Imagine you have a web site in some language (!=en) where you have some special characters (letters + some modifiers). Add some SEO requirements (links ending in .html, URL should contain the article title) and you get a big headache. Or you want to provide search capabilities that would match the text no matter if the user inputs the correct spelling (special characters) or the simplified (ASCII-like) words.

ALICE has come up with a special request from the monitoring system. They want to have DNS-based load balancing of the central services, taking into account the monitoring information. Since all the monitoring is written in Java it would be nice to have the DNS server also in Java.

This idea came from the need to always have see the status of the AliEn Grid without having to keep several windows with the repository pages open all the time. After some googling around I found this excellent tutorial that made everything clear. The principle is very simple, you have a layout specified in XML, add some JavaScript for the actual work and make everything nice with CSS.

Here is a short step-by-step for enabling ssl in tomcat + enforcing user certificates from CERN.

First you have to create a host certificate. See for this.

Download the Base64 files. You should now have: privkey.pem (your private key) and newcert.cer (CERN signed).


Sometimes it’s easier to use server based authentication than to implement your own authentication. Just write some lines in some xml and everything works.
But what if your users don’t respect all the rules for a standard tomcat authentication?

The smart guys from Tomcat have a solution for that. You can write your own Realm Authentication.

In my case I needed a SSL + LDAP authentication. Tomcat has standard authentication for each one, but not combined.
The SSL certificate provides an username that must be verified in the LDAP (if the user has the right permissions).

A Realm authentication is defined by the org.apache.catalina.Realm interface. But it’s easier to extend RealmBase and override some methods instead of implementing Realm.