Subject: Re: running examples in v. 3.0 GT

Date view	Thread view	Subject view	Author view	Attachment view

Next message: Steve White: "Re: running examples in v. 3.0 GT"
Previous message: Steve White: "Re: running examples in v. 3.0 GT"
In reply to: Steve White: "Re: running examples in v. 3.0 GT"
Next in thread: Steve White: "Re: running examples in v. 3.0 GT"
Reply: Steve White: "Re: running examples in v. 3.0 GT"
Reply: Steve White: "Re: running examples in v. 3.0 GT"

From: Ally Hume (a.hume@epcc.ed.ac.uk)
Date: May 30, 2008 13:36

Steve,

Just to confirm that you haven't unluckly missed the correct one of
many combination! I think the following line is what you want:

java uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient -u
http://FULL_HOST_NAME:8443/wsrf/services/dai/ -d rftDatabase
-q "SELECT * FROM request" -tls

Does this fail? If so what is the error.

If that fails try dropping the / after services/dai and see if that
makes any difference.

Ally

2008/5/30 Steve White <swhite@aip.de>:
> Ally,
>
> I later read the line
> "Note that because host authorization is used the client must specify the full name of the server and cannot use localhost."
>
> But that didn't help either. Substituting the proper address for localhost
> gave the same results.
>
>
> On 30.05.08, Steve White wrote:
>> Ally,
>>
>> On 30.05.08, Ally Hume wrote:
>> >
>> > Ok so you are using transport level security with GT.
>> >
>> > > SERVICES_BASE_URL="http://localhost:8443/wsrf/services/dai/"
>> >
>> > This should be https.
>> >
>> I tried that farther down in my message.
>>
>> > But I think your problem is that the client you are using does not
>> > support transport level security. The only OGSA-DAI client we have
>> > written that supports GT security is
>> > uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient. The
>> > uk.org.ogsadai.client.toolkit.example.ServerClient does not support GT
>> > security.
>> >
>> I see. So this example program wouldn't have worked anyway.
>>
>> So, I tried GTSecureSQLClient, with no luck.
>>
>> Many variations on commands from
>>
>> http://www.ogsadai.org.uk/documentation/ogsadai3.0/ogsadai3.0-gt/CheckServerCH.html#ExampleClients
>>
>> like
>>
>> $ java uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient \
>> -u http://localhost:8443/wsrf/services/dai/ \
>> -d rftDatabase \
>> -q "SELECT * FROM request" \
>> -secconv encrypt
>>
>> I tried https; it failed. I tried altering the last line as shown on
>> the document page; it failed.
>>
>> Output looked like this
>> ===================================================================
>> DRER ID: DataRequestExecutionResource
>> Data Resource ID: rftDatabase
>> Base Services URL: http://localhost:8443/wsrf/services/dai/
>> SQLQuery: SELECT * FROM request
>> Transport level security with integrity
>> Exception in thread "main" uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A problem occured initialising the server.
>> at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown Source)
>> at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown Source)
>> at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown Source)
>> at uk.org.ogsadai.client.toolkit.ServerProxy.getDataRequestExecutionResource(Unknown Source)
>> at uk.org.ogsadai.client.toolkit.example.SQLClient.execute(Unknown Source)
>> at uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient.main(Unknown Source)
>> Caused by: java.net.SocketException: Connection reset
>> at java.net.SocketInputStream.read(SocketInputStream.java:168)
>> at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
>> at java.io.BufferedInputStream.read1(BufferedInputStream.java:256)
>> at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
>> at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:606)
>> at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:554)
>> at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:571)
>> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:939)
>> at java.net.URL.openStream(URL.java:1007)
>> ... 6 more
>> ===================================================================
>>
>> > We really ought to write a version of ServerClient that supports GT
>> > security. I applogise that we have not done this. Hopefully we can
>> > add it to the next release. In the mean time I hope GTSecureSQLClient
>> > will help you test that your service is running.
>> >
>> > If you wish hack source code yourself I think you would just need to
>> > add static call to registerTransport somewhere in your code, e.g..
>> > static { Util.registerTransport(); }
>> >
>> No time, unfortunately.
>>
>> Thanks!
>>
>>
>> > 2008/5/30 Steve White <swhite@aip.de>:
>> > > Hi,
>> > >
>> > > I seem to have deployed OGSA-DAI 3.0 (GT) on a Scientific Linux 4.6 system
>> > > with GT v. 4.0.6, and JDK 1.5.0_07.
>> > >
>> > > To check it, I tried some of the example clients, but they haven't worked.
>> > >
>> > > On starting the Globus container, I see
>> > >
>> > > ==============================================================
>> > > [48]: https://astrodata07.gac-grid.org:8443/wsrf/services/dai/DataRequestExecutionService
