The following are the minimal steps and requirements to install the IE module in Apache Tomcat container.

Requirements:

1. Java JDK 5 or above.
2. Apache Ant 1.7.
3. Apache Tomcat 5.5.*
4. CATALINA_HOME, JAVA_HOME, ANT_HOME environment variables must be set.
5. (Apache Axis is included with the IE.)

Enabling grid security (applies only to Linux systems, preferably RH Enterprise based, e.g. Scientific Linux). Host certificates must be installed on the machine that will run IE.

1. Setup your yum/apt system to retrieve packages from the LCG repository, both lcg-CA and glite-UI. E.g.:

[glite-UI]

name=gLite 3.1 User Interface

baseurl=http:////linuxsoft.cern.ch/EGEE/gLite/R3.1/glite-UI/sl4/i386/// enabled=1 [CA] name=CAs baseurl=http://linuxsoft.cern.ch/LCG-CAs/current//

enabled=1

1. Install fetch-crl and lcg-CA packages using yum/apt.
2. Create a cron script to automatize clr-refreshing. E.g.:

/etc/cron.daily/fetch-crl.sh:

CRLDIR=${X509_CERT_DIRetc/grid-security/certificates}

/usr/sbin/fetch-crl –loc ${CRLDIR} –out \

${CRLDIR} –no-check-certificate 2>&1 1>/dev/null

Remember to chmod (executable) the created file. It is recommendable to test-run the script immediately.

1. Also, you must obtain the hostcert and the hostkey from a valid CA. Copy the cert and the key into the /etc/grid-security directory (created when doing the above operations) with the correct permissions (400 for the key, 644 for the cert.)
2. Import the certificate from your VOMS server.

- Edit build.properties:

- Set the target folder for the compiled classes, created jars and generated javadocs (e.g. project.build=build).

- Set the name for the project (e.g. project.name=testIE) This is the name of both the project, of the webapp under which it will be deployed and it is part of the URL for the web-service.

- Set the host name (e.g. host.name=somehost.somedomain.)

- Set the port number on which the IE will run. (e.g. port.no=8080 for usecure-http or 8443 for secure-https). That is the same port number on which your Tomcat will run.

- Set security flag to enable/disable the grid security (e.g. security=true.) Port number must be set accordingly and if set to true, configure tomcat security.

- Set jms.provider.path pointing to the directory where your jms provider libraries reside.

1. Edit config/jndi.properties to set your JMS configuration. (Sample configuration and basic instructions are included in the given file.)

1. Run ant to see all the available tasks. Execute “ant deploy-all” to build the IE application and deploy it to Tomcat. If you wish to have javadocs, run “ant docs”. Generated javadocs may be seen in build/docs.

- Configure Tomcat to enable https by editing $CATALINA_HOME/conf/server.xml. Add the following:

 <!-- gLite https for IE delegation. -->
 <Connector  port="8443"
     maxThreads="150"
     minSpareThreads="25"
     maxSpareThreads="75"
     enableLookups="false"
     disableUploadTimeout="true"
     acceptCount="100"
     debug="0"
     scheme="https"
     secure="true"
     clientAuth="true"
     sslProtocol="TLS"
     sslCAFiles="/etc/grid-security/certificates/*.0"
     crlFiles="/etc/grid-security/certificates/*.r0"
     sslKey="$CATALINA_HOME/conf/hostkey.pem"
     sslCertFile="$CATALINA_HOME/conf/hostcert.pem"
     sSLImplementation="org.glite.security.trustmanager.tomcat.TMSSLImplementation" />

Beware that the sslKey and sslCertFile must be readable by the user that runs Tomcat. If possible, link (not symbolic!) the certificate and the key (see above, point 4 of security requirement) to the same-name files in $CATALINA_HOME/conf/. Set the correct ownership and permissions. It is advisable to disable http (non-secure) connections.

1. (Re)Start your Tomcat server.

1. You should register your IE in the VO's BDII or list it among the static resources of the VCR's mceinstruments module.