How to configure OGSA-DAI 3.0/1 GT with transport-level security
After one of our users encountered a number of problems trying to deploy OGSA-DAI 3 GT on Tomcat with transport-level security enabled I tried to do it myself. The problem with configuring GT security is that there are a number of options available at each stage e.g. transport-level security or message-level security, encryption or integrity etc. So this is just one path through these.
Important note about Globus versions: These instructions are for GT 4.0. GT security configuration is different for GT 4.2 and is not covered by this page. If you try to use GT 4.0 security configuration in GT4.2 you will be wasting your time.
Important note about Tomcat versions: These instructions are for Tomcat 5.0. GT security configuration is different for Tomcat 5.5. I include the differences for Tomcat 5.5 at the bottom of the page. At the relevant points in the page I'll say when the instructions differ for Tomcat 5.5. Do not mix and match Tomcat 5.0 and Tomcat 5.5 configuration as you will end up having to restart from scratch!
Setting up my enviroment
Using Tomcat 5.0 and GT 4.0.8 Web services core I set their locations.
$ export CATALINA_HOME=/home/michaelj/test/tomcat/ $ export GLOBUS_LOCATION=/home/michaelj/Packages/globus/ws-core-4.0.8 $ export OGSADAI_HOME=/home/michaelj/Packages/ogsadai3.1/ogsadai-3.1-gt-4.0.8-bin
Deploying GT onto Tomcat
So, as recommended in
http://www.ogsadai.org.uk/documentation/ogsadai3.1/ogsadai3.1-gt/DeployGT.html
I now go to:
And follow their instructions.
$ cd $GLOBUS_LOCATION
$ ant -f share/globus_wsrf_common/tomcat/tomcat.xml deploySecureTomcat
-Dtomcat.dir=$CATALINA_HOME
Buildfile: share/globus_wsrf_common/tomcat/tomcat.xml
deploySecureTomcat:
_baseTomcatDeploy:
[mkdir] Created dir: /home/michaelj/test/tomcat/webapps/wsrf
[copy] Copying 90 files to /home/michaelj/test/tomcat/webapps/wsrf
[mkdir] Created dir: /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF
[copy] Copying 30 files to /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF
[chmod] Skipping fileset for directory /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF. It is empty.
[mkdir] Created dir: /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF/classes
[copy] Copying 1 file to /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF/classes
[copy] Copying 1 file to /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF/classes
[mkdir] Created dir: /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF/lib
[copy] Copying 1 file to /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF
[copy] Warning: Could not find file /home/michaelj/Packages/globus/ws-core-4.0.8/lib/xalan.jar to copy.
[copy] Copying 50 files to /home/michaelj/test/tomcat/webapps/wsrf/WEB-INF/lib
[copy] Copying 8 files to /home/michaelj/test/tomcat/common/lib
[copy] Copying 1 file to /home/michaelj/test/tomcat/server/lib
BUILD SUCCESSFUL
Total time: 4 seconds
If using GT 4.0.8 there is a bug and you'll have to manually copy a JAR into Tomcat - see the note about GT 4.0.8 deployment onto Tomcat.
Configuring Tomcat 5.0
Now as stated in the Globus doc since I'm using Tomcat 5.0. I need to:
Add a HTTPS Connector lt;Service name="Catalina"> section and update the parameters appropriately with your local configuration:
<Connector className="org.globus.tomcat.coyote.net.HTTPSConnector" port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" autoFlush="true" disableUploadTimeout="true" scheme="https" enableLookups="true" acceptCount="10" debug="0" proxy="/path/to/proxy/file" cert="/path/to/certificate/file" key="/path/to/private/key/file" cacertdir="/path/to/ca/certificates/directory"/>
In the above the proxy, cert, key and cacertdir attributes are optional. Furthermore, the proxy and the combination of cert and key attributes are mutually exclusive.
But it says that
The credentials and certificate configuration is used only by the connector and is not used by the rest of the web services stack in Globus Toolkit. To configure credentials for use in the toolkit, refer to Security Descriptor.
