 |
 |
 |
 |
|
|
 |
J2EE Interoperability is a set of API and specifications in the Java EE platform that lets developers build interoperable components, that work with CORBA and other non J2EE components, access systems written in non Java languages and platforms in a standard way.
http://www.omg.org. J2EE and CORBA can work together to provide CORBA services across the network to J2EE components like EJBs. The Java IDL mapping/RMI IIOP specification defines how normal EJB components written to work with the RMI API can be made to work over CORBA/IIOP. This requires an underlying IIOP runtime which is usually provided by the application server/EJB container. Pramati Server comes with full support for CORBA/IIOP, including EJB access over IIOP from external clients. This document describes how to configure Pramati Server to use the IIOP protocol; specifically, how to make an EJB application use IIOP.
This involves the following steps:
Note: In this document the terms IIOP and RMI/IIOP are used interchangeably while referring to IIOP used in the EJB/J2EE context. ‘Pure’ RMI is referred to as RMI.
http://www.jacorb.org), a free, high performance Java ORB. It is completely pluggable and can be replaced with any other ORB if required. However, it is recommended that JacORB be used since it has been tested well with Pramati.
The <install_dir>/server/nodes/<node_name>/config/server-config.xml file has the following entry:
<service name="ORBInitializer" enabled="true" class-name="com.pramati.iiop.ORBInitializerImpl">
<requires/>
<property name="orb-initial-port" value="900"/>
<property name="com.pramati.iiop.nameservice.wrapper" value="com.pramati.iiop.jacorb.JacORBNameServiceWrapper"/>
<property name="org.omg.CORBA.ORBClass" value="org.jacorb.orb.ORB"/>
<property name="org.omg.CORBA.ORBSingletonClass" value="org.jacorb.orb.ORBSingleton"/>
<property name="com.pramati.orb.ssl.port" value="5711"/>
</service>
The enabled attribute in the tag is set to false by default, indicating that the service is disabled. Set it to true. The other properties shown above are:
orb-initial-port: The port number where the ORB runtime will listen for requests.org.omg.CORBA.ORBClass: The name of the ORB implementation class.org.omg.CORBA.ORBSingletonClass: The name of the ORB singleton implementation class.com.pramati.iiop.nameservice.wrapper: If the ORB requires a separate naming service to be started (as a separate process or in the server JVM) Pramati provides a wrapper class which can be plugged in into the ORB service. To do this, the com.pramati.services.orb.spi.NameServiceWrapper interface has to be implemented and the impl class name specified as the value for the above property. By default Pramati provides a wrapper class for JacORB, the bundled ORB.com.pramati.orb.ssl.port: If the components deployed under IIOP are required to use transport layer security (SSL/TLS) then this port should be set. Read Using CORBA-Based Security for EJBs on Pramati Server for how to set up an EJB component to use CORBA security.Starting the server after enabling the ORBInitializer service will automatically bootstrap the ORB runtime and make the server ready to deploy components over IIOP. Please note that enabling this service does not disable or interfere with the normal RMI communication subsystem of the server. EJB components can be still deployed over pure RMI. The service merely configures the server to use the proper ORB runtime.
pramati-j2ee-server.xml file through the type rmi or iiop. If this tag is left out, the application is deployed over RMI.
The tag can occur at three levels in the XML:
This gives the application deployer the flexibility to selectively deploy select EJBs over a particular protocol if required. However, the most common scenarios would be probably where the whole application is deployed over one protocol.
IIOP configuration doesn’t require any additional tweaking. After adding this tag with the value set to iiop, the application can be deployed. Following are the differences between deployment of EJBs over RMI and RMI/IIOP.
Table 1: Deploying EJBs over RMI vs. Deploying EJBs over RMI/IIOP
| RMI/JRMP | RMI/IIOP |
|---|---|
| EJBs use RMI JRMP for communication. | EJBs use RMI IIOP for communication. |
| EJBs are bound in the server’s JNDI naming service. | EJBs are bound in the server’s CosNaming service. |
Note: Invoking isIdentical on EJBs may not work as expected.
public interface HelloRemote extends EJBObject
{public String sayHello(String name) throws RemoteException;}
On deploying the EJB, Pramati Server automatically generates the required IIOP stubs alongwith the Interface Definition Language (IDL) files for the EJB interfaces. The IDL files are required by clients written in other languages to generates stubs in their respective languages.
The IDL files and IIOP stubs are present in the <install_dir>/server/nodes/<node_name>/archives/<your EJB application name>/<your EJB application version>/classes directory.
