[AG-DEV] Identity certificates
Luis Galárraga
lgalarra at fiec.espol.edu.ec
Wed Apr 2 15:33:01 CDT 2008
No, because the program crashes at
org.apache.axis2.client.OperationClient.execute that is when the soap
message is sent. wsdl2java generates by default synchronous and asynchronous
calls. We have tested the synchronous versions and the program always
crashes at that point.
2008/4/2, Thomas D. Uram <turam at mcs.anl.gov>:
>
> Are you able to view the SOAP data being returned by the VenueServer to
> your code?
>
>
>
> On 4/2/08 2:39 PM, Luis Galárraga wrote:
>
> Greetings Tom:
>
> We have not been able to consume the services yet. I have generated stub
> and test classes for VenueServer, Venue and VenueClient interfaces. We have
> started by testing the simplest methods: Checkpoint and GetVersion (they are
> configured to be accessed by everybody). Using VenueServer or VenueClient, I
> get:
>
> Exception in thread "main" org.apache.axis2.AxisFault: Processing Failure
> > at
> > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
> > at
> > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> > at
> > org.accessgrid.www.v3_0.venueclient.VenueClientStub.GetVersion(VenueClientStub.java:3587)
> > at
> > test.org.accessgrid.www.v3_0.venueclient.VenueClientTest.main(VenueClientTest.java:597)
> >
>
> The soap request message is:
>
> <?xml version='1.0' encoding='utf-8'?>
> > <soapenv:Envelope xmlns:soapenv="
> > http://schemas.xmlsoap.org/soap/envelope/">
> > <soapenv:Body>
> > <ns2:CheckpointRequest xmlns:ns2="
> > http://www.accessgrid.org/v3.0/venueserver">
> > <ns2:secondsFromNow>12</ns2:secondsFromNow>
> > </ns2:CheckpointRequest>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
>
> Checking the log in the server (in debug mode), I just get:
>
> 04/02/08 14:34:56 -1286157424 Hosting ServiceContainer.py:17 ERROR
> > Processing Failure
> > None
> >
>
> The log message is not verbose and I do not know the code, but I suspect
> there is something missing in my request.
>
> Luis,
>
> 2008/4/2, Luis Galárraga <lgalarra at fiec.espol.edu.ec>:
> >
> > Thanks Tom, in fact I am working now in getting the exact SOAP messages
> > being sent. I will check the log files of the server.
> >
> > Luis,
> >
> > 2008/4/2, Thomas D. Uram <turam at mcs.anl.gov>:
> > >
> > >
> > >
> > > On 4/1/08 5:15 PM, Luis Galárraga wrote:
> > >
> > > Greetings:
> > >
> > > Finally, I could generate stubs for AG soap interfaces
> > > (CommunityVenueServer, VenueServer, Venue and VenueClient) using wsdl2java
> > > with files *Binding.wsdl. I used wsdl files located in CVS repository
> > > instead of requesting wsdl from server. Now I have several questions:
> > >
> > > - There was a file generate.py which I ran and generated extra wsdl
> > > files: CommunityServerBinding.wsdl and CommunityServerInterface.wsdl. What
> > > is CommunityServer service for? Searching in Google I understood that it has
> > > security purposes but reading the generated code I cannot deduce its
> > > function. Does this service accept requests in the same port as VenueServer?
> > >
> > >
> > > You can ignore the CommunityServer code. That was preliminary and is
> > > not being used.
> > >
> > >
> > > - I configured my server (proyectossw.espol.edu.ec:8000) to accept
> > > GetVersionRequests for everybody. But when I invoked this method for any
> > > stub, I get the following message (in this case with VenueClientStub. Those
> > > examples pointed to localhost so I changed them for my server url):
> > >
> > > Exception in thread "main" org.apache.axis2.AxisFault: Processing
> > > Failure
> > > at
> > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
> > > at
> > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
> > > at
> > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
> > > at
> > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
> > > at
> > > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> > > at
> > > org.accessgrid.www.v3_0.venueclient.VenueClientStub.GetVersion(VenueClientStub.java:3586)
> > > at
> > > test.org.accessgrid.www.v3_0.venueclient.VenueClientTest.testGetVersion(VenueClientTest.java:352)
> > > at
> > > test.org.accessgrid.www.v3_0.venueclient.VenueClientTest.main(VenueClientTest.java:584)
> > >
> > > I can't determine anything from this error message, unfortunately.
> > > Have you looked at the VenueServer log following this call? Can you look at
> > > the SOAP data between the server and client, to get an idea of the problem?
