Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- Migrating from GT2
- Migrating from GT3
Reference
- PDF version
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces
- Resource Properties
- Samples
- Glossary
- Performance Studies
Common Runtime
Security
Data Mgt
Information Svcs
Execution Mgt
Table of Contents
The following provides available information about migrating from previous versions of the Globus Toolkit.
While the GT4 version of this component has similar features to the GT3 version, some of the configuration methodology has changed and some features have been enhanced. Refer to Section 3.1.4.5, “Configuring authorization mechanisms” for changes in configuration.
The Java WS Authorization Framework now uses the generic GT Java Authorization Framework, that eliminates dependency on web services components. . The changes that will be needed to the GT 4.1 code to work with the new code base:
Package name: PDP/PIP interfaces, attribute processing classes and configuration classes are now used from the generic authorization engine. Hence the authorization interfaces have changed from org.globus.wsrf.security.authorization to org.globus.security.authorization. The following classes have changed:
Attribute
AttributeCollection
AttributeException
AttributeIdentifier
AuthorizationConfig
AuthorizationDeniedException
AuthorizationEngineSpi
AuthorizationException
BootstrapPIP
ChainConfig
CloseException
Decision
EntityAttributes
IdentityAttributeCollection
InitializeException
Interceptor
InterceptorConfig
InterceptorException
PDP
PIP
RequestAttributes class: This class has been renamed as RequestEntities with no functionality change
PIPResponse class: This class has been renamed as NonRequestEntities. Functionality from the older class has been preserved, with additional methods to merge attributes to this structure has been added.
PIP Interface change: The new PIP interface is as follows:
public NonRequestEntities collectAttributes(RequestEntities requestAttr) throws AttributeException;MessageContexthas been removed from the interface. Refer to item (7) on information on retrieving message context.This interface does not extend from Interceptor interface. But PIPInterceptor interface is equivalent to the previous version of the PIP interface, with collect attributes method and interceptor interface methods.
PDP Interface change: The new PDP interface is as follows:
public Decision canAccess(RequestEntities requestEntities, NonRequestEntities nonReqEntities) throws AuthorizationException; public Decision canAdminister(RequestEntities requestEntities, NonRequestEntities nonReqEntities) throws AuthorizationException;NonRequestAttributes class encompasses the three List objects for non-request subject, resource and action.
The RequestAttributes class is replaced by RequestEntities class as is.
MessageContexthas been removed from the interface. Refer to item (7) on information on retrieving message context.This interface does not extend from Interceptor interface. But PDPInterceptor interface is equivalent to the previous version of the PDP interface, with collect attributes method and interceptor interface methods.
Providers package: The providers that were a part of the authorization package are now a part of the generic interface. So the FirstApplicable and PermitOverride combinging algorithm interface, in addition to the AbstractEngine class are now a part of the new package, org.globus.security.authorization.providers.
Message Context: ContainerPIP, the default PIP that is used by the GT framework to initialize request context, adds the message context assiciated wiht the request as an environment attribute with null issuer. To extract the message context, the following code snippet can be used:
RequestEntities reqEntities; org.apache.axis.MessageContext msgCtx = AttributeUtil.getMessageContext(reqEntities.getEnvironment(), null);