On Sep 22, 2005, at 10:39 PM, lin sun wrote:
Thanks again for the quick response and it is very helpful! Hope I
can get it working
any day soon!:-)
So I decided to redesign my test scenario based on your
recommendations:
1) Find a J2EE client and EJB sample that would work in geronimo
environment. Luckily,
I was able to get the MagicGball ear file deployed and the
MagicGball-client running in
the J2EE client container. I'd like to use this sample and modify it
so that the J2EE
client can communicate to EJBs via IIOP.
2) Customize the EJBs and make them available through Corba
3) Customize the client so that it can use the EJB through Corba
I followed your guildance below on No. 2 and No. 3 but I could not get
much further.
Could you please help?
To make ejbs available through Corba (as servers), you need to:
1. include a tss-link for each ejb in the openejb-plan to a tss bean
that is configured somewhere, such as the j2ee-server-corba-plan.xml
2. start the j2ee-server-corba-plan. The easiest way to do this is to
include and "include" element in your openejb plan:
<include>
<uri>org/apache/geronimo/ServerCORBA</uri>
</include>
I created the openejb-jar.xml file myself, since MagicGball didn't
have one.
I could not find much example on <tss-link>...so I assume I can put a
tss bean name like
"SSLClientCert" that is specified in the j2ee-server-corba-plan.xml.
Not sure if this
is correct, all I know is that the deployer didn't complain:-)
I put the <include>..</include> before the <enterprise-beans> but when
I tried to deploy
the ear file, the deployer complained that it expected a
<enterprise-beans> tag instead.
Can I just set the parentID to "org/apache/geronimo/ServerCORBA"
to reach the same
goal?
<?xml version="1.0" encoding="UTF-8"?>
<openejb-jar xmlns="http://www.openejb.org/xml/ns/openejb-jar";
configId="MagicGBall"
parentId="org/apache/geronimo/Server">
<include>
<uri>org/apache/geronimo/ServerCORBA</uri>
</include>
<enterprise-beans>
<session>
<ejb-name>MagicGBall</ejb-name>
<tss-link>SSLClientCert</tss-link>
</session>
</enterprise-beans>
</openejb-jar>
my apologies, this should be <import> not <include> <include> means
something very different and is not appropriate for ejb-jars. I don't
think you can use o/a/g/ServerCORBA as the parentId, the openejb
classes will be missing :-)
To use an ejb from a j2ee application (such as a j2ee app client, web
app, or ejb) you need to include in the geronimo/openejb plan ejb-ref
information like this:
I read Aaron's book on J2EE client application, and I didn't see
anywhere mentions
openejb-jar.xml, so I assume you mean geronimo-client.xml here?
yes. I don't think his book covers app-clients using corba yet though.
1. where the naming server is and the name
2. a css-link to supply the security info for csiv2 negotiation with
the server. A typical element might look like this:
<ejb-ref>
<ref-name>ejb/Control</ref-name>
<ns-corbaloc>corbaloc::<target name service
host>:<name
service port>/NameService</ns-corbaloc>
<name>targetEjbName</name>
<css-link>SSLClientCert</css-link>
</ejb-ref>
(fill in the correct values for the host and port)
I tried to modify the geronimo application client xml file provided by
MagicGball as
follows, but the deployer complained the ns-corbaloc, name, css-link
elements were not
allowed when I deployed the ear file.
This is the spec deployment descriptor, which you should not modify.
What you should do is write a geronimo application plan that includes
modules including the openejb-jar and a geronimo-app-client plan.
You are going to need to add security to both the client and ejb. For
the client, you need to supply a callback handler. The simplest
approach is to hardcode the info, either user-pw or certificate. I
think it will be easier to set up server security using user-pw: you
can just use the existing properties-login.