So I originally tried:
<Connector className="org.globus.tomcat.coyote.net.HTTPSConnector" port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" autoFlush="true" disableUploadTimeout="true" scheme="https" enableLookups="true" acceptCount="10" debug="0"/>
But when I tried to contact Tomcat the logs had:
SEVERE: Endpoint ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8443] ignored exception: org.globus.common.ChainedIOException: Failed to init GSS context [Caused by: Defective credential detected [Caused by: Proxy file (/tmp/x509up_u505) not found.]]
So maybe it's looking for certificate information. So I add this to my
Connector:
cert="/home/michaelj/security/coalcert.pem" key="/home/michaelj/security/coalkey.pem"/>
To get:
<Connector className="org.globus.tomcat.coyote.net.HTTPSConnector" port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" autoFlush="true" disableUploadTimeout="true" scheme="https" enableLookups="true" acceptCount="10" debug="0" cert="/home/michaelj/security/coalcert.pem" key="/home/michaelj/security/coalkey.pem"/>
Where coalcert.pem and coalkey.pem are the certificate and key for my host. [I don't use /etc/grid-security as I don't have permission to access the pem files in that]
So this configuration is the one that worked for me. For my Tomcat 5.5
version of this Connector
please see Tomcat 5.5 at the bottom
of the page.
And I also have to add
Add a HTTPS Valve in the <Engine name="Catalina" ... > section: <Valve className="org.globus.tomcat.coyote.valves.HTTPSValve"/>
<Valve className="org.globus.tomcat.coyote.valves.HTTPSValve"/>
For my Tomcat 5.5 version of this Valve
please see Tomcat
5.5 at the bottom of the page.
Deploy OGSA-DAI
So now I'm ready to deploy OGSA-DAI onto GT/Tomcat as described in:
http://www.ogsadai.org.uk/documentation/ogsadai3.1/ogsadai3.1-gt/DeployCH.html
$ cd OGSADAI_HOME $ ant -Dgt.dir=$GLOBUS_LOCATION -Dtomcat.dir=$CATALINA_HOME -Ddai.host=coal.epcc.ed.ac.uk -Ddai.port=8443 buildAndDeployGARTomcat
Setup GT security for OGSA-DAI
Now I'm ready to set up OGSA-DAI GT 4.0 security:
http://www.ogsadai.org.uk/documentation/ogsadai3.1/ogsadai3.1-gt/AdminSecurityGT40.html
As described in section 38.1 first I need to configure certificates.
I write a file global_security_descriptor.xml:
<?xml version="1.0" encoding="UTF-8"?>
<securityConfig xmlns="http://www.globus.org">http://www.globus.org">
<credential>
<key-file value="/home/michaelj/security/coalkey.pem"/>
<cert-file value="/home/michaelj/security/coalcert.pem"/>
</credential>
</securityConfig>
As requested, I now save this file to:
$CATALINA_HOME/webapps/wsrf/WEB-INF/etc/globus_wsrf_core/global_security_descriptor.xml
As requested, I now edit the container's global configuration:
$CATALINA_HOME/webapps/wsrf/WEB-INF/etc/globus_wsrf_core/server-config.wsdd
and add the following lines to the <globalConfiguration> element.
<parameter name="containerSecDesc"
value="/home/michaelj/test/tomcat/webapps/wsrf/WEB-INF/etc/globus_wsrf_core/global_security_descriptor.xml"/>
I now configure the CAs as described in 38.2. I put these in
/etc/grid-security/certificates
which, as described in the doc, is one of the standard places where Globus Toolkit looks for these.
$ ls /etc/grid-security/certificates/ 01621954.0 8175c1cd.0 e11e2ba8.0 01621954.signing_policy 8175c1cd.signing_policy 19de5f16.0 98ef0ee5.0 19de5f16.signing_policy 98ef0ee5.signing_policy 2dcb767f.0 adcbc9ef.0 2dcb767f.signing_policy adcbc9ef.signing_policy 367b75c3.0 bad2c094.0 367b75c3.signing_policy bad2c094.signing_policy 42864e48.0 42864e48.signing_policy
Now I'm ready to configure authentication methods and levels as described in 38.3.
