Rmi-iiop authentication and EJB
In WL6.1, I have an Ejb with secured methods. The (Swing) client application accesses the Ejb through rmi-iiop using the JDK1.3.1 Orb.
Unfortunately, it seems that the caller identity (which was supplied in the InitialContext lookup) is not propagated
to the server: any call to a secured method
fails with a CORBA NO_PERMISSION Exception.
Using the t3 protocol the program works fine, but that would require the 25Mb weblogic.jar on all clients, which is unattainable for us.
Any ideas how this situation can be corrected?
-Allard Siemelink
Hello Allard,
My only suggestion (and you have probably looked at this already) would be to
use the Verbosetozip utility, refer to http://e-docs.bea.com/wls/docs61////adminguide/utils.html#1117405
for more information.
Kind Regards,
Richard Wallace
Senior Developer Relations Engineer
BEA Support.
Allard Siemelink <[email protected]> wrote:
In WL6.1, I have an Ejb with secured methods. The (Swing) client application
accesses the Ejb through rmi-iiop using the JDK1.3.1 Orb.
Unfortunately, it seems that the caller identity (which was supplied
in the InitialContext lookup) is not propagated
to the server: any call to a secured method
fails with a CORBA NO_PERMISSION Exception.
Using the t3 protocol the program works fine, but that would require
the 25Mb weblogic.jar on all clients, which is unattainable for us.
Any ideas how this situation can be corrected?
-Allard Siemelink
Similar Messages
-
[att1.html]
I've been fighting the same issues over the past few days. The answer you gave still left me
wondering which tool to use. Should it be rmi -iiop or ejbc -iiop? I get the idl files on
WLS 5.1 generated but then I can't get the idlj to execute properly on the generated
HelloHome.idl and Hello.idl.
Wayne
Andy Piper wrote:
Abhishek <[email protected]> writes:
But How do I write Rmi - iiop clients for EJBs.
when I try to generate the IDL for my EJB by running the weblogic.rmic utility I get an
error that none of my classes ( Remote, Home and Impl ) implement the remote
interface. Which is true as EJBs do not directly implement the remote interface.You may be able to get this to work with WLS6.0SP1 and the
-idlMethodSignatures flag. Take a look at the methods target in
examples/rmi_iiop/ejb/generic_idl or at
examples/rmi_iiop/ejb/simplified_idl. This all works fine in
Silversword.
andy -
RMI-IIOP, C++ and mobile code
Hi,
I'd like to know whether it is possible to use RMI-IIOP [1] to connect a Java component to a C++ component on a remote end and use "mobile code" [2]. In other words, a C++ client connects to a remote Java component, downloads a class file and executes it locally. On the flip side, a C++ component uploads a class file to a Java end for remote execution.
I see much discussion about the value of RMI-IIOP for connecting Java and C++ components but I see little value for this if you lose the "mobile code" capability. What are the advantages of using RMI vs RMI-IIOP vs "web services"? Am I missing something?
Thank you,
Gili
[1] http://java.sun.com/products/rmi-iiop/
[2] http://en.wikipedia.org/wiki/Mobile_codeI'd like to know whether it is possible to use RMI-IIOP [1] to connect a Java component to a C++ component on a remote endYes, provided you start with a Java interface and generate IDL from that.
and use "mobile code" [2]. In other words, a C++ client connects to a remote Java component, downloads a class file and executes it locally. On the flip side, a C++ component uploads a class file to a Java end for remote execution.C++ can execute or create Java objects via JNI but that implies a JVM anyway at the C++ end, so why not just use Java? IOW it's a lot of trouble for nothing.
I see much discussion about the value of RMI-IIOP for connecting Java and C++ components but I see little value for this if you lose the "mobile code" capability.All the rest of RMI and Corba is 'little'? -
Authentication and EJB Providers in Apache SOAP 2.0
Has anyone tried to modify the latest Apache SOAP code to pass the rpcrouter
servlet Basic Authentication information (from HTTPSession) on to the JNDI
initial context in the Stateless Session EJB Provider code (i.e. impersonate
the authenticated http user for EJB calls)? I am thinking about allowing
SOAP users to inherit the EJB deployment descriptor access control setup.
