Task #1937 (closed)
Opened 14 years ago
Closed 14 years ago
Add ADH as default transport
| Reported by: | jamoore | Owned by: | jamoore |
|---|---|---|---|
| Priority: | n.a. | Milestone: | OMERO-Beta4.2 |
| Component: | Security | Version: | n.a. |
| Keywords: | n.a. | Cc: | jburel, cxallan |
| Resources: | n.a. | Referenced By: | n.a. |
| References: | n.a. | Remaining Time: | 0.0d |
| Sprint: | 2010-03-19 (5) |
Description (last modified by jmoore)
The primary challenge is testing that the configuration can gracefully fail (if permitted)
If SSL cannot be enabled at all times (because of plugins, etc?) then the following changes may be necessary:
- strip the "ssl ..." section out of Ice.Default.Router
- check for null ports in createSession
- check client(string) constructor argument for starts with "tcp " or "ssl "
Change History (10)
comment:1 Changed 14 years ago by jmoore
- Milestone changed from Unscheduled to OMERO-Beta4.2
- Sprint set to 2010-03-19 (5)
comment:2 Changed 14 years ago by jmoore
- Status changed from new to assigned
comment:3 Changed 14 years ago by jmoore
- Description modified (diff)
comment:4 Changed 14 years ago by jmoore
- Description modified (diff)
comment:5 Changed 14 years ago by jmoore
- Cc jburel cxallan added
comment:6 Changed 14 years ago by jmoore
comment:7 Changed 14 years ago by jmoore
comment:8 Changed 14 years ago by jmoore
comment:9 Changed 14 years ago by jmoore
comment:10 Changed 14 years ago by jmoore
- Component changed from General to Security
- Remaining Time changed from 1 to 0
- Resolution set to fixed
- Status changed from assigned to closed
From a security perspective, ADH is working fine, and for 4.2 we probably don't want to get into certificate based authentication, however it is too slow, described in #2099, which is scheduled for the next iteration.
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
A few points:
In [1]: import omero In [2]: c = omero.client("localhost") In [3]: print c.ic.getProperties() ... Ice.Default.Router=OMERO.Glacier2/router:ssl -p 4064 -h localhost:tcp -p 4064 -h localhost ... In [4]: s = c.createSession("root","ome") --------------------------------------------------------------------------- ConnectionRefusedException Traceback (most recent call last) /Users/omero/GlencoeSoftware.git/git/omero.git/dist/<ipython console> /Users/omero/GlencoeSoftware.git/git/omero.git/dist/lib/python/omero/clients.pyc in createSession(self, username, password) 382 "%s - createSession retry: %s"% (reason, retries) ) 383 try: --> 384 prx = self.getRouter(self.__ic).createSession(username, password) 385 break 386 except omero.WrappedCreateSessionException, wrapped: /opt/local/Library/Frameworks/Python.framework/Versions/2.4/lib/python2.4/site-packages/Glacier2_Router_ice.pyc in createSession(self, userId, password, _ctx) 102 103 def createSession(self, userId, password, _ctx=None): --> 104 return _M_Glacier2.Router._op_createSession.invoke(self, ((userId, password), _ctx)) 105 106 def createSessionFromSecureConnection(self, _ctx=None): ConnectionRefusedException: Ice.ConnectionRefusedException: Connection refused In [6]: c = omero.client("localhost", 4063) In [7]: s = c.createSession("root","ome") In [8]: s.ice_getRouter() Out[8]: OMERO.Glacier2/router -t:ssl -h localhost -p 4063:tcp -h localhost -p 4063