I am interested in using transport level security using HTTPS and with privacy (encryption) protection. So I write a security descriptor:
<?xml version="1.0" encoding="UTF-8"?>
<securityConfig xmlns="http://www.globus.org">
<auth-method>
<GSITransport>
<protection-level>
<privacy/>
</protection-level>
</GSITransport>
</auth-method>
<authz value="none"/>
</securityConfig>
I will not do anything about authorization - determining who can access and do what.
I'll put this in the place recommended in the user doc:
$CATALINA_HOME/webapps/wsrf/WEB-INF/etc/dai/
And call it mike_security_descriptor.xml
Now, as described in the doc, I need to link the OGSA-DAI services to the security descriptor. And so I edit:
$CATALINA_HOME/webapps/wsrf/WEB-INF/etc/dai/server-config.wsdd
And for each <service>
element (there are six, corresponding to
the six types of OGSA-DAI service) I add a reference to my descriptor:
<parameter
name="securityDescriptor"
value="/home/michaelj/test/tomcat/webapps/wsrf/WEB-INF/etc/dai/mike_security_descriptor.xml"/>
Do a quick test
So now I startup Tomcat
$ cd $CATALINA_HOME $ ./bin/startup.sh
I did an optional test by visiting:
https://localhost:8443/
And a browser dialog box appeared asking me to select a certificate which I did. I was then taken to the standard Tomcat front-page. This relies on you having a certificate signed by one of the CAs you've setup earlier.
Deploy an OGSA-DAI data resource
Now I deploy an OGSA-DAI data resource:
http://www.ogsadai.org.uk/documentation/ogsadai3.1/ogsadai3.1-gt/DeployRelationalResource.html
Create a tmp directory for the driver JAR:
$ mkdir tmp $ cp /home/michaelj/ogsa-dai-cvs/packages/databases/mysql/mysql5.0.4/lib/mysql-connector-java-5.0.4-bin.jar tmp Create a file - my.resource.config dai.resource.id=MySQLDB dai.product.name=MySQL dai.product.vendor=MySQL dai.product.version=5.0 dai.db.uri=jdbc:mysql://XXXXXX:3306/daitest dai.db.driver=org.gjt.mm.mysql.Driver dai.dn=/C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=mike jackson dai.user=XXXXXX dai.password=XXXXXX dai.resource.jar.dir=tmp
Note dai.dn - this is my credential from my certificate.
And deploy:
$ ant -propertyfile my.resource.config -Dtomcat.dir=$CATALINA_HOME deployRelationalResource
Now I restart Tomcat
$ ./bin/shutdown.sh $ rm logs/* $ ./bin/startup.sh
Run an OGSA-DAI secure client
Now I run the secure client:
http://www.ogsadai.org.uk/documentation/ogsadai3.1/ogsadai3.1-gt/GTSecureSQLClient.html
$ java uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient
-u https://localhost:8443/wsrf/services/dai
-d MySQLDB -q "SELECT * FROM littleblackbook WHERE id < 10;" -tls
DRER ID: DataRequestExecutionResource
Data Resource ID: MySQLDB
Base Services URL: https://localhost:8443/wsrf/services/dai
SQLQuery: SELECT * FROM littleblackbook WHERE id < 10;
Transport level security with integrity
Exception in thread "main"
uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A
problem occured initialising the server.
at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getDataRequestExecutionResource(Unknown Source)
at uk.org.ogsadai.client.toolkit.example.SQLClient.execute(Unknown Source)
at uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient.main(Unknown Source)
Caused by: org.globus.common.ChainedIOException: Failed to init GSI
context [Caused by: Defective credential detected [Caused by: Proxy
file (/tmp/x509up_u505) not found.]]