Dan MeanyWith the link attached.
Hi Denes, This is a configuration for configuring mod_auth_sspi on Apache 2.2 (and proxy to the EPG) I haven't tried 2.0 but I'm pretty sure it should work in the same way.
Re: NTLM Authentication
Rob.. -
The web docs talk about modifying RMI/IIOP applications to use WTC.
Just need a confirmation that RMI/IIOP calls to EJBs in WLS will not be
transactional. That XA transactions will require the ATMI interface to
Tuxedo EJBs. (Beta in WLS 6.1)Carl,
I for one would be interested to hear how you are using the Tuxedo/WTC (I
assume you mean Java ATMI) in your application. We need some feedback here
in development land so that we can see which things you like about jATMI and
which things you like less...
Of course, anyone using jATMI can reply as well...
John Wells (Aziz)
[email protected]
[email protected]
"Carl Lawstuen" <[email protected]> wrote in message
news:3bba357d$[email protected]..
Thanks for the clarification. While we will need to support CORBA style
access at some time, the Tuxedo/WTC interface fits nicely in our current
legacy to WLS architecture.
"Andy Piper" <[email protected]> wrote in message
news:[email protected]..
"Carl Lawstuen" <[email protected]> writes:
Yes, the ATMI interface to WTC should be transactional.
But I would assume that RMI/IIOP applications that uses WTC for access
to
WLS naming service would not be transactional due to limitations in
the
RMI/IIOP specification regarding transactions.
Just looking for confirmation that BEA has not done anything to make
RMI/IIOP calls into WLS transactional.RMI-IIOP calls over wtc (i.e. RMI-TGIOP) are transactional and
secure. RMI-IIOP calls over vanilla IIOP are not transactional, but
can be secure. OTS support is coming in Acadia.
RMI-IIOP over wtc totally leverages the ATMI support so you get all
the same features + CORBA-style access. The RMI-IIOP spec is fairly
irrelevant in this instance since we do not have to to support
interoperable transactions to support transaction propagation from Tux
over WTC. That's kind of the whole point - the specs have their rough
edges when it comes to defining transactions and security over IIOP
but we give you exactly what you want (transactions and security)
using the internal tux domains protocol.
andy -
Is there any sample RMI-IIOP application using distributed transactions
Hi,
Based on the links below:
http://e-docs.bea.com/wls/docs61/jta/trxrmi.html#1018506
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1067532
It appears that is possible to have distributed transactions across RMI-IIOP
clients and RMI-IIOP applications (servers).
I am surprised by the note:
Note: These code fragments do not derive from any of the sample applications
that ship with WebLogic Server. They merely illustrate the use of the
UserTransaction object within an RMI application.
The above note suggests that there is no sample code available.
Is there any sample code that illustrates RMI-IIOP applications (servers)
participating in distributed transactions?
Regards,
Dan CimpoesuTransaction examples for IIOP are in the works for the next release.
"Dan Cimpoesu" <[email protected]> wrote:
Hi,
Based on the links below:
http://e-docs.bea.com/wls/docs61/jta/trxrmi.html#1018506
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1067532
It appears that is possible to have distributed transactions across RMI-IIOP
clients and RMI-IIOP applications (servers).
I am surprised by the note:
Note: These code fragments do not derive from any of the sample applications
that ship with WebLogic Server. They merely illustrate the use of the
UserTransaction object within an RMI application.
The above note suggests that there is no sample code available.
Is there any sample code that illustrates RMI-IIOP applications (servers)
participating in distributed transactions?
Regards,
Dan Cimpoesu -
Distributed transactions across RMI-IIOP client to RMI-IIOP server do not work
Hi,
Based on the links below:
http://e-docs.bea.com/wls/docs61/jta/trxrmi.html#1018506
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1067532
It appears that is possible to have distributed transactions across RMI-IIOP
clients and RMI-IIOP applications (servers).