#include....... //include headers as necessary #include "HelloRemote.h" //Generated by the compiler #include "HelloHome.h" //Generated by the compiler using namespace std; int main (int argc, char *argv[]) { CORBA::ORB_var orb = CORBA::ORB_init(argc, argv); CORBA::Object_var ns = orb->resolve_initial_references("NameService"); CosNaming::NamingContext_var nc = CosNaming::NamingContext::_narrow(ns); CosNaming::Name name; name.length (1); name[0].id = CORBA::string_dup ("HelloBean"); name[0].kind = CORBA::string_dup (""); CORBA::Object_var obj; cout << "Looking up HelloBean in the CosNaming service" << flush; try {obj = nc->resolve (name);} catch (CosNaming::NamingContext::NotFound &exc) {cout << "NotFound" << endl; exit (1); } catch (CosNaming::NamingContext::CannotProceed &exc) {cout << "CannotProceed" << endl; exit (1); } catch (CosNaming::NamingContext::InvalidName &exc) {cout << "InvalidName" << endl; exit (1); } HelloRemoteHome_var home = HelloRemoteHome::_narrow (obj); HelloRemote_var remote = home->create(); CORBA::WString_Value result = remote->sayHello("Dude"); cout << "Result of calling HelloBean: " << result << endl; return 0; }
<install_dir>/server/nodes/<node>/archives/<your EJB application name>/<your EJB application version>/classes. Assume that the EJB is a Stateless Session Bean with a JNDI name "HelloBean" and the following remote interface:
public interface HelloRemote extends EJBObject
{public String sayHello(String name) throws RemoteException;}
Sample code for a Java client is shown below:
import java.io.*;
import java.rmi.RemoteException;
import java.util.*;
import javax.ejb.CreateException;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
public class JavaRMICORBAClient
{
public static void main(String[] args) throws
NamingException, RemoteException, CreateException
{
Properties props = new Properties();
props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.cosnaming.CNCtxFactory");
//replace this with the correct ip:port
props.setProperty(Context.PROVIDER_URL, "iiop://localhost:900");
InitialContext ic = new InitialContext(props);
HelloRemoteHome home = (HelloRemoteHome)
PortableRemoteObject.narrow(ic.lookup("HelloBean"), HelloRemoteHome.class);
HelloRemote remote = home.create();
String result = remote.sayHello("");
System.out.println("Result of calling the bean deployed over IIOP: " + result);
}
}
Replace the value of the property Context.PROVIDER_URL in the properties object with the correct IP port combination, or the IOR (or corbaloc) of the NamingService of the server. Note that the client is identical to any normal RMI client which is used to invoke EJBs - except for the fact that the PortableRemoteObject.narrow method is mandatory in case of RMI IIOP and not in plain RMI. Thus the RMI IIOP programming model allows existing EJB applications/client to be made easily accessible over IIOP to CORBA objects, without any changes in the code.
java JavaRMICORBAClient.
pramati-j2ee-server.xml file. This enables the EJBs to be accessible over IIOP to both Java and non Java CORBA clients across the network and serve requests.
Such invocations need to be secured in cases where the underlying network is unsafe, or the EJB’s themselves require certain security protocols to be followed. The CSIv2 specification describes the security requirements of CORBA components. The EJB 2.1 specification describes the same with respect to EJBs and mandates a conformance level of 0 as defined in the CSIv2 specification. In order to interoperate with CORBA clients, EJBs have to be configured to use CORBA security semantics. There are three levels to this security:
pramati-j2ee-server.xml under the tag for the EJB whose security is being configured.
<ior-security-descriptor> <transport-config integrity="required" confidentiality="required" establish-trust-in-client="supported" establish-trust-in-target="supported"/> .. .. .. .. .. .. .. .. .. .. </ior-security-descriptor>This specifies which secure transport options are required for that particular EJB.
Note: To enable SSL over JRMP, set the true.
<ior-security-descriptor> ……… <as-context auth-method="username_password" required="true"/> ……… </ior-security-descriptor>This tag specifies that the username-password mechanism is to be used, and that is it mandatory.
The standalone application client has to keep login.props file (which has the authentication details) under the client working directory.
A sample of login.props file follows:
java.naming.security.principal=If the file does not exist, then the client container will create a new file with the default properties so that you can edit it later.java.naming.security.credentials= com.pramati.naming.realm=
<ior-security-descriptor> ……… <sas-context caller-propagation="none"/> ……… <ior-security-descriptor>
This tag specifies whether or not caller (or identity) propagation is supported.
Sometimes the server may act as client to another server, when forwarding the request. In that case it will not send the authentication details of the client who made the request. Instead, it will send its own authentication details to the server to which the request is getting forwarded.
In that case the server uses the authentication details provided by the Server Authentication Details provider. The default provider reads the authentication details from the remote-server-login.props file located under the server's working directory. In this release it uses the same properties to make requests to all the other servers.
It contains the same properties that kept in login.props as mentioned above.
com.pramati.security.interop.AuthenticationDetails. The implementation class name must be specified using the System property com.pramati.security.server.authenticationdetailsimpl. The implementation class must be in the classpath of the server. The client information will be propagated to the server with identity assertion token.
The identity assertion uses the following types supported by CSIv2 Specification:
The server passes the information in one of the above identity tokens, depending on how client got authenticated to it. If for example the client did not authenticated to the server, then it uses the ITT Anonymous identity token while forwarding the request.
corbaloc:iiop:1.2@192.168.1.11:900#MyObjectIn case of EJBs on other systems made accessible over IIOP, the normal RMI IIOP programming model or the Java IDL programming model can be used.
Additionally, EJB references in J2EE applications can be configured at deployment time to point to remote EJBs deployed over IIOP on other servers. Such links usually take the form of a corbaloc address as specified above. This configuration can be used if the remote EJBs are available over IIOP and the EJBs or Web components on the local server have ejb-refs defined which should point to those remote EJBs. These links can be added in the pramati-j2ee-server.xml file inside the EJB or Web application on Pramati Server.
 |
|
| © Pramati Technologies 2007 | Runs on Pramati Server | Feedback | Legal |