Table of Contents
The GT development team is pleased to make its newest major release available for download.
Highlights of this release include:
- Persistent HTTP/S connection support in Java WS Core
- Dynamic deployment support in Java WS Core
- JBOSS 4.0.x support in Java WS Core
- An implementation of WS-ServiceGroup added to C WS Core
- C command-line tools for WSRF operations
- Support for GetResourceProperties and QueryResourceProperties in the Delegation Service
- Added support for the OGSA-AuthZ Authorization Service to CAS
- Server-side attribute-based authorization framework enhancements
- Support for a pluggable Policy Decision Point (PDP) designed to minimize common authorization errors
- Enhanced security descriptor framework
- A Web service interface for the Replica Location Service (RLS)
- Improved support for multiple TriggerRules in the Trigger Service
- Improved configuration interface for the Trigger Service
- Java API to assist in creating resource properties from external information sources
- A new resource manager (RM) adapter API in GRAM4
GT4.2.0 contains an upgrade to the web services specifications used by the toolkit as well as new features in all services. New users are encouraged to use the 4.2.0 release. However, because of the specification upgrade the webservices are incompatible with the 4.0.x series. Existing 4.0.7 users may wish to evaluate the new software while maintaining their existing installations. Details on the spec upgrade are available in the Changes Summary below.
To download this release, go to the 4.2.0 Download page.
For information on installing this release, go to the 4.2.0 Installation Guide.
Use the documentation which starts at here.
This release includes name changes:
As we continue to evolve the GT documentation, we've added new features as of 4.2.0:
Starting with 4.2.0, GT will start release documentation for each point release.
Left sidebar on all pages allows you to access documentation for all technologies from any page.
Customized TOCs at the top, domain and technology level.
Each guide is its own book with its own url. For example, you can find the GridFTP Admin Guide at http://www.globus.org/toolkit/docs/4.2/4.2.0/data/gridftp/admin/
More PDFs are available - both at the technology-level and guide-level.
Adding more indices. This will be improved with each point release.
Feel free to offer any suggestions or feedback using Bugzilla (the "Documentation" component). Or use the documentation feedback box at the bottom of each page (please note that this box is intended for feedback and suggestions, but not support - support information follows.)
An overview on GT support can be found here.
The Globus Toolkit is distributed and licensed for use under the terms of the Apache License, Version 2.0.
To view the licenses of the 3rd party software used by the developers of the Globus Toolkit, click here.
For full information about usage statistics collected by GT 4.2.0 and how to opt-out, see Usage Statistics Collection by the Globus Alliance.
- Support for WS Addressing version 1.0
- Support for Web Services Resource Framework version 1.2
- Support for Web Services Notification version 1.3
A migration guide for porting services to the new specification is available here.
- The globus-validate-descriptors command line tool is
used to validate the Web Services Deployment Descriptor
.wsdd) files, JNDI configuration files (
jndi-config.xml), and security descriptors for all services.
- The globus-check-environment command line tool is used to display component version information and to validate JVM version.
- The globus-update-client-config command line tool is used to merge client-config.wsdd files from deployed modules into the global client-config.wsdd configuration file.
- The globus-reload-container, globus-remote-deploy-gar, and globus-remote-undeploy-gar command line tools (see the dynamic deployment feature for details).
- The ws-enumerate-start, ws-enumerate, and ws-enumerate-end command line tools (see the WS-Enumeration support feature for details).
- The globus-xpath-query command line tool for querying
the resource property document of a resource using the new
-t, --timeoutoption is used to configure the client-side timeout value.
- A new
-icommand line option was added to
globus-start-containerto force the container to bind to the specified network address.
globus-start-containernow performs a JVM version check to ensure that at least Java 1.4 JVM is used to start the container.
OutOfMemoryErrorerror handling was improved in the standalone container. All
ResourceHomecaches will now be automatically cleared on
- SOAP requests containing attachments will now be handled correctly by the container.
