Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@geronimo.apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: JNDI remote authentication problem
Date: Thu, 8 Dec 2005 04:18:32 +0300
Message-ID: <E124AAE027DA384D8B919F93E4D8C708CEF8E9@mssmsx402nb>
Thread-Topic: JNDI remote authentication problem
Thread-Index: AcXwKLwnLSEQ0UTYRYiS7yredyrC+QAgX8mA
From: "Zakharov, Vasily M" <vasily.m.zakharov@intel.com>
To: <user@geronimo.apache.org>

John,

Thank you very much for your answer!

> Let me know what happens.

Well, I tried correcting j2ee-server-plan.xml and config.xml, and I also
tried to provide the proper value for allowHosts in GUI installer - it
all didn't help.

What really helped is correcting modules/assembly/maven.xml file and
specifying the IP address of the client in line 247 (specifying host
name or 255.255.255.255 mask also didn't help):

   <j:set var=3D"PlanClientAddresses"
value=3D"<MY_CLIENT_HOST_IP_ADDRESS>"/>

and then rebuilding Geronimo.

However, it didn't helped much.
I made additional investigation for the problem location and here's what
I've found:

The problem occurs in file org/openejb/client/Client.java:
http://cvs.codehaus.org/viewrep/openejb/openejb/modules/core/src/java/or
g/openejb/client/Client.java?r=3D1.5

Previously the problem occured at line 171 (see code, the exceptions are
wrapped badly there):

javax.naming.AuthenticationException: Cannot deternmine server protocol
version: Received null/0.0; nested exception is:=20
	java.io.IOException: Unable to read protocol version.  Reached
the end of the stream.
	at
org.openejb.client.JNDIContext.authenticate(JNDIContext.java:196)
	at
org.openejb.client.JNDIContext.getInitialContext(JNDIContext.java:181)
	at javax.naming.spi.NamingManager.getInitialContext(Unknown
Source)
	at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
	at javax.naming.InitialContext.init(Unknown Source)
	at javax.naming.InitialContext.<init>(Unknown Source)

And after the fix to maven.xml and rebuilding Geronimo another error
occurs a bit later, at line 192:

javax.naming.AuthenticationException: Cannot read the response from the
server (OEJP/2.0) : null; nested exception is:=20
	java.io.EOFException
	at
org.openejb.client.JNDIContext.authenticate(JNDIContext.java:196)
	at
org.openejb.client.JNDIContext.getInitialContext(JNDIContext.java:181)
	at javax.naming.spi.NamingManager.getInitialContext(Unknown
Source)
	at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
	at javax.naming.InitialContext.init(Unknown Source)
	at javax.naming.InitialContext.<init>(Unknown Source)

Previous problem was clearly a configuration issue, that was at last
resolved, but I have completely no idea on what to do with this new
problem. :(

Can it be that Geronimo/OpenEJB does not accept remote JNDI connections
at all??

With best regards,
   Vasily Zakharov, Intel Managed Runtime Division


-----Original Message-----
From: John Sisson [mailto:jrsisson@gmail.com]=20
Sent: Wednesday, November 23, 2005 3:23 PM
To: user@geronimo.apache.org
Subject: Re: JNDI remote authentication problem

Hi Vasily,

In the j2ee-server-plan.xml file it configures the IP addresses that the

(OpenEJB) EJB daemon will accept connections from in the "allowHosts"=20
attribute.  For example:

    <!-- EJB Protocol -->
    <gbean gbeanName=3D"geronimo:type=3DNetworkService,name=3DEJB"=20
class=3D"org.activeio.xnet.StandardServiceStackGBean">
        <attribute name=3D"name">EJB</attribute>
        <attribute name=3D"port">${PlanOpenEJBPort}</attribute>
        <attribute name=3D"host">${PlanServerHostname}</attribute>
        <attribute =
name=3D"allowHosts">${PlanClientAddresses}</attribute>
        <attribute
name=3D"logOnSuccess">HOST,NAME,THREADID,USERID</attribute>
        <attribute name=3D"logOnFailure">HOST,NAME</attribute>
        <reference=20
name=3D"Executor"><name>DefaultThreadPool</name></reference>
        <reference=20
name=3D"Server"><gbean-name>openejb:type=3DServer,name=3DEJB</gbean-name>=
</ref
erence>
    </gbean>

