I would suggest you read all of the following: http://www.dancres.org/cottage/doc/arch2_0.html - You'll find a breakdown of how to get ProxyTrust implemented for both smart and non-smart proxies.
http://www.dancres.org/cottage/service_build.html - Which covers how I built ProxyTrust support into Blitz - Blitz's source-code is open so you can go grab yourself a copy or indeed check out Outrigger. http://www.artima.com/intv/proxytrust.html - an introduction to proxy trust concepts - note this is part of a series on Jini Security at Artima - well worth a read. Hope that helps, Dan. On 2 September 2011 01:57, helcio silva <[email protected]> wrote: > Peter, thank you for your help. I can run the Hello World demo > application now. > > By the way, I would like to return to the question about integrity > verification using HTTPMD URLs. Previously, Dan Creswell requested > some of my config files. As a matter of fact, that's the server's > config file: > ------- > import java.security.Permission; > > import com.sun.jini.config.ConfigUtil; > import net.jini.constraint.BasicMethodConstraints; > import net.jini.core.constraint.InvocationConstraint; > import net.jini.core.constraint.InvocationConstraints; > import net.jini.core.constraint.Confidentiality; > import net.jini.core.constraint.Integrity; > import net.jini.jeri.*; > import net.jini.jeri.ssl.*; > import net.jini.url.httpmd.HttpmdUtil; > > Test { > > /* policy file name */ > policy = "policy.all"; > > /* codebase URL */ > codebase = > HttpmdUtil.computeDigestCodebase("/home/helcio/jini/exemplos/securityTest", > (String) ConfigUtil.concat(new Object[] { > "httpmd://", ConfigUtil.getHostName(), > ":8086/AbstractConfigurationServer-dl.jar;sha=0"})); > > /* Exporter for the server proxy */ > exporter = > /* Use secure exporter */ > new BasicJeriExporter( > /* Use SSL transport */ > SslServerEndpoint.getInstance(0), > new ProxyTrustILFactory( > /* Require integrity for all methods */ > new BasicMethodConstraints( > new InvocationConstraints( > new InvocationConstraint[] { Integrity.YES, > Confidentiality.YES }, null) > ), > null) > ); > } > --------------- > Some days ago, I've used a BasicILFactory, and, as I've said > before, my proxy was not considered trusted by its client. After I've > taken a look on Dan Creswell's tutorial about JINI and SSL > (http://www.dancres.org/cottage/jini_ssl.html), I've choose to replace > it by a ProxyTrustILFactory. But, as it was shown by exceptions thrown > below, my service must implement the ServerProxyTrust interface, and > that's include an implementation of getProxyVerifier method. > Does somebody can help me providing an example of such > implementation? Should I extend some class implementing > ServerProxyTrust? I know the getProxyVerifier returns a (local) porxy > verifier that must be used to enforce integrity at code and data > levels. But I am not sure about what is the most suitable action to > perform now. > Once more, thanks in advance, gentlemen! > -------------- > --> exporting a proxy for client...java.rmi.server.ExportException: > impl must implement ServerProxyTrust > at > net.jini.jeri.ProxyTrustILFactory.getRemoteInterfaces(ProxyTrustILFactory.java:106) > at > net.jini.jeri.AbstractILFactory.getProxyInterfaces(AbstractILFactory.java:154) > at > net.jini.jeri.AbstractILFactory.createInstances(AbstractILFactory.java:450) > at net.jini.jeri.BasicJeriExporter.export(BasicJeriExporter.java:621) > at > server.SecAbstractConfigurationServer.<init>(SecAbstractConfigurationServer.java:129) > at > server.SecAbstractConfigurationServer$1.run(SecAbstractConfigurationServer.java:68) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) > at > server.SecAbstractConfigurationServer.init(SecAbstractConfigurationServer.java:64) > at > server.SecAbstractConfigurationServer.main(SecAbstractConfigurationServer.java:39) > > > 2011/8/31 Peter Firmstone <[email protected]>: >>> Solved! After I've typed: >>> >>> /usr/local/apache-river-2.2.0/lib-ext# cp jsk-policy.jar >>> /usr/local/jdk1.6.0_24/jre/lib/ext/ >>> >>> ...the ssl-reggie.sh script is working now! My apologies for that >>> last message! >>> >>> Kindest regards to everybody. >>> >>> Helcio. >> >> Helcio, >> >> If you don't want to install it into jre/lib/ext/ you can also have it >> loaded as an extension by setting the following system property with the >> following argument on the command line: >> >> -java.ext.dirs=/usr/local/jdk1.6.0_24/jre/lib/ext/:/usr/local/apache-river-2.2.0/lib-ext/ >> >> Cheers, >> >> Peter. >> >