- The globus-start-container-detached, and globus-stop-container-detached tools now support options for specifying alternative log and pid file locations.
- Adjusted the number of threads used by the container in standalone and embedded mode. By default the container in standalone mode will now have a minimum of 2 threads and a maximum of 20. The container in embedded mode will now have a minimum of 1 thread and maximum of 3 threads.
- globus-deploy-gar will NOT overwrite the existing GAR deployment by default now. The existing deployment must be undeployed first or the GAR must be deployed with -overwrite option.
- During GAR deployment the service configuration files such as
jndi-config.xmlfile, and security deployment descriptors will now be automatically validated.
- Client-side type mapping will now be properly removed during GAR undeployment.
- Both GAR deployment and undeployment operations now explicitly check if the container is currently running. If so, the operation is aborted. The container must be off before deploying or undeploying GAR files.
- globus-deploy-gar and globus-undeploy-gar tools can now deploy or undeploy a GAR file directly from Apache Tomcat with the -tomcat option.
- The command line syntax of the globus-deploy-gar and globus-undeploy-gar tools has changed. The tools now expect the options first followed by the required arguments.
It is now easier to make local invocations. Axis'
MessageContextdoes not need to be associated with the current thread anymore and the stub does not need to be configured in any way to make local invocations.
- A new MessageContextHelper
API were added to help in associating an arbitrary
MessageContextobject with the current thread of execution.
- A new EPRResourceContext
API was added to help obtaining
ResourceHome, or the resource object associated with a given WS-Addressing endpoint.
GLOBUS_TCP_SOURCE_PORT_RANGEenvironment property is now supported.
- The test framework was extended to allow for execution of a specific test suite or a specific set of test cases within a test suite (Bug 3668).
- A new Version API were added to obtain Java WS Core version information programmatically.
- A new JNDIUtils.getInitialContext()
method was added to obtain the right JNDI registry. This is now the
preferred way of getting the
InitialContextas it will work correctly on any application server with other JNDI implementations present.
- Added support for Sun Java SE 6 RC.
- Added init.d start/stop script for the standalone container. Please see the Configuring Java WS Core for details.
- A resource cache can now be configured with a size limit (in addition to a timeout).
- A persistent resource object (when used with
ResourceHomeImpl) can now have a
- The factory parameter for simple Java
Bean resources declared in the
jndi-config.xmlfiles is now optional. By default, the
org.globus.wsrf.tools.jndi.BeanFactoryfactory class will be used if the factory resource parameter is not specified.
- A launch script for the
myproxyJava command line tool will now be created on Windows.
- Added error codes to all error messages generated by Java WS Core.
- The setTerminationTime() function can now throw a TerminationTimeRejectedException if the new termination time cannot be accepted by the service.
- Changed the timestamp format of the container log file to ISO
8601 complaint format. The new format has the following syntax:
YYYY-MM-DDThh:mm:ss,sss[+-]hh:mm. It uses local time with UTC time zone offset.
- CoG JGlobus (see the CoG JGlobus Release Notes for more details)
- Apache Xerces 2.7.1
- OpenSAML 1.1
- BouncyCastle 1.31
- Apache Log4j 1.2.15
- Apache Commons Logging 1.1
- Apache Commons CLI 2.0 (latest snapshot)
- Switched to JNDI Naming library from the Apache Directory Project.
- Post 1.4 version of Apache Axis. Please see Axis changes for details.
- Apache Commons Collection 3.2
- Apache Addressing Library has been imported into Globus CVS and a modified version of the library that support only WS Addressing 1.0 namespace has been added to the toolkit. The package names have been modified to avoid any conflicts and the toolkit does not ship with Apache Addressing library.
GT 4.2.0 release contains a newer version of Apache Axis. The following changes have been noted in Axis:
xsd:grouphandling has changed. A Java Bean will NOT be generated now for a xsd:group type. See AXIS-1525 for more details.