at org.globus.net.GSIHttpURLConnection.connect(GSIHttpURLConnection.java:107)
at org.globus.net.GSIHttpURLConnection.getInputStream(GSIHttpURLConnection.java:151)
at java.net.URL.openStream(URL.java:913)
... 6 more
Of course it fails because I as a client haven't created my proxy certificate! So:
$ cd $GLOBUS_LOCATION $ ./bin/grid-proxy-init Your identity: C=UK,O=eScience,OU=Edinburgh,L=NeSC,CN=mike jackson Enter GRID pass phrase for this identity: Creating proxy, please wait... Proxy verify OK Your proxy is valid until Thu Mar 26 00:15:54 GMT 2009
Try again:
$ java uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient
-u https://localhost:8443/wsrf/services/dai
-d MySQLDB -q "SELECT * FROM littleblackbook WHERE id < 10;" -tls
DRER ID: DataRequestExecutionResource
Data Resource ID: MySQLDB
Base Services URL: https://localhost:8443/wsrf/services/dai
SQLQuery: SELECT * FROM littleblackbook WHERE id < 10;
Transport level security with integrity
Exception in thread "main"
uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A
problem occured initialising the server.
at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getDataRequestExecutionResource(Unknown Source)
at uk.org.ogsadai.client.toolkit.example.SQLClient.execute(Unknown Source)
at uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient.main(Unknown Source)
Caused by: java.io.IOException: Internal Server Error
at
org.globus.net.GSIHttpURLConnection.getInputStream(GSIHttpURLConnection.java:176)
at java.net.URL.openStream(URL.java:913)
... 6 more
Of course this time it fails because I'm using TLS + Integrity but the
server enforces TLS + Privacy (as I requested in
mike_security_descriptor.xml)
$ java uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient -u https://localhost:8443/wsrf/services/dai -d MySQLDB -q "SELECT * FROM littleblackbook WHERE id < 10;" -tls encrypt DRER ID: DataRequestExecutionResource Data Resource ID: MySQLDB Base Services URL: https://localhost:8443/wsrf/services/dai SQLQuery: SELECT * FROM littleblackbook WHERE id < 10; Transport level security with encryption uk.org.ogsadai.resource.request.status.COMPLETED | id | name | address | phone | | 1 | Ally Antonioletti | 826 Hume Crescent, Southampton | 01670061244 | | 2 | Amy Atkinson | 583 Atkinson Drive, Southampton | 06312054624 | | 3 | Andrew Borley | 354 Jackson Road, Edinburgh | 01057075166 | | 4 | Charaka Chue Hong | 750 Pearson Crescent, Southampton | 09945916393 | | 5 | Dave Hardman | 079 Borley Gardens, Winchester | 06725558505 | | 6 | George Hicken | 398 Magowan Street, Winchester | 09066873297 | | 7 | James Hume | 801 Laws Gardens, Edinburgh | 00246566355 | | 8 | Malcolm Jackson | 743 Krause Lane, Edinburgh | 04333719273 | | 9 | Mario Krause | 026 Atkinson Gardens, Winchester | 01922093483 |
Success!
Note about GT4.0.8 deployment onto Tomcat
I tried with GT 4.0.8 and Tomcat gave a:
Caused by: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
This is because deploySecureTomcat in
ws-core-4.0.8/share/globus_wsrf_common/tomcat/tomcat.xml
copies log4j-1.2.8.jar except GT 4.0.8 actually bundles
log4j-1.2.15.jar so it fails. You can just do
$ cp $GLOBUS_LOCATION/lib/log4j-1.2.15.jar $CATALINA_HOME/common/lib
This has been reported to Globus as a bug:
http://bugzilla.globus.org/globus/show_bug.cgi?id=6704
Tomcat 5.5 Connector and Valve
I also tested using Tomcat 5.5. The only difference is the additions
to the Tomcat conf/server.xml file. For 5.5 these were:
<Connector className="org.globus.tomcat.coyote.net.HTTPSConnector" port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" autoFlush="true" disableUploadTimeout="true" scheme="https" enableLookups="true" acceptCount="10" debug="0" protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol" socketFactory="org.globus.tomcat.catalina.net.BaseHTTPSServerSocketFactory" cert="/home/michaelj/security/coalcert.pem" key="/home/michaelj/security/coalkey.pem"/>
and
<Valve className="org.globus.tomcat.coyote.valves.HTTPSValve55"/>
Example errors, symptoms and cures
Server says proxy file is not found
If Tomcat doesn't start propertly then this might be the problem. You may see the following message in the Tomcat logs:
SEVERE: Endpoint ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8443] ignored exception: org.globus.common.ChainedIOException: Failed to init GSS context [Caused by: Defective credential detected [Caused by: Proxy file (/tmp/x509up_u505) not found.]]
