geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Piper <an...@bea.com>
Subject Re: CORBA and GSSUP fix -- please review
Date Mon, 13 Feb 2006 09:52:42 GMT
At 05:14 PM 2/10/2006, Aaron Mulder wrote:
>Sorry, you're crediting me with a lot more CORBA knowledge than I
>deserve.  :)  In particular, I'm not sure what the right IIOP URL or
>corbaname URL should be.  Let me give you a more specific scenario:
>
>Let's say I have a session bean running in Geronimo, so the Geronimo
>side of the picture looks like this:
>
>CORBA naming service: localhost:1050 (or
>corbaloc::localhost:1050/NameService), with SSL enabled
>EJB name in naming service: MySessionBean
>EJB TSS listening for SSL on localhost:1055

So assuming G supports corbaname (which it should) the url for this 
would look like so:

corbaname:iiop:1.2@localhost:1050#MySessionBean

>Now I have a web app deployed in WebLogic with an ejb-ref in web.xml
>pointing to the correct home and remote interface for this session
>bean, but with no EJB link.  So I'm assuming I need to put something
>in weblogic.xml in order to resolve this ejb-ref to point to the CORBA
>EJB above.  What does that configuration block look like?

I'm not sure I fully understand, but there is nothing special about 
CORBA internally. A weblogic.xml entry might look like this:

      <reference-descriptor>
         <ejb-reference-description>
           <ejb-ref-name>
             j2ee/interop/demo/tester
           </ejb-ref-name>
           <jndi-name>
             ejb/j2ee/interop/demo/tester
           </jndi-name>
         </ejb-reference-description>
      </reference-descriptor>

The JNDI name could be a corbaname URL if the EJB is remote.

>Also, if security is enabled for that session bean in Geronimo, so I
>want to pass my username and password that I used for the WebLogic web
>app across to the Geronimo EJB using GSSUP, and Geronimo requires that
>the GSSUP token contain the domain name (or target name) of
>"geronimo-properties-realm" along with the username and password, how
>would I set that up in weblogic.xml?

I'm not sure we allow you to control this :). Security settings can 
be set per ejb in the descriptor, but I don't think the target is included.

>Finally, let's say the EJB is running in WebLogic and the web app
>running in Geronimo:
>
>  - What naming service corbaloc would I use on the Geronimo side to
>point to WebLogic's naming service?  Would it be
>"corbaloc::localhost:7001/NameService"?

Yes, but better to use corbaname above.

>  - What is the name of the EJB inside the WebLogic naming service?
>e.g. is it one of the ejb-name or the jndi-name for that EJB, or is
>there some other setting for it?

Its just the jndi-name.

>  - Is it OK to specify that SSL should be used to contact the naming
>service and/or the EJB?  Does anything need to be done on the WebLogic
>side to enable that?  (Other than I guess any URLs would go over the
>SSL listen port not the regular WebLogic listen port.)

I would recommend you start without security first :) The simplest 
way to force the use of SSL is to switch off the main listen port. 
You can also fiddle with the EJB security descriptors, although this 
is not documented.

>  - If the EJB is secured on the WebLogic side and I want to pass my
>Geronimo login username and password to WebLogic via GSSUP, does
>WebLogic expect any particular target name or domain name to come with
>the username/password in the GSSUP authentication token?

No. I think we will strip the target name or use it as the security 
realm name.

andy 


Mime
View raw message