GSS is a general server application for providing several types of services with several types of interfaces.
You can authorize the interface with a service. You can authorize a service with another service.
Installing GSS Server
- Download and extract GSS Server archive file.
- Enter bin directory and execute the appropriate file to start running
- gss-server.bat ..\conf\gss-server.xml
- gss-server ../conf/gss-server.xml
GSS Server requires an XML file for configuration. The default configuration file is: <GSS_SERVER_HOME>/conf/gss-server.xml.
You can get the complete XML schema at: http://ilerian.com/documentation/gss_configuration/gss.html
For example, we have a perl script for creating an email address under a domain for our hosting company. Our script works as below:
hosting_operations.pl <operation_ID> <operation_param1> <operation_param2> ....
For creating email address:
hosting_operations.pl create_email -domain=<domain_name> -email=<email_address> -quota=<quota> -password=<password>
Let's introduce a service for this facility.
Let's define an HTTP interface for our GSS Server.
It binds on host localhost and 1655 port. The authorization of this interface is performed through authHttpUserPass authorization policy. This will be explained on the next section.
You can setup more than one interface type.
Mastering The Basics
All authorization policies are defined in <security> element of the configuration file.
An authorization policy is a connector that gets the parameters from the request and maps to a specified service for authorization. In other words, it executes an already defined service for authorization and use some of the request parameters for input.
An interface or a service can use a defined authorization policy for usage restriction. It is optional to use authorization policies for interfaces and services.
Interface authorization is used for preventing unwanted access on GSS server. GSS provides authorization for your each interface separately.
You can control authorization of an interface by referencing the name of an already defined authorization policy on interface definition.
The username and password attributes of the client request are used for Interface authorization.
GSS provides authorization for your each service separately.
<executableService name="createEmailAddress" authorizationName="authDomainOwnerCheck"
executable="hosting_operations.pl" parameterSeparator=" ">
You can control authorization of a service by referencing the name of an already defined authorization policy on service definition.
The request parameters received for the service are also used for authorization process.
Request for Executable Service
The complete xml schema for request XML is at : http://ilerian.com/documentation/request/request.html
This request runs hosting_operations.pl on the server machine with the following parameters:
The response will include the output of the executable:
The username and password attributes on the request are for interface authorization only.
For the configuration above,
- GSS Server checks the interface authorization by sending the username and password values to checkHttpUserPassService
- For createEmailAddress job, GSS server checks the service authorization by sending the domainName and emailAddress values to emailOwnerAuthorization
- GSS Server sends the job parameters (emailAddress....) to createEmailAddress service.
- As createEmailAddress is an executable service, GSS Server runs "/var/server.pl create_email reseller_id realdomain.com email@example.com 7887" and returns the output to the client.