- The ordering of the parameters of the constructors of the generated Java Beans has changed once again. It is recommended to avoid the full constructors of the generated Java Beans. Use individual setter functions to set the values of the Bean instead.
An error will now be raised by
BeanSerializerwhen serializing a null value that is not optional or non-nillable. This behavior can be disabled by setting
BeanSerializer.errorOnNullWithNonNillableElementsystem property to
WSDL2Javawill not generate Java Beans for certain array objects. The
-woption must be passed to
WSDL2Javato force it to generate the Java Beans for such types. This change is transparent to the users of the build scripts provided by Java WS Core.
- MTOM attachments are now supported.
- Implementation of WS-ServiceGroup as an API and a provider.
- Implementation of the Notification Producer operations, including support for Simple, Concrete, and Full TopicExpressions. The default service stubs will use a provider for this.
- Implementation of the WSRF QueryResourceProperties operation, including client and server-side serialization of XPath expressions. Support for TargetedXPathQuery dialect as used by Java WS Core.
- Local service invocations within a process bypass XML serialization.
- Improved WSDL parsing and type generation (support nillable types, xsd:token, etc).
- New command-line option parsing support in WSRF Core tools for implementing WSRF client programs.
- New command-line tools for common WSRF operations.
- Improved Makefiles for bindings packages created by globus-wsrf-cgen. Source lists are created at compile time from the schema, instead of being hard-coded into the Makefiles. Better handling of service-only, client-only, and types-only packages.
The only significant change to Globus XIO in this release is the addition of "string attributes". The previous method of handling attributes still works in an entirely backward compatible way, but the string attributes adds a much needed convenience. Drivers can now provide a list of key=value pairs. A user can then specify these options at the command line and at runtime. This makes run time configuration much more flexible.
A driver can choose to expose parameters in a string form.
This feature makes dynamically setting driver-specific
options much easier. A user can then load the driver by name and
set specific options by name all at runtime with no object module
references. For example, a TCP driver can be loaded with the string
tcp and the options can be set with the string
This would set the port to 50668, keepalive to true and nodelay to
false. The particular string definition is defined by the TCP
driver. This is done by creating a
array within the driver's source code.
See the TCP driver source code for an example.
Each row of the array is 1 option. There are 3 sub-members of
each row entry: key, cmd, and parse function.
The key is a string that defines what option is to be set.
In the above example, string port would be a
key. cmd tells the driver what cntl is
associated with the key. In other words, once the string is
parsed out it converts the key into a driver-specific control enum.
XIO then uses that enum as it would if a driver-specific option
was set in the source code. For more information on controls, see
No significant changes have happened for C Common Libraries since GT 4.0.x. See Feature Summary for some minor changes.
- Added support for signing policy.
- Changed CRL validation to raise an exception when expired CRLs are detected.
- Changed default proxy credential generated to be RFC 3820-compliant. Support for legacy, draft compliant and RFC 3820 remains as it was.
- Added support for partial 3rd party transfers to the UrlCopy library.
- Added support for
- Improved handling of SSLv2 client hello messages.
- Optimized obtaining a default credential using the
- Optimized CA certificate and CRL file refresh functions.
- Added error codes to all error messages generated by the GSI library.
Updated 3rd party libraries:
- BouncyCastle 1.31
- Apache Log4j 1.2.13
- Apache Commons Logging 1.1
Added support for signing policy enforcement. Disabling the enforcement is provided directly by the CoG JGlobus library, Section 2, “Signing Policy Location”.
The security descriptor framework, used to configure security properties for the security framework, has been enhanced. Detailed information about the framework is provided at Introduction.
Java WS Authentication code honors environment variables to pick up the credential to use as described here.
Java WS Authentication code allows configuration of trust certificate in non-default location as described here.
The server side authorization framework has been reworked to support attribute-based authorization. The APIs and framework have been enhanced to deal with a representation where each entity is identified by a bag of attributes.
