geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: org.omg.CosNaming.NamingCntextPackage.NotFound
Date Thu, 22 Sep 2005 03:37:46 GMT

On Sep 21, 2005, at 11:03 PM, lin sun wrote:

> --- David Jencks <david_jencks@yahoo.com> wrote:
>
>> Not exactly.  AFAIK no one has used an ejb in geronimo from a non-j2ee
>> client through CORBA.  We have, in the tck work, used ejbs in geronimo
>> (and the sun ri) from a j2ee app client using CORBA.  I thought it
>> would be simpler to start with something that is known to work with
>> correct configuration, then work on the non-j2ee client which might
>> have additional problems.
>
> Are you suggesting both J2EE-Corba client and EJB running in the same 
> geronimo server and
> they communicate each other via IIOP?

no
>   I had thought that would not be using IIOP
> initially...  Or you are suggesting 2 geronimo servers on two 
> machines, one has the
> J2EE-Corba client running, the other one has the EJB running?   I 
> would prefer the later
> one.

Having 2 geronimo servers communicating by corba is definitely possible 
and you will be able to configure all the necessary parts using gbeans. 
  This would be the easiest to set up in my opinion.   In particular you 
should be able to do this now with the existing configurations and 
plans, without waiting for me to fix the ClientCORBA plan.   I was 
suggesting that you have ejbs deployed on a geronimo server and have 
the client be a j2ee application client, running in the geronimo 
application client container.  The geronimo app client container is a 
stripped down version of geronimo that includes the kernel, the gbean 
machinery, the transaction manager, and a few other pieces, but not 
ejbs or web apps.  Since it includes the kernel it is fairly easy to 
run components in it as gbeans.  This is what I was suggesting.
>>
>> I'm not sure whether it is possible to run with no security 
>> configured.
>>   We have a "unsecured" configuration but it has always been run with
>> the security gbeans present so I'm not sure if they are required.
>
> I actually want to use IIOP via SSL... I mentioned setup without it 
> because you said you
> are too busy to write some docs on how to setup it.

SSL shouldn't really be any harder than "no security" as long as you 
stick to the example css and tss beans or equivalent configurations set 
up in code.
>
>> Well, we don't really need any server side code generation but the
>> client side would be done with a cglib proxy.
>
> Good to know that thanks!
>
>> This is all good, but IIUC not sufficient.
>
> This might be too obvious for others, but what does IIUC mean?