I think something faintly resembling this might work:
<application
xmlns="http://geronimo.apache.org/xml/ns/j2ee/application";
configId="org/acme/MagicGball"
parentId="org/apache/geronimo/Server">
<module>
<java>magicGball-client.jar</java>
<application-client
xmlns="http://geronimo.apache.org/xml/ns/j2ee/application-client";
configId="client"
clientConfigId="org/acme/MagicGBall/Client"
clientParentId="org/apache/geronimo/ClientCORBA">
<ejb-ref>
<ref-name>mGBall</ref-name>
<ns-corbaloc>corbaloc::localhost:1055/NameService</ns-corbaloc>
<name>MagicGBall</name>
<css-link>SSLClientPassword</css-link>
</ejb-ref>
<realm-name>geronimo-properties-realm</realm-name>
<callback-handler>org.acme.UPCallbackHandler</callback-handler>
</application-client>
</module>
<module>
<ejb>magicGball-ejb.jar</ejb>
<openejb-jar xmlns="http://www.openejb.org/xml/ns/openejb-jar";
configId="ejb"
parentId="org/apache/geronimo/Server">
<import>
<uri>org/apache/geronimo/ServerCORBA</uri>
</import>
<enterprise-beans>
<session>
<ejb-name>MagicGBall</ejb-name>
<tss-link>SSLClientPassword</tss-link>
</session>
</enterprise-beans>
</openejb-jar>
</module>
<security xmlns="http://geronimo.apache.org/xml/ns/security";>
<default-principal realm-name="geronimo-properties-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipa
l" name="system"/>
</default-principal>
<role-mappings>
<role role-name="User">
<realm realm-name="geronimo-properties-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipa
l" name="system"/>
</realm>
</role>
</role-mappings>
</security>
</application>
There are probably plenty of mistakes here but this might be a starting
point.
<application-client xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/applicationclient_1_4.xsd";
version="1.4">
<display-name>Magic G Ball</display-name>
<ejb-ref>
<ejb-ref-name>mGball</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<home>org.acme.MagicGBallHome</home>
<remote>org.acme.MagicGBall</remote>
<ejb-link>magicGball-ejb.jar#MagicGBall</ejb-link>
<ns-corbaloc>corbaloc::localhost:1050/NameService</ns-corbaloc>
<name>MagicGBall</name>
<css-link>SSLClientCert</css-link>
</ejb-ref>
</application-client>
Deployer error:
E:\geronimo-1.0-SNAPSHOT\geronimo-1.0-SNAPSHOT>java -jar
bin\deployer.jar --user
system --password manager deploy
\build\geronimo\applications\magicGball\target
\magicGball.ear
Error: Unable to distribute magicGball.ear: Unable to parse
application-client.xml caused by Invalid deployment descriptor:
[error: cvc-complex-type.2.4b: Element not allowed:
[EMAIL PROTECTED]://java.sun.com/xml/ns/j2ee in element
[EMAIL PROTECTED]://java.sun.com/xml/ns/j2ee, error:
cvc-complex-type.2.4b: Element not allowed:
[EMAIL PROTECTED]://java.sun.com/xml/ns/j2ee in element
[EMAIL PROTECTED]://java.sun.com/xml/ns/j2ee, error:
cvc-complex-type.2.4b: Element not allowed:
[EMAIL PROTECTED]://java.sun.com/xml/ns/j2ee in element
[EMAIL PROTECTED]://java.sun.com/xml/ns/j2ee]
If your j2ee component is running in a server (it is a web app or
ejb),
you should include the ServerCORBA configuration as a parent, just
like
for a server ejb. If your j2ee component is an app client, which runs
in a different jvm, you should include the ClientCORBA configuration.
Unfortunately the clientCORBA configuration is still incomplete: you
need some security gbeans.
I think I need to change the ask(String question) method in
MagicGBallClient.java use
Corba. I am a bit lost here on what parm would ic.lookup() take?
Since I could have
define them via the ns-corbaloc tag.
//linsun: look up MagicGBallHome in the naming context
InitialContext ic = new InitialContext();
Object mgbObj =
ic.lookup("corbaname::localhost:1050/NameService");
you should look up the string java:comp/env/mGball just like in the
original, and specify the name server location in the geronimo plan.
//linsun: perform a safe downcast
MagicGBallHome home =
(MagicGBallHome)PortableRemoteObject.narrow(mgbObj,MagicGBallHome.class
);
you need to do this.
//from the original sample
MagicGBall mGball = home.create();
String answer = mGball.ask(question);
I think this part should be OK.
Finally, to use a ejb from a non-j2ee application through CORBA you
need to set up most of the infrastructure that the gbeans set up for
you: at least the Orb, the dynamic stub classloader, and some CSS
implementation. This last part is something no one has tried yet as
far as I know.
On the other hand, if you can find someone elses example of a
standalone non-j2ee client that accesses ejbs using csiv2 security
over
CORBA you should be able to communicate with those ejbs deployed in
geronimo. However, I've never seen such an example.
Gave up this approach--don't want to run into too much surprises!:-)
:-) there will be plenty of surprises anyway!
thanks
david jencks
