Bootstrapping Without Security

From VCGR Wiki

Contents 1 Turning off Message Signing and Authentication 1.1 Edit the security.properties File 1.2 Edit the server-config.xml File 2 Turning off SSL 2.1 Edit the security.properties File 2.2 Edit the web-container.properties File 2.3 Edit the bootstrap-nosec.xml File 3 Bootstrapping the Net

Bootstrapping a new Genesis II net without security can be done in two separate phases. In the first, we configure Genesis II to not sign message and to ignore access control on resources. In the second phase, we can also indicate that we wish to use a regular http connection rather than an https connection. We highly discourage turning off SSL without turning off message signing and authentication as this will tend to expose delegate credential keys in plain text.

For all instructions contained on this page, $GENII refers to the location where you installed Genesis II.

Turning off Message Signing and Authentication

For the purposes of the directions in this section, assume that all files are located in $GENII/deployments/default/configuration.

Edit the security.properties File

• Change the property edu.virginia.vcgr.genii.client.security.message.min-config so that it's new value is NONE|WARN.

Edit the server-config.xml File

• Comment or remove the section under AUTHZ Provider Instances with the element that starts <mconf:instance name="gamlacl-authz-provider" type="edu.virginia.vcgr.genii.container.security.authz.providers.GamlAclAuthZProvider"> and replace it with the previously commented out section immediately following whose element starts with <mconf:instance name="gamlacl-authz-provider" type=edu.virginia.vcgr.genii.container.security.authz.providers.OpenAuthZProvider">

Turning off SSL

For the purposes of the directions in this section, assume that all files are located in $GENII/deployments/default/configuration.

Edit the security.properties File

• Comment out the last four properties
  • edu.virginia.vcgr.genii.container.security.ssl.key-store
  • edu.virginia.vcgr.genii.container.security.ssl.key-store-type
  • edu.virginia.vcgr.genii.container.security.ssl.key-password
  • edu.virginia.vcgr.genii.container.security.ssl.key-store-password

Edit the web-container.properties File

• Change the value of the property edu.virginia.vcgr.genii.container.listen-port.use-sll to false instead of true.

Edit the bootstrap-nosec.xml File

• Change the --protocol parameter inside the <geniix:create-rns-root> element from https to http.
• A few elements later, change the --service-url parameter inside the <geniix:ln> element from https://localhost:18080/axis/services/VCGRContainerPortType to http://localhost:18080/axis/services/VCGRContainerPortType.

Bootstrapping the Net

When you have configured Genesis II the way you like, you need to bootstrap a new net. You should always verify that when you bootstrap a new Genesis II net you have a clean state directory to start with. By default your state directory will be located in your user home directory (~ or $HOME on a linux box, and C:\Documents and Settings\<username> on Windows) and will be called .genesisII. Before bootstrapping a net, you should consider completely removing this state directory.

Start the Genesis II container with the runContainer script that comes with your installation. This will start up the container and after 10 seconds or so you will see a message printed out saying that the "Container Started".

Next, you need to run the bootstrap script using the grid command. Change directory into your Genesis II install and run the command grid script deployments/default/configuration/bootstrap-nosec.xml. This should run the bootstrap script with security turned off. When this script is finished running, you should have a running, insecure Genesis II Grid.