If I Understand Correctly :-)  I've been spending too much time writing 
email and on IRC :-)
>
>> I believe you need an orb running on the client.  In the geronimo app
>> client, this comes from these two gbeans:
>>
>>      <gbean name="DyanmicStubClassLoader"
>> class="org.openejb.corba.util.DynamicStubClassLoader"/>
>>
>>      <gbean name="Server" class="org.openejb.corba.CORBABean">
>>          <reference name="ThreadPool">
>>              <module>org/apache/geronimo/Client</module>
>>              <name>DefaultThreadPool</name>
>>          </reference>
>>          <reference name="SecurityService">
>>              <module>*</module>
>>              <name>SecurityService</name>
>>          </reference>
>>          <attribute name="args">-ORBPort, 9683, -ORBInitRef,
>> NameService=corbaloc::localhost:2809/NameService</attribute>
>>          <attribute name="props">
>>              com.sun.CORBA.ORBServerHost=localhost
>>          </attribute>
>>      </gbean>
>>
>>
>> The first one sets up the cglib stuff for dynamic stubs, the second is
>> the orb itself.  In addition you need some CSSBean set up so the csiv2
>> negotiations can proceed, even if they say "no security" at each end.
>> An example would be:
>>
>>     <gbean name="NoSecurity" class="org.openejb.corba.CSSBean">
>>          <reference name="ThreadPool">
>>              <module>org/apache/geronimo/Client</module>
>>              <name>DefaultThreadPool</name>
>>          </reference>
>>          <reference name="TransactionContextManager">
>>              <module>org/apache/geronimo/Client</module>
>>              <name>TransactionContextManager</name>
>>          </reference>
>>          <attribute
>> name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</
>> attribute>
>>          <attribute name="description">NoSecurity</attribute>
>>          <attribute name="cssArgs"></attribute>
>>          <xml-attribute name="cssConfig">
>>              <css:css
>> xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
>>                  <css:compoundSecMechTypeList>
>>                      <css:compoundSecMech>
>>                          <css:SSL>
>>                              <css:supports>Integrity Confidentiality
>> EstablishTrustInTarget EstablishTrustInClient</css:supports>
>>                              <css:requires></css:requires>
>>                          </css:SSL>
>>                      </css:compoundSecMech>
>>                  </css:compoundSecMechTypeList>
>>              </css:css>
>>          </xml-attribute>
>>      </gbean>
>>
>> I suspect that if you remove the security service reference from the
>> corbabean you will be able to get corba to work on an app client with
>> no security.  You will need to deploy your ejbs with a tss-link to the
>> corresponding no-security server side tss bean.
>>
>> Now, the gbean framework is not doing all that much for you here, and
>> it would not be very much code to create the orb, create and register
>> the classloader, and set up the css bean.  Basically you just need to
>> call the gbean constructors and their doStart methods.  It is probably
>> easier to just create the orb in your  own code rather than starting
>> the CORBABean itself, since you may not want to have a thread pool for
>> the sole purpose of starting an orb :-)  I'm not sure what you will
>> need to add to your classpath: certainly openejb-core and
>> geronimo-spec-corba-2.3-rc4.jar, but I don't know what else.
>
> I am lost here.   I thought I only need to create a J2EE-Corba 
> application and deploy it
> to geronimo client container.   My understanding is the GBean would be 
> generated by the
> deployer automatically.   Also, I noticed the Gbean configuration you 
> mentioned to me are
> from doc\plan\j2EE-corba-client-plan.xml.  Maybe I could leverage this 
> corba client
> provided by Geronimo just to get end to end flow running?

There are lots of gbeans :-)  When you deploy a j2ee app on geronimo 
the builders will generate gbean descriptions that implement the 
functionality of your application by wrapping the classes you provide 
and setting up support services.  However, these all depend on "basic" 
services that run in geronimo.  Since lots of people aren't very 
interested in corba we've put the corba gbeans in separate plans that 
you don't have to run.  So...

To make ejbs available through Corba  (as servers), you need to:
1. include a tss-link for each ejb in the openejb-plan to a tss bean 
that is configured somewhere, such as the j2ee-server-corba-plan.xml
2. start the j2ee-server-corba-plan.  The easiest way to do this is to 
include and "include" element in your openejb plan:

<include>
     <uri>org/apache/geronimo/ServerCORBA</uri>
</include>

To use an ejb from a j2ee application (such as a j2ee app client, web 
app, or ejb) you need to include in the geronimo/openejb plan ejb-ref 
information like this:
1. where the naming server is and the name
2. a css-link to supply the security info for csiv2 negotiation with 
the server.  A typical element might look like this:

            <ejb-ref>
                 <ref-name>ejb/Control</ref-name>
                 <ns-corbaloc>corbaloc::<target name service host>:<name 
service port>/NameService</ns-corbaloc>
                 <name>targetEjbName</name>
                 <css-link>SSLClientCert</css-link>
             </ejb-ref>
(fill in the correct values for the host and port)

If your j2ee component is running in a server (it is a web app or ejb), 
you should include the ServerCORBA configuration as a parent, just like 
for a server ejb.  If your j2ee component is an app client, which runs 
in a different jvm, you should include the ClientCORBA configuration.  
Unfortunately the clientCORBA configuration is still incomplete: you 
need some security gbeans.

Finally, to use a ejb from a non-j2ee application through CORBA you 
need to set up most of the infrastructure that the gbeans set up for 
you: at least the Orb, the dynamic stub classloader, and some CSS 
implementation.  This last part is something no one has tried yet as 
far as I know.

On the other hand, if you can find someone elses example of a 
standalone non-j2ee client that accesses ejbs using csiv2 security over 
CORBA you should be able to communicate with those ejbs deployed in 
geronimo.  However, I've never seen such an example.

thanks
david jencks


Mime
View raw message