On Sep 21, 2005, at 11:03 PM, lin sun wrote:
--- David Jencks <[EMAIL PROTECTED]> wrote:
Not exactly. AFAIK no one has used an ejb in geronimo from a non-j2ee
client through CORBA. We have, in the tck work, used ejbs in geronimo
(and the sun ri) from a j2ee app client using CORBA. I thought it
would be simpler to start with something that is known to work with
correct configuration, then work on the non-j2ee client which might
have additional problems.
Are you suggesting both J2EE-Corba client and EJB running in the same
geronimo server and
they communicate each other via IIOP?
no
I had thought that would not be using IIOP
initially... Or you are suggesting 2 geronimo servers on two
machines, one has the
J2EE-Corba client running, the other one has the EJB running? I
would prefer the later
one.
Having 2 geronimo servers communicating by corba is definitely possible
and you will be able to configure all the necessary parts using gbeans.
This would be the easiest to set up in my opinion. In particular you
should be able to do this now with the existing configurations and
plans, without waiting for me to fix the ClientCORBA plan. I was
suggesting that you have ejbs deployed on a geronimo server and have
the client be a j2ee application client, running in the geronimo
application client container. The geronimo app client container is a
stripped down version of geronimo that includes the kernel, the gbean
machinery, the transaction manager, and a few other pieces, but not
ejbs or web apps. Since it includes the kernel it is fairly easy to
run components in it as gbeans. This is what I was suggesting.
I'm not sure whether it is possible to run with no security
configured.
We have a "unsecured" configuration but it has always been run with
the security gbeans present so I'm not sure if they are required.
I actually want to use IIOP via SSL... I mentioned setup without it
because you said you
are too busy to write some docs on how to setup it.
SSL shouldn't really be any harder than "no security" as long as you
stick to the example css and tss beans or equivalent configurations set
up in code.
Well, we don't really need any server side code generation but the
client side would be done with a cglib proxy.
Good to know that thanks!
This is all good, but IIUC not sufficient.
This might be too obvious for others, but what does IIUC mean?
If I Understand Correctly :-) I've been spending too much time writing
email and on IRC :-)
I believe you need an orb running on the client. In the geronimo app
client, this comes from these two gbeans:
<gbean name="DyanmicStubClassLoader"
class="org.openejb.corba.util.DynamicStubClassLoader"/>
<gbean name="Server" class="org.openejb.corba.CORBABean">
<reference name="ThreadPool">
<module>org/apache/geronimo/Client</module>
<name>DefaultThreadPool</name>
</reference>
<reference name="SecurityService">
<module>*</module>
<name>SecurityService</name>
</reference>
<attribute name="args">-ORBPort, 9683, -ORBInitRef,
NameService=corbaloc::localhost:2809/NameService</attribute>
<attribute name="props">
com.sun.CORBA.ORBServerHost=localhost
</attribute>
</gbean>
The first one sets up the cglib stuff for dynamic stubs, the second is
the orb itself. In addition you need some CSSBean set up so the csiv2
negotiations can proceed, even if they say "no security" at each end.
An example would be:
<gbean name="NoSecurity" class="org.openejb.corba.CSSBean">
<reference name="ThreadPool">
<module>org/apache/geronimo/Client</module>
<name>DefaultThreadPool</name>
</reference>
<reference name="TransactionContextManager">
<module>org/apache/geronimo/Client</module>
<name>TransactionContextManager</name>
</reference>
<attribute
name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</
attribute>
<attribute name="description">NoSecurity</attribute>
<attribute name="cssArgs"></attribute>
<xml-attribute name="cssConfig">
<css:css
xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0";>
<css:compoundSecMechTypeList>
<css:compoundSecMech>
<css:SSL>
<css:supports>Integrity Confidentiality
EstablishTrustInTarget EstablishTrustInClient</css:supports>
<css:requires></css:requires>
</css:SSL>
</css:compoundSecMech>
</css:compoundSecMechTypeList>
</css:css>
</xml-attribute>
</gbean>
I suspect that if you remove the security service reference from the
corbabean you will be able to get corba to work on an app client with
no security. You will need to deploy your ejbs with a tss-link to the
corresponding no-security server side tss bean.
Now, the gbean framework is not doing all that much for you here, and
it would not be very much code to create the orb, create and register
the classloader, and set up the css bean. Basically you just need to
call the gbean constructors and their doStart methods. It is probably
easier to just create the orb in your own code rather than starting
the CORBABean itself, since you may not want to have a thread pool for
the sole purpose of starting an orb :-) I'm not sure what you will
need to add to your classpath: certainly openejb-core and
geronimo-spec-corba-2.3-rc4.jar, but I don't know what else.
I am lost here. I thought I only need to create a J2EE-Corba
application and deploy it
to geronimo client container. My understanding is the GBean would be
generated by the
deployer automatically. Also, I noticed the Gbean configuration you
mentioned to me are
from doc\plan\j2EE-corba-client-plan.xml. Maybe I could leverage this
corba client
provided by Geronimo just to get end to end flow running?
There are lots of gbeans :-) When you deploy a j2ee app on geronimo
the builders will generate gbean descriptions that implement the
functionality of your application by wrapping the classes you provide
and setting up support services. However, these all depend on "basic"
services that run in geronimo. Since lots of people aren't very
interested in corba we've put the corba gbeans in separate plans that
you don't have to run. So...
To make ejbs available through Corba (as servers), you need to:
1. include a tss-link for each ejb in the openejb-plan to a tss bean
that is configured somewhere, such as the j2ee-server-corba-plan.xml
2. start the j2ee-server-corba-plan. The easiest way to do this is to
include and "include" element in your openejb plan:
<include>
<uri>org/apache/geronimo/ServerCORBA</uri>
</include>
To use an ejb from a j2ee application (such as a j2ee app client, web
app, or ejb) you need to include in the geronimo/openejb plan ejb-ref
information like this:
1. where the naming server is and the name
2. a css-link to supply the security info for csiv2 negotiation with
the server. A typical element might look like this:
<ejb-ref>
<ref-name>ejb/Control</ref-name>
<ns-corbaloc>corbaloc::<target name service host>:<name
service port>/NameService</ns-corbaloc>
<name>targetEjbName</name>
<css-link>SSLClientCert</css-link>
</ejb-ref>
(fill in the correct values for the host and port)
If your j2ee component is running in a server (it is a web app or ejb),
you should include the ServerCORBA configuration as a parent, just like
for a server ejb. If your j2ee component is an app client, which runs
in a different jvm, you should include the ClientCORBA configuration.
Unfortunately the clientCORBA configuration is still incomplete: you
need some security gbeans.
Finally, to use a ejb from a non-j2ee application through CORBA you
need to set up most of the infrastructure that the gbeans set up for
you: at least the Orb, the dynamic stub classloader, and some CSS
implementation. This last part is something no one has tried yet as
far as I know.
On the other hand, if you can find someone elses example of a
standalone non-j2ee client that accesses ejbs using csiv2 security over
CORBA you should be able to communicate with those ejbs deployed in
geronimo. However, I've never seen such an example.
thanks
david jencks