>> > > [49]: https://astrodata07.gac-grid.org:8443/wsrf/services/dai/DataResourceInformationService
>> > > [50]: https://astrodata07.gac-grid.org:8443/wsrf/services/dai/DataSinkService
>> > > [51]: https://astrodata07.gac-grid.org:8443/wsrf/services/dai/DataSourceService
>> > > [52]: https://astrodata07.gac-grid.org:8443/wsrf/services/dai/RequestManagementService
>> > > [53]: https://astrodata07.gac-grid.org:8443/wsrf/services/dai/SessionManagementService
>> > > ==============================================================
>> > >
>> > > As a user with full credentials and a grid proxy, I set up my environment
>> > > like this:
>> > >
>> > > $ source setenv.sh
>> > > $ export SERVICES_BASE_URL="http://localhost:8443/wsrf/services/dai/"
>> > >
>> > > (The latter isn't so clear: should it be http or https? I tried both.)
>> > >
>> > > Then
>> > >
>> > > $ java uk.org.ogsadai.client.toolkit.example.ServerClient -u $SERVICES_BASE_URL -c getVersion
>> > >
>> > > results in:
>> > > ==============================================================
>> > > Exception in thread "main" uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A problem occured initialising the server.
>> > > at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.ServerProxy.getVersion(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.example.ServerClient.execute(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.example.ServerClient.main(Unknown Source)
>> > > Caused by: java.net.SocketException: Connection reset
>> > > at java.net.SocketInputStream.read(SocketInputStream.java:168)
>> > > at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
>> > > at java.io.BufferedInputStream.read1(BufferedInputStream.java:256)
>> > > at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
>> > > at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:606)
>> > > at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:554)
>> > > at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:571)
>> > > at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:939)
>> > > at java.net.URL.openStream(URL.java:1007)
>> > > ... 6 more
>> > > ==============================================================
>> > >
>> > > The Globus container.log has
>> > > ==============================================================
>> > > 2008-05-28 17:29:53,468 ERROR container.GSIServiceThread [ServiceThread-11,process:141] Error processing request
>> > > java.io.IOException: Token length 1195725856 > 33554432
>> > > at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readToken(GSIGssInputStream.java:93)
>> > > at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:54)
>> > > at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:60)
>> > > at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:122)
>> > > at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
>> > > at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>> > > at org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:98)
>> > > at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>> > > 2008-05-28 17:29:53,476 ERROR container.GSIServiceThread [ServiceThread-12,process:141] Error processing request
>> > > java.io.IOException: Token length 1195725856 > 33554432
>> > > at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readToken(GSIGssInputStream.java:93)
>> > > at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:54)
>> > > at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:60)
>> > > at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:122)
>> > > at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
>> > > at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>> > > at org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:98)
>> > > ==============================================================
>> > >
>> > > The bit about token length reminded me of something about https vs http
>> > > so I tried:
>> > >
>> > > $ export SERVICES_BASE_URL="http://localhost:8443/wsrf/services/dai/"
>> > >
>> > > Now the same java command gives
>> > > ==============================================================
>> > > Exception in thread "main" uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A problem occured initialising the server.
>> > > at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.ServerProxy.getVersion(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.example.ServerClient.execute(Unknown Source)
>> > > at uk.org.ogsadai.client.toolkit.example.ServerClient.main(Unknown Source)
>> > > Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>> > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
>> > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
>> > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
>> > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
>> > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>> > > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>> > > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
>> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
>> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
>> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
>> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
>> > > at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
>> > > at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
>> > > at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:916)
>> > > at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
>> > > at java.net.URL.openStream(URL.java:1007)
>> > > ... 6 more
>> > > Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>> > > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
>> > > at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
>> > > at sun.security.validator.Validator.validate(Validator.java:203)
>> > > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
>> > > at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
>> > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
>> > > ... 18 more
>> > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>> > > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
>> > > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
>> > > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
>> > > ... 23 more
>> > > ==============================================================
>> > >
>> > > The container.log has
>> > > ==============================================================
>> > > 2008-05-28 17:34:51,535 ERROR container.GSIServiceThread [ServiceThread-12,process:141] Error processing request
>> > > Authentication failed
>> > > . Caused by
>> > > Failure unspecified at GSS-API level
>> > > . Caused by
>> > > COM.claymoresystems.ptls.SSLCaughtAlertException: Unknown certificate processing problem
>> > > at COM.claymoresystems.ptls.SSLRecordReader.processAlert(SSLRecordReader.java:153)
>> > > at COM.claymoresystems.ptls.SSLRecordReader.readRecord(SSLRecordReader.java:90)
>> > > at COM.claymoresystems.ptls.SSLHandshake.recvHandshakeToken(SSLHandshake.java:177)
>> > > at COM.claymoresystems.ptls.SSLHandshakeServer.processTokens(SSLHandshakeServer.java:179)
>> > > at COM.claymoresystems.ptls.SSLHandshake.processHandshake(SSLHandshake.java:135)
>> > > at org.globus.gsi.gssapi.GlobusGSSContextImpl.acceptSecContext(GlobusGSSContextImpl.java:284)
>> > > at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:124)
>> > > at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
>> > > at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>> > > at org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:98)
>> > > at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>> > > ==============================================================
>> > >
>> > > Somebody asked about this years ago on the mailing list, but got no answer.
>> > > http://archives.ogsadai.org.uk/users/0892.html
>> > >
>> > > The Globus on this system is otherwise working well, with users gsissh'ing,
>> > > and submitting jobs.
>> > >
>> > > So, what should I try next?
>> > >
>> > > Cheers!
>> > >
>> > > - - - - - - - - - - - - - - - - - - - - - - - - -
>> > > Steve White +49(331)7499-202
>> > > e-Science / AstroGrid-D Zi. 35 Bg. 20
>> > > - - - - - - - - - - - - - - - - - - - - - - - - -
>> > > Astrophysikalisches Institut Potsdam (AIP)
>> > > An der Sternwarte 16, D-14482 Potsdam
>> > >
>> > > Vorstand: Prof. Dr. Matthias Steinmetz, Peter A. Stolz
>> > >
>> > > Stiftung privaten Rechts, Stiftungsverzeichnis Brandenburg: III/7-71-026
>> > > - - - - - - - - - - - - - - - - - - - - - - - - -
>> > >
>> >
>> > The University of Edinburgh is a charitable body, registered in
>> > Scotland, with registration number SC005336.
>> >
>>
>> --
>> - - - - - - - - - - - - - - - - - - - - - - - - -
>> Steve White +49(331)7499-202
>> e-Science / AstroGrid-D Zi. 35 Bg. 20
>> - - - - - - - - - - - - - - - - - - - - - - - - -
>> Astrophysikalisches Institut Potsdam (AIP)
>> An der Sternwarte 16, D-14482 Potsdam
>>
>> Vorstand: Prof. Dr. Matthias Steinmetz, Peter A. Stolz
>>
>> Stiftung privaten Rechts, Stiftungsverzeichnis Brandenburg: III/7-71-026
>> - - - - - - - - - - - - - - - - - - - - - - - - -
>
> --
> - - - - - - - - - - - - - - - - - - - - - - - - -
> Steve White +49(331)7499-202
> e-Science / AstroGrid-D Zi. 35 Bg. 20
> - - - - - - - - - - - - - - - - - - - - - - - - -
> Astrophysikalisches Institut Potsdam (AIP)
> An der Sternwarte 16, D-14482 Potsdam
>
> Vorstand: Prof. Dr. Matthias Steinmetz, Peter A. Stolz
>
> Stiftung privaten Rechts, Stiftungsverzeichnis Brandenburg: III/7-71-026
> - - - - - - - - - - - - - - - - - - - - - - - - -
>

-- 
----------------------------------------------------------
Ally Hume
Software Architect
EPCC, The University of Edinburgh
Tel: +44 131 651 3397
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Next message: Steve White: "Re: running examples in v. 3.0 GT"
Previous message: Steve White: "Re: running examples in v. 3.0 GT"
In reply to: Steve White: "Re: running examples in v. 3.0 GT"
Next in thread: Steve White: "Re: running examples in v. 3.0 GT"
Reply: Steve White: "Re: running examples in v. 3.0 GT"
Reply: Steve White: "Re: running examples in v. 3.0 GT"

Date view	Thread view	Subject view	Author view	Attachment view