This could be because you haven't specified certificate and key
information in the Connector in the
$CATALINA_HOME/conf/server.xml file e.g.:
<Connector className="org.globus.tomcat.coyote.net.HTTPSConnector" port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" autoFlush="true" disableUploadTimeout="true" scheme="https" enableLookups="true" acceptCount="10" debug="0"/>
So you could add this information e.g.:
<Connector className="org.globus.tomcat.coyote.net.HTTPSConnector" port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" autoFlush="true" disableUploadTimeout="true" scheme="https" enableLookups="true" acceptCount="10" debug="0" cert="/home/michaelj/security/coalcert.pem" key="/home/michaelj/security/coalkey.pem"/>
Server says Tomcat's secure port cannot access CA certificate directory
This could be manifested by a client as:
A problem has occured...
[1241167679100:0] uk.org.ogsadai.client.tookit.RESOURCE_COMMS_ERROR :
https://daiisi.epcc.
ed.ac.uk:8443/wsrf/services/dai/DataRequestExecutionService/DataRequestExecu
tionResource
; nested exception is:
java.net.SocketException: Connection reset
Connection reset
This can arise if the CA certificates are not in
/etc/grid-security (the default location) or are
not in the directory named in the cacert entry
of the Connector added to Tomcat's
$CATALINA_HOME/conf/server.xml file.
... cacertdir="/etc/grid-security/" ...
If specifying this value the exact directory name must be given. If
you put your CA certificates in
/etc/grid-security/certauthorities for example then this
is the directory you would need to cite. There is no support for
automatically searching the path for sub-directories.
Client raises a
readHandshakeToken exception
For example:
$ java uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient -u
https://localhost:8443/wsrf/services/dai -d MySQLDB -q "SELECT * FROM
littleblackbook WHERE id<10" -tls encrypt
DRER ID: DataRequestExecutionResource
Data Resource ID: MySQLDB
Base Services URL: https://localhost:8443/wsrf/services/dai
SQLQuery: SELECT * FROM littleblackbook WHERE id<10
Transport level security with privacy
Exception in thread "main" uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A problem occured initialising the server.
at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getDataRequestExecutionResource(Unknown Source)
at uk.org.ogsadai.client.toolkit.example.SQLClient.execute(Unknown Source)
at uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient.main(Unknown Source)
Caused by: java.io.EOFException
at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:56)
This could be because you are using Tomcat 5.5 but have added a Tomcat
5.0 Connector and Valve to the
$CATALINA_HOME/conf/server.xml file.
Client says that proxy file is not found
This can arise if running a client. For example:
$ java uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient
-u https://localhost:8443/wsrf/services/dai
-d MySQLDB -q "SELECT * FROM littleblackbook WHERE id < 10;" -tls
DRER ID: DataRequestExecutionResource
Data Resource ID: MySQLDB
Base Services URL: https://localhost:8443/wsrf/services/dai
SQLQuery: SELECT * FROM littleblackbook WHERE id < 10;
Transport level security with integrity
Exception in thread "main"
uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A
problem occured initialising the server.
at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getDataRequestExecutionResource(Unknown Source)
at uk.org.ogsadai.client.toolkit.example.SQLClient.execute(Unknown Source)
at uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient.main(Unknown Source)
Caused by: org.globus.common.ChainedIOException: Failed to init GSI
context [Caused by: Defective credential detected [Caused by: Proxy
file (/tmp/x509up_u505) not found.]]