I followed up the "Transactions Sample RMI Code" section but it appears that
the transaction context is not propagated from client to server. I am also
surprised by the note:
Note: These code fragments do not derive from any of the sample applications
that ship with WebLogic Server. They merely illustrate the use of the
UserTransaction object within an RMI application.
The above note suggests that there is no sample code available.
Is there anyone who successfully had RMI-IIOP applications (servers)
participating in distributed transactions?
Is there any sample code that illustrates RMI-IIOP applications (servers)
participating in distributed transactions?
If anyone thinks that this should work I will post my code that does not
work.
Regards,
Dan Cimpoesu
But if you look to the diagram:
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1040200
it suggests that transactional context is passed from clients to RMI-IIOP
servers.
Am I wrong?
Dan
"Andy Piper" <[email protected]> wrote in message
news:[email protected]..
"Dan Cimpoesu" <[email protected]> writes:
Transactions over IIOP are not supported or implemented in WLS 6.1 or
previous. This is a feature of WLS 7.0. In 7.0 we implement OTS.
andy
Hi,
Based on the links below:
http://e-docs.bea.com/wls/docs61/jta/trxrmi.html#1018506
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1067532
It appears that is possible to have distributed transactions across
RMI-IIOP
clients and RMI-IIOP applications (servers).
I followed up the "Transactions Sample RMI Code" section but it appearsthat
the transaction context is not propagated from client to server. I amalso
surprised by the note:
Note: These code fragments do not derive from any of the sampleapplications
that ship with WebLogic Server. They merely illustrate the use of the
UserTransaction object within an RMI application.
The above note suggests that there is no sample code available.
Is there anyone who successfully had RMI-IIOP applications (servers)
participating in distributed transactions?
Is there any sample code that illustrates RMI-IIOP applications(servers)
participating in distributed transactions?
If anyone thinks that this should work I will post my code that does not
work.
Regards,
Dan Cimpoesu -
Distributed transactions across RMI-IIOP client to server do not work
Hi,
Based on the links below:
http://e-docs.bea.com/wls/docs61/jta/trxrmi.html#1018506
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1067532
It appears that is possible to have distributed transactions across RMI-IIOP
clients and RMI-IIOP applications (servers).
I followed up the "Transactions Sample RMI Code" section but it appears that
the transaction context is not propagated from client to server. I am also
surprised by the note:
Note: These code fragments do not derive from any of the sample applications
that ship with WebLogic Server. They merely illustrate the use of the
UserTransaction object within an RMI application.
The above note suggests that there is no sample code available.
Is there anyone who successfully had RMI-IIOP applications (servers)
participating in distributed transactions?
Is there any sample code that illustrates RMI-IIOP applications (servers)
participating in distributed transactions?
If anyone thinks that this should work I will post my code that does not
work.
Regards,
Dan CimpoesuBut if you look to the diagram:
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1040200
it suggests that transactional context is passed from clients to RMI-IIOP
servers.
Am I wrong?
Dan
"Andy Piper" <[email protected]> wrote in message
news:[email protected]..
"Dan Cimpoesu" <[email protected]> writes:
Transactions over IIOP are not supported or implemented in WLS 6.1 or
previous. This is a feature of WLS 7.0. In 7.0 we implement OTS.
andy
Hi,
Based on the links below:
http://e-docs.bea.com/wls/docs61/jta/trxrmi.html#1018506
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1067532
It appears that is possible to have distributed transactions across
RMI-IIOP
clients and RMI-IIOP applications (servers).
I followed up the "Transactions Sample RMI Code" section but it appearsthat
the transaction context is not propagated from client to server. I amalso
surprised by the note:
Note: These code fragments do not derive from any of the sampleapplications
that ship with WebLogic Server. They merely illustrate the use of the
UserTransaction object within an RMI application.
The above note suggests that there is no sample code available.
Is there anyone who successfully had RMI-IIOP applications (servers)
participating in distributed transactions?
Is there any sample code that illustrates RMI-IIOP applications(servers)
participating in distributed transactions?
