Re: JNDI remote authentication problem

Fri, 09 Dec 2005 15:47:04 -0800 

We did a little experiment and think that this works:

<configuration name="geronimo/j2ee-server/1.0/car">
     <gbean name="geronimo:name=EJB,type=NetworkService">
      <attribute name="host">0.0.0.0</attribute>
      <attribute name="port">4201</attribute>
      <attribute name="allowHosts">0.0.0.0</attribute>
    </gbean>
 </configuration>

However we are not the experts, maybe dblevins will have more to say.

many thanks
david jencks

On Dec 7, 2005, at 5:18 PM, Zakharov, Vasily M wrote:


John,

Thank you very much for your answer!


Let me know what happens.
Well, I tried correcting j2ee-server-plan.xml and config.xml, and I also 
tried to provide the proper value for allowHosts in GUI installer - it
all didn't help.

What really helped is correcting modules/assembly/maven.xml file and
specifying the IP address of the client in line 247 (specifying host
name or 255.255.255.255 mask also didn't help):

   <j:set var="PlanClientAddresses"
value="<MY_CLIENT_HOST_IP_ADDRESS>"/>

and then rebuilding Geronimo.

However, it didn't helped much.
I made additional investigation for the problem location and here's what 
I've found:

The problem occurs in file org/openejb/client/Client.java:
http://cvs.codehaus.org/viewrep/openejb/openejb/modules/core/src/java/ or 
g/openejb/client/Client.java?r=1.5
Previously the problem occured at line 171 (see code, the exceptions are 
wrapped badly there):

javax.naming.AuthenticationException: Cannot deternmine server protocol
version: Received null/0.0; nested exception is:
        java.io.IOException: Unable to read protocol version.  Reached
the end of the stream.
        at
org.openejb.client.JNDIContext.authenticate(JNDIContext.java:196)
        at
org.openejb.client.JNDIContext.getInitialContext(JNDIContext.java:181)
        at javax.naming.spi.NamingManager.getInitialContext(Unknown
Source)
        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
        at javax.naming.InitialContext.init(Unknown Source)
        at javax.naming.InitialContext.<init>(Unknown Source)

And after the fix to maven.xml and rebuilding Geronimo another error
occurs a bit later, at line 192:

javax.naming.AuthenticationException: Cannot read the response from the
server (OEJP/2.0) : null; nested exception is:
        java.io.EOFException
        at
org.openejb.client.JNDIContext.authenticate(JNDIContext.java:196)
        at
org.openejb.client.JNDIContext.getInitialContext(JNDIContext.java:181)
        at javax.naming.spi.NamingManager.getInitialContext(Unknown
Source)
        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
        at javax.naming.InitialContext.init(Unknown Source)
        at javax.naming.InitialContext.<init>(Unknown Source)

Previous problem was clearly a configuration issue, that was at last
resolved, but I have completely no idea on what to do with this new
problem. :(

Can it be that Geronimo/OpenEJB does not accept remote JNDI connections
at all??

With best regards,
   Vasily Zakharov, Intel Managed Runtime Division



-----Original Message-----
From: John Sisson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 23, 2005 3:23 PM
To: [email protected]
Subject: Re: JNDI remote authentication problem

Hi Vasily,
In the j2ee-server-plan.xml file it configures the IP addresses that the 

(OpenEJB) EJB daemon will accept connections from in the "allowHosts"
attribute.  For example:

    <!-- EJB Protocol -->
    <gbean gbeanName="geronimo:type=NetworkService,name=EJB"
class="org.activeio.xnet.StandardServiceStackGBean">
        <attribute name="name">EJB</attribute>
        <attribute name="port">${PlanOpenEJBPort}</attribute>
        <attribute name="host">${PlanServerHostname}</attribute>
        <attribute name="allowHosts">${PlanClientAddresses}</attribute>
        <attribute
name="logOnSuccess">HOST,NAME,THREADID,USERID</attribute>
        <attribute name="logOnFailure">HOST,NAME</attribute>
        <reference
name="Executor"><name>DefaultThreadPool</name></reference>
        <reference
name="Server"><gbean-name>openejb:type=Server,name=EJB</gbean-name></ ref 
erence>
    </gbean>
The In the geronimo\var\config.xml file (where you can specify attribute
values that can override the values in the deployed plan) you should see 

the following section:

    <configuration name="org/apache/geronimo/Server">
        <gbean name="openejb:type=NetworkService,name=EJB">
            <attribute name="host">0.0.0.0</attribute>
            <attribute name="port">4201</attribute>
        </gbean>
    </configuration>

In theory, you should be able to edit the config.xml file and specify
the allowable remote host by doing something like:

    <configuration name="org/apache/geronimo/Server">
        <gbean name="openejb:type=NetworkService,name=EJB">
            <attribute name="host">0.0.0.0</attribute>
            <attribute name="port">4201</attribute>
            <attribute name="allowHosts">myhostname</attribute>
        </gbean>
    </configuration>

*** But I have a bug currently open where the port number in the
config.xml file as shown in the example above is not actually used and I 

have a feeling the same problem will happen for allowHosts (see
http://issues.apache.org/jira/browse/GERONIMO-1151 ).  I haven't had a
chance to debug this yet.  Let me know what happens.

I think most of the testing so far has been done on the localhost with
the default port.

Regards,

John

Zakharov, Vasily M wrote:


Hello, all.



I'm trying to run an application that should access the beans
(deployed in a Geronimo server running on other machine) with a JNDI
request.



However, I get the following exception immediately at "new
InitialContext()" statement:



javax.naming.AuthenticationException: Cannot deternmine server
protocol version: Received null/0.0; nested exception
is:

        java.io.IOException: Unable to read protocol version.  Reached



the end of the stream.



The Geronimo console states the following at that moment:



15:31:20,132 ERROR [EJB] Host <app-host> is not authorized to access
this service.

java.lang.SecurityException: Host <app-host> is not authorized to
access this service.

        at
org.activeio.xnet.hba.ServiceAccessController.checkHostsAuthorization(S e 
rviceAccessController.java:78)


        at
org.activeio.xnet.hba.ServiceAccessController.service(ServiceAccessCont r 
oller.java:51)


        at

org.activeio.xnet.ServiceLogger.service(ServiceLogger.java:74)


        at
org.activeio.xnet.ServiceDaemon$SocketListener.run(ServiceDaemon.java: 15 
1)


        at java.lang.Thread.run(Unknown Source)



(here <app-host> replaces the IP address of the machine where I run my



application)



I'm using a default installation of Geronimo 1.0 M5, and Windows XP
SP2 and Sun's JRE 1.4.2_08 on both machines.



The client application's system properties include:
java.naming.factory.initial=org.openejb.client.RemoteInitialContextFact o 
ry


java.naming.provider.url=<geronimo-host>:4201

java.naming.security.principal=system

java.naming.security.credentials=manager



(here <geronimo-host> replaces the name of the machine where Geronimo
is running and principal/credentials are the same I use to login to
Geronimo console)



Also, I've put a local copy of openejb-core-2.0-G1M5.jar to the
application's classpath for context factory to be found.



Could somebody please point me at what I'm doing wrong and how can I
tune Geronimo to accept JNDI connections from the remote machine?



Thanks in advance,



   Vasily Zakharov, Intel Managed Runtime Division

Reply via email to