[gt-user] GSI-Problem with client running on tomcat

Tue, 10 Jun 2008 09:07:55 -0700 

Hi folks,

we are trying to implement an OGSA-DAI client that runs within a
web service in a Tomcat container. Our client code works well
"standalone", but as soon as we deploy it into our web service,
something is broken, probably concerning the classpath. Instead of the
GSI-APIs from Globus the Java built-in SSL implementation seems to be used.
As the problem seems to be on the GSI-Level, I post to this list instead of the OGSA-DAI List (My colleague will try there ;) ). 

Has anyone any pointers on how to fix this?



On the client (running in Tomcat) we get the following errors:


uk.org.ogsadai.client.toolkit.exception.ServerURLInvalidException: A
problem occured initialising the server.
       at uk.org.ogsadai.client.toolkit.ServerFactory.getWSDL(Unknown
Source)
       at uk.org.ogsadai.client.toolkit.ServerFactory.getServer(Unknown
Source)
       at uk.org.ogsadai.client.toolkit.ServerProxy.getServer(Unknown
Source)
       at
uk.org.ogsadai.client.toolkit.ServerProxy.getDataRequestExecutionResource(Unknown
Source)
       at
org.deegree.io.datastore.grid.SQLClient.setupDRER(SQLClient.java:85)
       at
org.deegree.io.datastore.grid.SQLClient.performQuery(SQLClient.java:215)
       at
org.deegree.io.datastore.grid.OGSADatastore.performQuery(OGSADatastore.java:97)
       at
org.deegree.ogcwebservices.wfs.GetFeatureHandler$QueryTask.call(GetFeatureHandler.java:373)
       at
org.deegree.ogcwebservices.wfs.GetFeatureHandler$QueryTask.call(GetFeatureHandler.java:351)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) 
       at java.util.concurrent.FutureTask.run(FutureTask.java:138)
       at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
       at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
       at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.S
unCertPathBuilderException: unable to find valid certification path to
requested target
       at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
       at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
       at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
       at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
       at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
       at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
       at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
       at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
       at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
       at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
       at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
       at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
       at java.net.URL.openStream(URL.java:1009)
       ... 14 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to
find valid certification path to requested target
       at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
       at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
       at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
       at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
       at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) 
       at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
       ... 32 more




The server logs in the container.log

2008-06-10 10:40:47,993 ERROR container.GSIServiceThread
[ServiceThread-47,process:147] Error processing request
Authentication failed. Caused by Failure unspecified at GSS-API level.
Caused by COM.claymoresystems.ptls.SSLCaughtAlertException: Unknown
certificate processing problem
[...]

--
M.Sc. Ralf Groeper, Research Associate
Regionales Rechenzentrum fuer Niedersachsen (RRZN)
Gottfried Wilhelm Leibniz Universitaet Hannover
Contact: http://www.rrzn.uni-hannover.de/groe.html

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to