense for the 4.0.x series. I don't think the
4.0.x code allows more than one PDP. Rachana, can you confirm that for me? The
4.0.3 code definitely disables globus-gridmap-and-execute if the service's
security descriptor's authz attribute is not "gridmap".
I'm going to set the target milestone to 4.2 instead. If Rachana tells me I can
specify more than one PDP for the 4.0.x series, then I'll set it to 4.0.4.
4.0.3 came out sooner than expected because of some security patches that
needed to be distributed ASAP.
Ok, it is possible to the specify more than one. The value I'm checking is a
space-separated string of PDP names, so I need to simply parse that and check
for "gridmap" as one of the tokens. I'll doe this right now so it for sure
makes it into the next point release.
Would be great if a is provided as soon as possible. Thanks
(In reply to comment #4)
> Would be great if a is provided as soon as possible. Thanks
I mean a patch
Created an attachment (id=1074) [details]
Updated GRAM service jar.
Here's an updated jar file that contains the fix. Copy it over the
gram-service.jar file already in $GLOBUS_LOCATION/lib.
Here's the actual source patch:
2006-01-27 14:32:33.000000000 -0700
2006-10-06 10:46:05.000000000 -0600
@@ -46,14 +46,24 @@
logger.debug("getting authz PDP name");
- String authzPDPName = securityDescriptor.getAuthz();
+ String authz = securityDescriptor.getAuthz();
+ String authzPDPNames = null;
+ if (authz != null)
+ authzPDPNames = authz.split(" ");
- logger.debug("Detected authorization PDP plugin"
- +" \"" + authzPDPName + "\"");
+ for (int index=0; index<authzPDPNames.length; index++)
+ logger.debug("Detected authorization PDP plugin"
+ +" \"" + authzPDPNames[index] + "\".");
- if (authzPDPName.equals(GRIDMAP_AUTHZ_PDP_NAME))
- AuthorizationHelper.authorizationGridmap = true;
+ if (authzPDPNames[index].equals(GRIDMAP_AUTHZ_PDP_NAME))
+ logger.debug("Using gridmap authorization PDP
+ AuthorizationHelper.authorizationGridmap = true;
catch (Exception e)
Can you check if this patch was committed? If not, then should we commit it as
is in time for 4.0.4? Or do you recommend we wait until 4.0.5?
This patch has been committed to the 4.0 branch while ago.