Also, the default engine used for combining the individual Policy Decision Point (PDP) decisions has been changed from a deny-override algorithm to a permit-override scheme that looks for a chain of delegation of rights from the resource owner to the requestor.
Refer to Architecture and design overview for detailed information on the architecture.
The WS authorization interfaces have been frozen as of the GT 4.1.2 release.
All the PDPs that were distributed with the previous version have been ported to the new framework and are supported.
The Java WS server-side authorization code has been moved to a
separate module called
authorization. The work was tracked
as part of Bug
5559 and while this does not change any interface on the server
side, it separates the code from the Java WS Core module.
A migration guide that outlines the changes needed for services that build on Java WS Core is provided here.
Fixed SAML assertion embedded in proxy when cas-proxy-init is used in order to comply with RFC 3820 requirements on certificate extension. Support for OID 126.96.36.199.4.1.35188.8.131.52.9 has been discontinued and new OID 184.108.40.206.4.1.35220.127.116.11.12, with value set to be a DER encoded ASN.1 representation of the SAML asseriton has been added. Details are part of Bug 5606
Added an implicit namespace casDefaultNS, which is treated as a special namspace with no base name and exact comparison algorithm.
Grant all access to created groups disabled: The previous versions of CAS allowed granting newly created groups grantAll access to themselves. This feature has been disabled to prevent recursive permission issues.
Update to OpenSAML 1.1: The service has been updated to use OpenSAML 1.1.
Command line client options: The command line client options have been changed to use options that are standard across the toolkit. Note that all features that were supported before are still supported, but some of the option names have changed.
Underlying Java WS Authentication library supports RFC 3820 proxies by default as described in Release Notes. The Delegation Service will also default to RFC 3820 proxies.
- Added support for
QueryResourcePropertiesinterfaces. This allows for a client to query for the lifetime of the delegated credential.
The command line client options have been changed to use options that are standard across the toolkit. Note that all features that were supported before are still supported, but some of the option names have changed.
- Bug 4593: C WS-Delegation Utils (Refresh/Program/Tests)
No changes have occurred for MyProxy since the last stable release, 4.0.x.
No changes have occurred for SimpleCA since the last stable release, 4.0.x.
- New in RFT 4.2 is a connection caching feature. This allows internal GridFTP connections to be internally cached globally across all service requests. This has shown to be a vast performance increase in the case where a single user wishes to transfer many URLs, but instead of transferring them in a single request, they put each URL in a separate request. Caching helps this case specifically, and is a general optimization for other cases.
- The backoff algorithm has been modified. To start with, all errors in communicating with GridFTP servers are considered transient. In the past we considered authorization failures and DNS lookup failures, as well as other similar things, as fatal. We have since recognized that even those shall pass, and in some environments those should be expected as a means of controlling load.
- Additionally, how we back off is different. If a failure is detected, we do not try to communicate with the given GridFTP server for a specified amount of time, or until some other transfer completes successfully with that server. This allows for optimal use of GridFTP servers that only allow a fixed number of connections at once, and it helps make optimal use of our connection cache.
- Added GFork master plugin to allow dynamic backend configuration.
-ppoption to globus-url-copy to allow pipelining of data transfers (ie, several transfers can be processed without waiting for each transfer to finish before starting the next one.)
The GridFTP Admin Guide has been updated to include more information on advanced configuration, configuring security and tuning/performance recommendations.
- An embedded database (using SQLite) and ODBC libraries are now included in the RLS Server installation. A default installation of GT will include a fully configured RLS Server that requires no database installation or configuration by the end user. Advanced users can still use their own database without changes.
- The RLS now includes a new Java client API written entirely in Java. It does not require the C client libraries and allows for Java client support on 64-bit platforms. The new API is fully backwards compatible. Users need not make any changes to existing code to take advantage of the new library.
