April 2007

This idea came from the need to always have see the status of the AliEn Grid without having to keep several windows with the repository pages open all the time. After some googling around I found this excellent tutorial that made everything clear. The principle is very simple, you have a layout specified in XML, add some JavaScript for the actual work and make everything nice with CSS.

Here is a short step-by-step for enabling ssl in tomcat + enforcing user certificates from CERN.

First you have to create a host certificate. See https://ca.cern.ch/ca/HostCertificates/ManageHostCertificates.aspx for this.

Download the Base64 files. You should now have: privkey.pem (your private key) and newcert.cer (CERN signed).


Sometimes it’s easier to use server based authentication than to implement your own authentication. Just write some lines in some xml and everything works.
But what if your users don’t respect all the rules for a standard tomcat authentication?

The smart guys from Tomcat have a solution for that. You can write your own Realm Authentication.

In my case I needed a SSL + LDAP authentication. Tomcat has standard authentication for each one, but not combined.
The SSL certificate provides an username that must be verified in the LDAP (if the user has the right permissions).

A Realm authentication is defined by the org.apache.catalina.Realm interface. But it’s easier to extend RealmBase and override some methods instead of implementing Realm.