The In the geronimo\var\config.xml file (where you can specify attribute

values that can override the values in the deployed plan) you should see

the following section:

    <configuration name=3D"org/apache/geronimo/Server">
        <gbean name=3D"openejb:type=3DNetworkService,name=3DEJB">
            <attribute name=3D"host">0.0.0.0</attribute>
            <attribute name=3D"port">4201</attribute>
        </gbean>
    </configuration>

In theory, you should be able to edit the config.xml file and specify=20
the allowable remote host by doing something like:

    <configuration name=3D"org/apache/geronimo/Server">
        <gbean name=3D"openejb:type=3DNetworkService,name=3DEJB">
            <attribute name=3D"host">0.0.0.0</attribute>
            <attribute name=3D"port">4201</attribute>
            <attribute name=3D"allowHosts">myhostname</attribute>
        </gbean>
    </configuration>

*** But I have a bug currently open where the port number in the=20
config.xml file as shown in the example above is not actually used and I

have a feeling the same problem will happen for allowHosts (see=20
http://issues.apache.org/jira/browse/GERONIMO-1151 ).  I haven't had a=20
chance to debug this yet.  Let me know what happens.

I think most of the testing so far has been done on the localhost with=20
the default port.

Regards,

John

Zakharov, Vasily M wrote:

> Hello, all.
>
> =20
>
> I'm trying to run an application that should access the beans=20
> (deployed in a Geronimo server running on other machine) with a JNDI=20
> request.
>
> =20
>
> However, I get the following exception immediately at "new=20
> InitialContext()" statement:
>
> =20
>
> javax.naming.AuthenticationException: Cannot deternmine server=20
> protocol version: Received null/0.0; nested exception=20
> is:                                               =20
>
>         java.io.IOException: Unable to read protocol version.  Reached

> the end of the stream.      =20
>
> =20
>
> The Geronimo console states the following at that moment:
>
> =20
>
> 15:31:20,132 ERROR [EJB] Host <app-host> is not authorized to access=20
> this service.
>
> java.lang.SecurityException: Host <app-host> is not authorized to=20
> access this service.
>
>         at=20
>
org.activeio.xnet.hba.ServiceAccessController.checkHostsAuthorization(Se
rviceAccessController.java:78)
>
>         at=20
>
org.activeio.xnet.hba.ServiceAccessController.service(ServiceAccessContr
oller.java:51)
>
>         at
org.activeio.xnet.ServiceLogger.service(ServiceLogger.java:74)
>
>         at=20
>
org.activeio.xnet.ServiceDaemon$SocketListener.run(ServiceDaemon.java:15
1)
>
>         at java.lang.Thread.run(Unknown Source)
>
> =20
>
> (here <app-host> replaces the IP address of the machine where I run my

> application)
>
> =20
>
> I'm using a default installation of Geronimo 1.0 M5, and Windows XP=20
> SP2 and Sun's JRE 1.4.2_08 on both machines.
>
> =20
>
> The client application's system properties include:
>
>
java.naming.factory.initial=3Dorg.openejb.client.RemoteInitialContextFact=
o
ry
>
> java.naming.provider.url=3D<geronimo-host>:4201
>
> java.naming.security.principal=3Dsystem
>
> java.naming.security.credentials=3Dmanager
>
> =20
>
> (here <geronimo-host> replaces the name of the machine where Geronimo=20
> is running and principal/credentials are the same I use to login to=20
> Geronimo console)
>
> =20
>
> Also, I've put a local copy of openejb-core-2.0-G1M5.jar to the=20
> application's classpath for context factory to be found.
>
> =20
>
> Could somebody please point me at what I'm doing wrong and how can I=20
> tune Geronimo to accept JNDI connections from the remote machine?
>
> =20
>
> Thanks in advance,
>
> =20
>
>    Vasily Zakharov, Intel Managed Runtime Division
>