geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: CORBA and GSSUP fix -- please review
Date Fri, 10 Feb 2006 17:14:21 GMT
Andy,

Sorry, you're crediting me with a lot more CORBA knowledge than I
deserve.  :)  In particular, I'm not sure what the right IIOP URL or
corbaname URL should be.  Let me give you a more specific scenario:

Let's say I have a session bean running in Geronimo, so the Geronimo
side of the picture looks like this:

CORBA naming service: localhost:1050 (or
corbaloc::localhost:1050/NameService), with SSL enabled
EJB name in naming service: MySessionBean
EJB TSS listening for SSL on localhost:1055

Now I have a web app deployed in WebLogic with an ejb-ref in web.xml
pointing to the correct home and remote interface for this session
bean, but with no EJB link.  So I'm assuming I need to put something
in weblogic.xml in order to resolve this ejb-ref to point to the CORBA
EJB above.  What does that configuration block look like?

Also, if security is enabled for that session bean in Geronimo, so I
want to pass my username and password that I used for the WebLogic web
app across to the Geronimo EJB using GSSUP, and Geronimo requires that
the GSSUP token contain the domain name (or target name) of
"geronimo-properties-realm" along with the username and password, how
would I set that up in weblogic.xml?

Finally, let's say the EJB is running in WebLogic and the web app
running in Geronimo:

 - What naming service corbaloc would I use on the Geronimo side to
point to WebLogic's naming service?  Would it be
"corbaloc::localhost:7001/NameService"?

 - What is the name of the EJB inside the WebLogic naming service? 
e.g. is it one of the ejb-name or the jndi-name for that EJB, or is
there some other setting for it?

 - Is it OK to specify that SSL should be used to contact the naming
service and/or the EJB?  Does anything need to be done on the WebLogic
side to enable that?  (Other than I guess any URLs would go over the
SSL listen port not the regular WebLogic listen port.)

 - If the EJB is secured on the WebLogic side and I want to pass my
Geronimo login username and password to WebLogic via GSSUP, does
WebLogic expect any particular target name or domain name to come with
the username/password in the GSSUP authentication token?

Thanks,
    Aaron

On 2/10/06, Andy Piper <andyp@bea.com> wrote:
> At 03:51 PM 2/10/2006, Aaron Mulder wrote:
> >Andy, is there some good documentation on exposing an EJB via CORBA in
> >WebLogic, or configuring an EJB reference to connect to a remote CORBA
> >EJB?  I might as well try a WebLogic-to-Geronimo test to help resolve
> >this.
>
> Its enabled by default. In theory just point at the right IIOP URL
> and you are golden. Unfortunately vendors' opinions differ on what
> each server should actually do in ejb-ejb calls. We have a long
> internal doc for configuring WAS for WLS-WAS interop since its
> particularly tricky with security switched on.
>
> As to configuring an EJB ref, any conforming implementation should
> support a ref with a corbaname URL inside.
>
> andy
>
>

Mime
View raw message