- The RLS Admin Guide has been completely rewritten to account for the embedded database support and to streamline the installation procedures. In addition, a large help section has been added based on an analysis of ODBC and database installation procedures and their compatibility with the RLS.
- Client tools support for bulk operations has been improved. The
globus-rls-clican now read input parameters from a file, and a new
globus-rls-bulk.shscript also simplifies repetitive procedures involving bulk operations.
- Bug fixes up through the GT 4.0.6 release are also included in this release.
A new MDS Admin Guide has been created that describes configuring MDS as a whole.
Loop detection (preventing an index server from registering to itself, or two from registering to each other) has been improved somewhat since 4.0.x.
- Multiple triggers per data source aggregation is now supported. Each trigger's Matching Rule will be evaluated against the incoming message.
- Support for XML Namespace resolution in the Matching Rule Xpath statement. This allows namespace prefixes to be specified in the TriggerRule XPath matching rule string parameter.
- Triggers are now created/configured in a completely different manner from previous versions. They are created dynamically, as needed.
- Some parameter names have been changed, added, or removed.
The mds-servicegroup-add command no longer requires the dummy -s or -e arguments
The mds-set-multiple-termination-time command has been added to aid in management of service group entry resources created via mds-servicegroup-add
SubscriptionAggregatorSourcenow attempt to detect when the data source EPR is local to the current container instance and, if so, set the connection properties to use local transport.
Added a service level configuration option for suppressing the publication of aggregator configuration elements in aggregator service group registry entries. In other words, the Service Group Entry
ContentResource Property will contain only the aggregated data.
Due to changes in the final version of the WS-ServiceGroup specification, the XML structure of a ServiceGroupEntry's
ContentResource Property is no longer directly mapped to the AggregatorContent type. Instead, the AggregatorContent type is now represented as a child element of the WS-SG
- Error handling has improved -- error pages now include a summary and not just a Java stack trace.
- The service group summary view now has an option to periodically refresh the display.
- WebMDS now supports optional user-specified Xpath queries.
- WebMDS now supports the use of user-specified namespace mappings with user-specified Xpath queries.
- Entries in the service group summary view are now sorted.
- The service group summary view is now easier to update to support local data types.
The RPProvider configuration file format has changed slighty.
structure contains an array of xml elements of the type
In 4.0.x, the element name for each array item was "configArray";
in 4.2.x, the name has been changed to "resourcePropertyProviderConfiguration".
ResourcePropertyProviderConfigArray and its
child elements have not been modified in any other way. Therefore, a search
and replace for all instances of "configArray" with "resourcePropertyProviderConfiguration"
should be all that is necessary to make 4.0.x RPProvider configuration files
compatible with 4.2.x versions.
For a summary of the changes, please see the Migration Guide from 4.0 GRAM
Only minor changes and bugfixes have occurred for GRAM2 since the last stable release.
GridWay version shipped with GT4.2.0 is based on GridWay 5.4, a new stable version with increased functionality, including support to access the NorduGrid infrastructure, new bindings for DRMAA and support for DAGMAN workflows.
New to 4.2.0:
- Integration with major Grid Infrastructures
Following the trend from previous releases, GridWay is capable of integrate with another major infrastructure: NorduGrid. Drivers for Execution and Transfer are included in this release.
- New DRMAA bindings for scripting languages
Previous GridWay releases come with support for C and Java bindings implementing the DRMAA standard. Scripting languages are interesting from the point of view of rapid application prototyping among others. From dsa-research.org we believe this to be an interesting aspect, and that is why GridWay includes bindings to access the DRMAA standard from scripting languages such as Perl, Ruby and Python.
- Support for DAGMAN workflows
There is an increasing interest from the scientific community to be able to run complex workflows on a Grid environment. An almost de-facto standard to represent DAG workflows is Condor DAGMAN. In this development release GridWay includes a new workflow launcher (gwdag) that handles this kind of workflows.
Common Runtime Components