Monday, May 19, 2008

...About that secure access

Unfortunately, I spoke too soon... after testing a bit more... I found that Tomcat was still getting errors when trying to connect to a secure globus container port...

Ferreting things out from a few logs... I get this error: PKIX path building failed: unable to find valid certification path to requested target.

For some reason, the handshake works just fine when run from the command line... but when invoked from within the tomcat container... the certification credentials cannot be found. And I am not familiar enough with how tomcat security prefers to work to know what to try next.

Some web searching suggested that the public key of the computer I am trying to connect-to be added to the key-store... but I couldn't figure out the keystore password... and furthermore it bothers me that I can run a client making secure connections from the command line when logged in as the globus user, but that tomcat running as the globus user cannot.

I caught Alastair a bit and asked him about it, and he alluded to adding the server to tomcat in some way, and also posed the issue that if we had to add servers, it would make it very difficult to keep track of all the nodes in the grid from the JSP client perspective. Thus, some authentication discovery schemes will probably need to be thought through... they will probably be similar to something like Grid-Proxy that Dan is researching. Perhaps some sort of Kerberos or LDAP schemes can be adapted here.

Otherwise, I got SVN working a bit better in eclipse, but I still want to look at intelliJ and see how well it deals with JSP projects and the like.

No comments: