Toolkit initialization implications
Robert Olson
olson at mcs.anl.gov
Fri May 9 15:27:51 CDT 2003
I'll be committing AccessGrid.Toolkit soon. I wanted to drop folks a note
on how things may have to change in order to support some of what we want
to do.
The Venue client will have the following code in its initialization. Any
wx-based app that wants to use the certificate mgmt framework will have to
do something similar:
self.app = Toolkit.WXGUIApplication()
self.app.Initialize()
That's it; what that does is set up the cert mgmt infrastructure such that
it'll bring up the wx dialog to create a proxy if one is not available, and
it will set up the process's environment accordingly. The certificate menu
items are hooked in thusly:
gui = None
try:
mgr = Tookit.GetApplication().GetCertificateManager()
gui = mgr.GetUserInterface()
except:
log.exception("Cannot retrieve certificate mgr user interface,
continuing")
if gui is not None:
certMenu = gui.GetMenu(self)
self.menubar.Append(certMenu, "&Certificates")
Because this sets up the environment, any process that is created by the
client will run with these credentials *if* the process does not do any
other initialization.
However, I recommend that each of our apps should indeed perform explicit
initialization.
The following code is now in the venue server. identityCert and identityKey
are to be filenames, passed in on the command line (via the new --cert and
--key options). What this does, if the options are passed, is to initialize
the security environment to force the use of that cert/privkey for the
server's identity. Otherwise, it sets up the environment as "usual", but
uses a command-line interface to create a proxy if one is needed.
if identityCert is not None or identityKey is not None:
[sanity check elided]
#
# Init toolkit with explicit identity.
#
app = Toolkit.ServiceApplicationWithIdentity(identityCert, identityKey)
else:
#
# Init toolkit with standard environment.
#
app = Toolkit.CmdlineApplication()
app.Initialize()
If you want the app to explicitly inherit the environment, initialize like
this:
app = Toolkit.ServiceApplicationInheritIdentity()
app.Initialize()
I have not made the changes to the individual services. I recommend that as
part of the work to make them startable at boot that, like with the venue
server example above, they take command-line arguments for explicitly
setting the certificate and private key. I think the default of inheriting
environment should be fine; this is what the personalNode stuff currently
depends on and it appears to work fine.
--bob
More information about the ag-dev
mailing list