If anyone thinks that this should work I will post my code that does not
work.
Regards,
Dan Cimpoesu -
Transactions Sample RMI-IIOP Code
Hi,
Looking to the link below it appears that we can have RMI-IIOP applications
and clients that use JTA.
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1067532
Does anyone know of a RMI-IIOP sample that illustrates how transactions are
propagated from RMI-IIOP clients to RMI-IIOP applications?
Regards,
Dan Cimpoesu
But if you look to the diagram:
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1040200
it suggests that transactional context is passed from clients to RMI-IIOP
servers.
Am I wrong?
Dan
"Andy Piper" <[email protected]> wrote in message
news:[email protected]..
"Dan Cimpoesu" <[email protected]> writes:
Transactions over IIOP are not supported or implemented in WLS 6.1 or
previous. This is a feature of WLS 7.0. In 7.0 we implement OTS.
andy
Hi,
Based on the links below:
http://e-docs.bea.com/wls/docs61/jta/trxrmi.html#1018506
http://e-docs.bea.com/wls/docs61/jta/gstrx.html#1067532
It appears that is possible to have distributed transactions across
RMI-IIOP
clients and RMI-IIOP applications (servers).
I followed up the "Transactions Sample RMI Code" section but it appearsthat
the transaction context is not propagated from client to server. I amalso
surprised by the note:
Note: These code fragments do not derive from any of the sampleapplications
that ship with WebLogic Server. They merely illustrate the use of the
UserTransaction object within an RMI application.
The above note suggests that there is no sample code available.
Is there anyone who successfully had RMI-IIOP applications (servers)
participating in distributed transactions?
Is there any sample code that illustrates RMI-IIOP applications(servers)
participating in distributed transactions?
If anyone thinks that this should work I will post my code that does not
work.
Regards,
Dan Cimpoesu -
EJB client connection [RMI/IIOP]
1) Just to test the communication between EJB client and EJB using RMI/IIOP in WLS 9.2, I have created two InitialContexts and I have seen that here are only two InitialContext. But, I can see only a single connection displayed (Monitoring Channels tab for the default [IIOP] channel). Is this expected? Doesn’t is suppose to create two connections?
2) If only one connection is established. What is the way this model will scale up?? I can have multiple calls..right?
3) What is the connection time out works on this? If I have a stub cached. Does that mean my RMI/IIOP connection still be alive?MC Sreeram <> writes:
1) Just to test the communication between EJB client and EJB using RMI/IIOP in WLS 9.2, I have created two InitialContexts and I have seen that here are only two InitialContext. But, I can see only a single connection displayed (Monitoring Channels tab for the default [IIOP] channel). Is this expected? Doesn???t is suppose to create two connections?Connections are share beween the same port and ip addresses.
2) If only one connection is established. What is the way this model will scale up?? I can have multiple calls..right?Yes. It scales up nicely.
3) What is the connection time out works on this? If I have a stub cached. Does that mean my RMI/IIOP connection still be alive?The stub should transparently re-establish the connection if it is timed out
andy -
Hi guys,
i feel ejb is internally using rmi.Am i right?what are the differences between rmi and ejb and also what r the similarities?
Thanks
Regards
Vivek.SRMI is just an API that allows Java classes to be invoked remotely. It uses Java Remote Method Protocol. But it also can use IIOP in which case this whole thing is called RMI-IIOP.
RMI doesnt provide any component model like EJB, that has several types of components with well defined behavior and purpose.
Since EJB's can be called remotely they may use JRMP but it's not mandatory.
EJB's have to use IIOP as a connection protocol to ensure interoperability among EJB servers and CORBA ORB's. So EJB' s use RMI as an API, but they have to support IIOP and optionally some other protocols like JRMP. For example, WebLogic supports some interesting protocol called T3.
best regards,
Maris Orbidans
SCJP SCWCD SCBCD -
Rmi-iiop: calling secured method on Ejb -- NO PERMISSION Exception
In WL6.1, I have an Ejb with secured methods. The (Swing) client application accesses the Ejb through rmi-iiop using the JDK1.3.1 Orb.
Unfortunately, it seems that the caller identity (which was supplied in the InitialContext lookup) is not propagated
to the server: any call to a secured method
fails with a CORBA NO_PERMISSION Exception.
Using the t3 protocol the program works fine, but that would require the 25Mb weblogic.jar on all clients, which is unattainable for us.
Any ideas how this situation can be corrected?
-Allard SiemelinkHi Allard,
Please pose this in the weblogic.developer.interest.rmi-iiop.
Thanks,
Allard Siemelink wrote:
In WL6.1, I have an Ejb with secured methods. The (Swing) client application accesses the Ejb through rmi-iiop using the JDK1.3.1 Orb.
Unfortunately, it seems that the caller identity (which was supplied in the InitialContext lookup) is not propagated
to the server: any call to a secured method
fails with a CORBA NO_PERMISSION Exception.
Using the t3 protocol the program works fine, but that would require the 25Mb weblogic.jar on all clients, which is unattainable for us.
Any ideas how this situation can be corrected?
-Allard Siemelink--
Apurb Kumar
Developer Relations Engineer
BEA Support -
RMI-IIOP and glassfish naming service
I have some very basic test applications to test RMI-IIOP. The applications are one server (registers the Remote object) and one client (tries to retreive the remote object stub and invoke a simple hello() method).
I've been trying to get it to work by registering the Remote object (see below) in glassfish naming service (JNDI) but I get the following an error saying: "Class rmi.ListenerRemoteImpl not exported, or else is actually a JRMP stub". I haven't been able to figure out why...
Then I found another guide which I followed and managed to get to work. The only difference there was that I used orbd as naming service.
Why is this? Doesn't Glassfish JNDI support RMI-IIOP in this way?
Any help is greatly appreciated!
I followed the following steps in creating the application:
-Created the following classes:
Client.java //The client
Server.java //The server
ListenerRemote.java //Remote interface implementing Remote
ListenerRemoteImpl.java //Implemtation extends PortableRemoteObject and implements ListenerRemote
-Generated stubs with rmic using -iiop
-Compile and run...Here is some of the code...
Client that fails with glassfish but not with orbd:
=========================================
public static void main(String[] args) throws Exception {
ListenerRemoteImpl listener = new ListenerRemoteImpl();
Properties props = new Properties();
props.load(new FileInputStream("jndi.properties"));
//Uncommenting this and starting orbd makes it work. When default jndi.properties from Glassfish is used, it does not work.
//props.put("java.naming.factory.initial", "com.sun.jndi.cosnaming.CNCtxFactory");
//props.put("java.naming.provider.url", "iiop://localhost:1060");
Context ctx = new InitialContext(props);
ctx.rebind("listener", listener);
System.out.println("Listener bound!");
==================================
ListenerRemoteImpl:
==================================
public class ListenerRemoteImpl extends PortableRemoteObject implements ListenerRemote {
public ListenerRemoteImpl() throws RemoteException {
super();
public void sayHello() throws RemoteException {
System.out.println("Hello!");
==================================
The stacktrace when glassfish naming service is used:
==================================
2007-aug-10 17:24:32 com.sun.corba.ee.impl.util.Utility autoConnect
VARNING: "IOP00511403: (INV_OBJREF) Class rmi.ListenerRemoteImpl not exported, or else is actually a JRMP stub"
org.omg.CORBA.INV_OBJREF: vmcid: SUN minor code: 1403 completed: No
at com.sun.corba.ee.impl.logging.UtilSystemException.objectNotExported(UtilSystemException.java:569)
at com.sun.corba.ee.impl.logging.UtilSystemException.objectNotExported(UtilSystemException.java:592)
at com.sun.corba.ee.impl.util.Utility.autoConnect(Utility.java:147)
at com.sun.corba.ee.impl.javax.rmi.CORBA.Util.writeAny(Util.java:323)
at com.sun.corba.ee.impl.presentation.rmi.DynamicMethodMarshallerImpl$10.write(DynamicMethodMarshallerImpl.java:256)