at org.globus.net.GSIHttpURLConnection.connect(GSIHttpURLConnection.java:107)
at org.globus.net.GSIHttpURLConnection.getInputStream(GSIHttpURLConnection.java:151)
at java.net.URL.openStream(URL.java:913)
... 6 more
This is usually because a proxy certificate hasn't been created
for the client to use. One can be created using Globus's
grid-proxy-init command:
$ cd $GLOBUS_LOCATION $ ./bin/grid-proxy-init Your identity: C=UK,O=eScience,OU=Edinburgh,L=NeSC,CN=mike jackson Enter GRID pass phrase for this identity: Creating proxy, please wait... Proxy verify OK Your proxy is valid until Thu Mar 26 00:15:54 GMT 2009
Client says that there is no client transport named HTTPS
This can arise if running a client. For example:
java uk.org.ogsadai.client.toolkit.gt.eexample.GTSecureSQLClient -u https://localhost:8443/wsrf/services/dai -d MySQLDB -q "SELECT * FROM littleblackbook WHERE id<10" -tls encrypt DRER ID: DataRequestExecutionResource Data Resource ID: MySQLDB Base Services URL: https://localhost:8443/wsrf/services/dai SQLQuery: SELECT * FROM littleblackbook WHERE id<10 Transport level security with encryption A problem has occured... [1241105122782:0] uk.org.ogsadai.client.tookit.RESOURCE_COMMS_ERROR : https://localhost:8443/wsrf/services/dai/DataRequestExecutionService/DataRequestExecutionResource No client transport named 'https' found!
This is caused when the file client-config.wsdd, which
the client needs when communicating with an OGSA-dAI web service,
is not available in the CLASSPATH.
You should have set your CLASSPATH by running
setenv.bat or setenv.sh in
$OGSADAI_HOME. And you should have ended up with the
directory $OGSADAI_HOME/deploy/ in your
CLASSPATH.
If using Eclipse you should configure it to include the
directory $OGSADAI_HOME/deploy/ in your
CLASSPATH.
Client says that the server URL is invalid
This can arise if running a client. For example:
$ java uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient
-u https://localhost:8443/wsrf/services/dai
-d MySQLDB -q "SELECT * FROM littleblackbook WHERE id < 10;" -tls
DRER ID: DataRequestExecutionResource
Data Resource ID: MySQLDB
Base Services URL: https://localhost:8443/wsrf/services/dai
SQLQuery: SELECT * FROM littleblackbook WHERE id < 10;
Transport level security with integrity
Exception in thread "main"
uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A
problem occured initialising the server.
at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown Source)
at uk.org.ogsadai.client.toolkit.ServerProxy.getDataRequestExecutionResource(Unknown Source)
at uk.org.ogsadai.client.toolkit.example.SQLClient.execute(Unknown Source)
at uk.org.ogsadai.client.toolkit.gt.example.GTSecureSQLClient.main(Unknown Source)
Caused by: java.io.IOException: Internal Server Error
at
org.globus.net.GSIHttpURLConnection.getInputStream(GSIHttpURLConnection.java:176)
at java.net.URL.openStream(URL.java:913)
... 6 more
One cause for this could be if you have secured your server to expect TLS and privacy (encryption) but your client settngs are for TLS and integrity.
You should ensure your client is set for TLS and privacy too.
Client says GSI Transport (encryption only) authentication is required
This can arise if running a client. For example:
java uk.org.ogsadai.client.toolkit.gt. example.GTSecureSQLClient -u https://localhost:8443/wsrf/services/dai -d MySQLDB -q "SELECT * FROM littleblackbook WHERE id<10" -tls
DRER ID: DataRequestExecutionResource
Data Resource ID: MySQLDB
Base Services URL: https://localhost:8443/wsrf/services/dai
SQLQuery: SELECT * FROM littleblackbook WHERE id<10
Transport level security with integrity
A problem has occured...
[1241105083360:0] uk.org.ogsadai.client.tookit.RESOURCE_COMMS_ERROR : https://localhost:8443/wsrf/services/dai/DataRequestExecutionService/DataRequestExecutionResource
GSI Transport (encryption only) authentication required for "{http://ogsadai.org.uk/namespaces/2007/04/service/execution}execute" operation.
Activity: uk.org.ogsadai.SQLQuery
Status: null
Activity: uk.org.ogsadai.TupleToWebRowSetCharArrays
Status: null
Activity: uk.org.ogsadai.CharArraysResize
Status: null
Activity: uk.org.ogsadai.DeliverToRequestStatus
Status: null
One cause for this could be if you have secured your server to expect TLS and privacy (encryption) but your client settngs are for TLS and integrity.
You should ensure your client is set for TLS and privacy too.
Last updated: 05/08/2009 by Mike Jackson.