> > >
> > >
> > > Does anybody have an idea? Thanks in advance.
> > >
> > > Luis,
> > >
> > >
> > > 2008/3/28, Luis Galárraga <lgalarra at fiec.espol.edu.ec>:
> > > >
> > > > It looks like there is a problem with WSDL, as I get the following
> > > > error when using WSDL2Java, the tool that comes with Axis distribution. I am
> > > > using the file obtained by requesting
> > > > https://proyectossw.espol.edu.ec:8000/Venues/default?WSDL
> > > > The server is using AccessGrid 3.1.
> > > >
> > > > $ ./wsdl2java.sh -uri Venue.wsdl Using AXIS2_HOME:
> > > > > /home/luis/Desktop/axis2-1.3
> > > > > Using JAVA_HOME: /usr/lib/jvm/java-6-sun-1.6.0.03/
> > > > > Exception in thread "main"
> > > > > org.apache.axis2.wsdl.codegen.CodeGenerationException: Error parsing WSDL
> > > > > at
> > > > > org.apache.axis2.wsdl.codegen.CodeGenerationEngine.<init>(CodeGenerationEngine.java:150)
> > > > > at org.apache.axis2.wsdl.WSDL2Code.main(WSDL2Code.java:35)
> > > > > at org.apache.axis2.wsdl.WSDL2Java.main(WSDL2Java.java:24)
> > > > > Caused by: javax.wsdl.WSDLException: WSDLException (at
> > > > > /definitions/types): faultCode=INVALID_WSDL: Encountered illegal extension
> > > > > attribute 'targetNamespace'. Extension attributes must be in a namespace
> > > > > other than WSDL's.
> > > > > at
> > > > > com.ibm.wsdl.xml.WSDLReaderImpl.parseExtensibilityAttributes(Unknown Source)
> > > > > at com.ibm.wsdl.xml.WSDLReaderImpl.parseTypes(Unknown
> > > > > Source)
> > > > > at
> > > > > com.ibm.wsdl.xml.WSDLReaderImpl.parseDefinitions(Unknown Source)
> > > > > at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown
> > > > > Source)
> > > > > at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown
> > > > > Source)
> > > > > at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown
> > > > > Source)
> > > > > at
> > > > > org.apache.axis2.wsdl.codegen.CodeGenerationEngine.readInTheWSDLFile(CodeGenerationEngine.java:286)
> > > > > at
> > > > > org.apache.axis2.wsdl.codegen.CodeGenerationEngine.<init>(CodeGenerationEngine.java:105)
> > > > > ... 2 more
> > > > >
> > > >
> > > > Regards,
> > > > Luis
> > > >
> > > > 2008/3/28, Thomas D. Uram <turam at mcs.anl.gov>:
> > > > >
> > > > > AG2 did rely on the Globus toolkit.
> > > > >
> > > > > AG3 does not rely on the Globus toolkit. We are using Doc-Lit
> > > > > SOAP via Python ZSI (pywebsvcs.sourceforge.net). You should be
> > > > > able to consume these services using other-language SOAP implementations.
> > > > > If not, something is wrong with our WSDL, ZSI, or your other-language SOAP
> > > > > implementation. I'll follow up on your other mail regarding the error
> > > > > message you're getting.
> > > > >
> > > > > For what it's worth, I know other people have consumed the AG web
> > > > > services using a Java SOAP implementation (you should be able to find
> > > > > information about this in the mailing list archives).
> > > > >
> > > > > Tom
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On 3/27/08 6:53 PM, Luis Galárraga wrote:
> > > > >
> > > > > Thanks a lot for your help!!. We understand AG a little better now
> > > > > :-)
> > > > >
> > > > > Another question: we are trying to consume Venue and VenueServer
> > > > > web services without success. Now, I understand that as AccessGrid relies on
> > > > > Globus Toolkit (I have heard about it before, but I understand it better) we
> > > > > need to construct clients compatible with it. Using JAX-WS (used by Netbeans
> > > > > IDE) is not a good idea. Am I in the right way??
> > > > >
> > > > > Luis,
> > > > >
> > > > > 2008/3/27, Thomas D. Uram <turam at mcs.anl.gov>:
> > > > > >
> > > > > > Luis:
> > > > > >
> > > > > > See responses inline.
