ESnetESnetNetworking for Science
⨠MyESnet
Services

Contact Us

Technical Assistance:

1 800-33-ESnet (Inside the US)
1 800-333-7638 (Inside the US)
1 510-486-7600 (Globally)
1 510-486-7607 (Globally)

Report Network Problems:

trouble@es.net

Provide Web Site Feedback:

info@es.net

FAQ

Installation

I installed the rampart.mar file in webapps/axis2/WEB_INF/modules and get the following error on startup:

[ERROR] The rampart-SNAPSHOT.mar module, which is not valid, caused org.apache.rampart.Rampart
org.apache.axis2.deployment.DeploymentException: org.apache.rampart.Rampart

This is because the axis2 1.4 default .war does NOT include some libraries Rampart needs. And, due to Axis2's special classloaders, placing those libraries in the Tomcat shared library folder won't work. Locate the following files:

From rampart-SNAPSHOT or the distribution lib/axis2:

  • bcprov-jdk15-140.jar   
  • opensaml-1.1.jar    
  • rampart-core-SNAPSHOT.jar   
  • rampart-trust-SNAPSHOT.jar  
  • rampart-policy-SNAPSHOT.jar 
  • wss4j-SNAPSHOT.jar
  • xmlsec-1.4.1.jar       
  • Copy all the above to CATALINA_HOME/webapps/axis2/WEB-INF/lib/, and restart Tomcat. Rampart should work now. Note: Use the conf/axis2/axis2_build.sh script to build a correct axis2.war.

Alternatively build an axis2.war file that contains rampart.

  • Download the axis2 1.4.1standard binary distribution and the rampart 1.4 packages from Apache and unzip them in a common directory.
  • Set the AXIS2_HOME environment variable to the directory in which axis2 was put.
  • Run ant in the rampart-1.4  directory. This will copy the rampart jars to axis2 lib.
  • In the axis2-1.4.1/webapp directory, edit the create.war target in build.xml to remove the lines:
      <exclude name="axis2-adb-codegen*.jar"/>
      <exclude name="axis2-codegen*.jar"/>
      <exclude/>
  • Then run ant to create an axis2.war file that includes rampart and its required classes.
  • Install the axis2.war in $CATALINA_HOME/webapps.

The service cannot be found for the endpoint reference (EPR) https://<host>:<port>/axis2/services/OSCARS

The OSCARS.aar has not been deployed to $CATALINA_HOME/webapps/axis2/WEB-INF/services. Or if it has been copied there,  you may need to restart the Tomcat server to get it deployed by axis.

 

Configuration

File not found: SESSIONS.ser

I get the following error when Tomcat is shut down.

[ERROR] org.apache.catalina.session.ManagerBase -  IOException while saving persisted sessions: java.io.FileNotFoundException: /usr/local/apache-tomcat-5.5.25/work/Catalina/localhost/axis2/SESSIONS.ser (No such file or directory)

java.io.FileNotFoundException: /usr/local/apache-tomcat-5.5.25/work/Catalina/localhost/axis2/SESSIONS.ser (No such file or directory)

Uncomment out the last line in conf/context.xml

<!-- Uncomment this to disable session persistence across Tomcat restarts -->

<Manager pathname="" />

 

Maintenance  

I ran ant deployall to compile and deploy a new version of the code, but my changes aren't showing! What's wrong?

  • Remember to shut down Tomcat and kill all the core processes before deploying, then start them again. The oscars.sh script should do this for you, but it depends on finding the PIDs for the various processes and sometimes fails to kill everything.

 I want to back up OSCARS. How do I do this?

  • First, stop Tomcat and the scheduler process. Then, back up the bss and aaa MySQL databases with your favorite MySQL backup tool like mysqldump.

Security

unable to find valid certification path to requested target

I am trying to test the service interface from a client on the server machine. I am using the server url of https://localhost:8443/axis2/services/OSCARS and get the following error:

I/O exception (org.apache.axis2.AxisFault) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If you configure your server to listen on an http port as well as https you can test it using plain http. See conf/server.xml to configure the ports on which Tomcat is listening.

For SSL to work, the issuer of the certificate that is in Tomcat's keystore (defined in conf/server.xml) must be in the client's repo/ssl-keystore.jks. If you are using a self-signed certificate for Tomcat the certificate itself must be in repo/ssl-keystore.jks. You can use keytool to export the certificate from Tomcat's keystore and import it into the client ssl-keystore. Use keytool -help to tell you how to do this.

org.apache.ws.security.WSSecurityException: General security error (Error during certificate path validation: timestamp check failed)

I get the the following error when trying to connect to an OSCARS web service

hopishib.internet2.edu:8443/axis2/services/OSCARSWSHandler: Certificate path verification failed for certificate with subject CN=oscars/oscars-dev.es.net, OU=Services, DC=doegrids, DC=org; nested exception is: 
       org.apache.ws.security.WSSecurityException: General security error (Error during certificate path validation: timestamp check failed); nested exception is: 
       java.security.cert.CertPathValidatorException: timestamp check failed

Check to see if the certificate for the issuer for the offending certificate is expired in the 
shared/classes/sec-security.jks keystore for the target web service.

Error in signature with X509Token

Will occur when the alias specified in rampConfig.xml does not have KeyEntry in OSCARS.jks. Can also occur if the keyPassword for an entry is different from the keyStore password.

java.io.IOException: Keystore was tampered with, or password was incorrect

The password in rampConfig.xml does not match the one in OSCARS.jks

WSDoAllReceiver: security processing failed (actions mismatch)

You are talking to a server which is using a different security policy. The DCN IDC release 0.4.1 is not protocol compatible with earlier releases.

Web Interface

When you first go to the OSCARS web site, you get an incomplete login page.

This may be caused by your browser timing out before everything is loaded. A solution is to manually download the file lib/dojo/dojo/dojo.js

 

Web Service

ClassNotFoundException: org.hibernate.hql.ast.HqlToken

encountered when a createReservation is attempted via the API.

copy the file dcn-software-suite-0.3/idc/lib/antlr-2.7.6.jar to either $CATALINA_HOME/shared/lib or $CATALINA_HOME/webapps/axis2/WEB-INF.
The hibernate class ast.HqlToken extends a class from antlr which seems to cause problems on some installations. It probably has something to do with the axis2 class loaders, but we haven't figured out what. The jar is part of the OSCARS.aar and should be found from there, but in some cases it is not.

Error messages

[Under Construction]