at com.sun.corba.ee.impl.presentation.rmi.DynamicMethodMarshallerImpl.writeArguments(DynamicMethodMarshallerImpl.java:407)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:157)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:119)
at com.sun.corba.ee.impl.presentation.rmi.bcel.BCELStubBase.invoke(BCELStubBase.java:197)
at com.sun.enterprise.naming._SerialContextProvider_DynamicStub.rebind(_SerialContextProvider_DynamicStub.java)
at com.sun.enterprise.naming.SerialContext.rebind(SerialContext.java:403)
at javax.naming.InitialContext.rebind(InitialContext.java:408)
at rmi.Client.main(Client.java:48)
Exception in thread "main" javax.naming.CommunicationException: java.rmi.NoSuchObjectException: CORBA INV_OBJREF 1398080891 No; nested exception is:
org.omg.CORBA.INV_OBJREF: vmcid: SUN minor code: 1403 completed: No
at com.sun.enterprise.naming.SerialContext.rebind(SerialContext.java:405)
at javax.naming.InitialContext.rebind(InitialContext.java:408)
at rmi.Client.main(Client.java:48)
================================== -
Can someone help me understand and analyze the marshaling techniques of CORBA, RMI and RMI-IIOP??
RMI/JRMP is easy, just read the RMI Specification:
http://java.sun.com/j2se/1.5.0/docs/guide/rmi/spec/rmi-protocol.html
CORBA is not so easy. Find the GIOP and IIOP specifications at http://www.omg.org -
Hello all,
I am new to CORBA (I understand the concepts, but have never actually programmed anything with it).
I need to write some software in Java that talks to an existing system that has CORBA interfaces. It seems to me that using RMI-IIOP will be a good solution, but in the RMI-IIOP documentation, I have read that it will only work with CORBA version 2.3.
The existing system works with CORBA version 2.0 (as far as I know). Does this mean that I will not be able to use RMI-IIOP at all, or are there some workarounds to get it working with CORBA 2.0?
What would be my alternatives if I cannot use RMI-IIOP because of the version difference?
regards
JesperHi
I have not tried that kombination myself so can not tell you about workarounds, I can tell you that the main difference, in respect to Java, between 2.0 and 2.3 is that the Objects by Value protocoll is incorporated into CORBA 2.3. This extension was specifically designed and added to make RMI-IIOP possible, or atleast more user friendly.
The first workaround I would try is making comunicaitons interfaces built from only basic variable types, but I can not say if it would work. Besides if you are not defining new interfaces (IDL files) you will probably have to work with Java IDL anyway since RMI-IIOP (atleast in jdk1.3) seemed like a one way conversion, Java -> IDL.
Hope this helps
//Samuel
Maybe you are looking for
-
Sent e-mails are not delivered
A couple of months ago the e-mails sent from my Nokia E63 stopped being delivered. I get no error or warning, but they do not reach their recipients. Before, I had no problems in receiving and sending mails. I updated the software of my Nokia to the
-
Mountain Lion Kerberos GSSAPIDelegateCredentials does not work against Solaris Machine
Hi, After upgrade my systems to Mountain Lion the ssh option GSSAPIDelegateCredentials fails when tries to login in a Solaris 10 machine. The ssh client close the connection after the message "Delegate credentials" when runs in a verbose mode. The se
-
Correct confirmed account doesn't appear in service request
Hi guys, let me brief my requirement: In IC webclient the service request is picking just previously cancelled conformed account as activity partner but not the current confirmed account. Th process to create the issue : Go to Account Identification
-
0IC_C03_Q0021- Inventory aging
Hi Could someone explain me how this report works? I wanted a report which can tell the age of stock ? Would this work for me? If not then what is this report useful for ? Thanks
-
A friend of mine has a G4 iMac (Sunflower), running 10.2.8, and has asked me to come over to look at her machine. She says it needs a "tune-up" and needs help. By a tune-up she means that she is getting a lot of "application quit unexpectedly" messag