> > > > > >
> > > > > > On 3/14/08 3:24 PM, Luis Galárraga wrote:
> > > > > >
> > > > > > Greetings Tom:
> > > > > >
> > > > > > First of all, thanks again for your help, I have several
> > > > > > questions, this time related to server certificates. Do the things we were
> > > > > > talking about identity certificates apply to server certificates?. We have a
> > > > > > developer who is working in consuming AG server web services from a Java
> > > > > > Client. He would like to work at home, but unfortunately our request for
> > > > > > opening certain tcp ports was denied because of security issues. I told him
> > > > > > to run server and client in his machine. I had to make a server certificate
> > > > > > request to be able to run the server first time:
> > > > > > - Is it possible to omit this step?.
> > > > > >
> > > > > > The server does require a certificate; this requirement cannot
> > > > > > be avoided.
> > > > > >
> > > > > > - If not, is it possible to create it with a tool like openssl.
> > > > > > When starting server from terminal, it asks for a certificate.
> > > > > >
> > > > > > You can build up the required certificate state completely
> > > > > > independent from the Access Grid Developers CA if you want. In that case,
> > > > > > you'll have to make sure that the CA cert is installed at both the server
> > > > > > and at client machines. And the CA cert will have to be used to sign the
> > > > > > certificate used to run the server. This is standard PKI practice, so you
> > > > > > should be able to find sufficient references online. If you have trouble,
> > > > > > please ask.
> > > > > >
> > > > > > - Is there a way of exporting a certificate from command line. I
> > > > > > have a problem with the certificate management tool (it crashes
> > > > > > unexpectedly. I reported it and there is someone working to provide you a
> > > > > > better report) so I cannot do it through graphical interface.
> > > > > >
> > > > > > You can use certmgr.py. In some cases, it will be called
> > > > > > certmgr3.py. After running it, type 'help' for a list of available
> > > > > > commands.
> > > > > >
> > > > > >
> > > > > > Regards,
> > > > > > Luis
> > > > > >
> > > > > >
> > > > > >
> > > > > > 2008/3/13, Thomas D. Uram <turam at mcs.anl.gov>:
> > > > > > >
> > > > > > > Hi Luis:
> > > > > > >
> > > > > > > There are a few things you need to know in this regard:
> > > > > > >
> > > > > > > - By default, AG3 venues do not require that clients have a
> > > > > > > certificate
> > > > > > > to enter. Venues can be optionally configured to require a
> > > > > > > certificate,
> > > > > > > in which case the user must present a certificate that
> > > > > > > satisfies the
> > > > > > > access controls on the venue.
> > > > > > >
> > > > > > > - You can run your own CA and issue your own certificates. In
> > > > > > > that
> > > > > > > case, you'll need to make sure your clients have both your CA
> > > > > > > certificate and their personal certificate.
> > > > > > >
> > > > > > > Otherwise, this is general PKI. If you have other questions,
> > > > > > > don't
> > > > > > > hesitate to ask.
> > > > > > >
> > > > > > > Tom
> > > > > > >
> > > > > > >
> > > > > > > On 3/6/08 3:41 PM, Luis Galárraga wrote:
> > > > > > > > Greetings:
> > > > > > > >
> > > > > > > > I am part of project for developing a webinar
> > > > > > > infraestructure based on
> > > > > > > > Access Grid. After a long discussion in which suggestions in
> > > > > > > this
> > > > > > > > mailing list were strongly considered, we have decided to
> > > > > > > implement a
> > > > > > > > simple client for venues (in servers 3.x) using Java Web
> > > > > > > Start Apps.
> > > > > > > > As you can see, there are many things to do, and developers
> > > > > > > have
> > > > > > > > started by making tests with the soap interfaces in the our
> > > > > > > AG server,
> > > > > > > > however they are not clear about the concepts behind the
> > > > > > > > authentication process. We know AG uses digital certificates
> > > > > > > for
> > > > > > > > everything: users and services and those certificates are
> > > > > > > generated by
> > > > > > > > AG developers (after a process request). Can our developer
> > > > > > > team
> > > > > > > > generate certificates signed by us or it is required your
> > > > > > > sign?
> > > > > > > > Several people in our university will probably use the
> > > > > > > system so we
> > > > > > > > would like to have the privilege to generate the
> > > > > > > certificates. Could
> > > > > > > > someone explain us in a better way, the technical issues
> > > > > > > behind
> > > > > > > > authentication based on certificates (= how you implemented
> > > > > > > it)?. I
> > > > > > > > hope you can help us.
> > > > > > > >
> > > > > > > > Thanks in advance,
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > Luis Galárraga
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/ag-dev/attachments/20080402/a6c7cd1b/attachment.htm>
More information about the ag-dev
mailing list