You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by Rick McGuire <ri...@gmail.com> on 2006/07/19 13:45:19 UTC
Making sense of CorbaBean listener ports.
In trying to write an adapter for the Yoko ORB, I've also been trying to
clean up how the CorbaBean/CSSBean/TSSBean configs are managed so that
fewer ORB-specific details show up in the plans. One place where things
seem to be in a particular mess is the specification of the CorbaBean
host and listener information. It's probably best to show some samples
from the plans to illustrate the problems.
from configs/client-corba/src/plan/plan.xml:
<gbean name="Server" class="org.openejb.corba.CORBABean">
<reference name="ThreadPool">
<name>DefaultThreadPool</name>
</reference>
<!-- PlanORBSSLPort was 9683-->
<attribute name="args">-ORBPort, ${PlanORBSSLPort}, -ORBInitRef,
NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
<attribute name="props">
com.sun.CORBA.ORBServerHost=${PlanORBSSLHost}
</attribute>
<dependency>
<name>SecurityService</name>
</dependency>
<dependency>
<name>CORBASystemProperties</name>
</dependency>
</gbean>
In this case, the initial listening port is specified using the -ORBPort
argument, and the server host name is specified using a Sun-specific
property com.sun.CORBA.ORBServerHost. This listening port is initiated
using a side effect of how the SunOrbConfigurator works (it passes the
args and properties specified on the config through to the ORB.init()
call), but the configurator is not aware of these settings, and also
creates a listener on a hard-coded 6882 port. This ORB has two
listeners (each on a separate thread).
From configs/j2ee-corba/src/plan/plan.xml:
<gbean name="Server" class="org.openejb.corba.CORBABean">
<reference name="ThreadPool">
<name>DefaultThreadPool</name>
</reference>
<attribute name="args">-ORBInitRef,
NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
<attribute
name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
<xml-attribute name="tssConfig">
<tss:tss
xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
<tss:default-principal>
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
</tss:default-principal>
<tss:SSL port="${PlanORBSSLPort}"
hostname="${PlanORBSSLHost}">
<tss:supports>Integrity Confidentiality
EstablishTrustInTarget</tss:supports>
<tss:requires>Integrity Confidentiality</tss:requires>
</tss:SSL>
<tss:compoundSecMechTypeList>
<tss:compoundSecMech>
<tss:GSSUP required="true" targetName="default"/>
<tss:sasMech>
<tss:identityTokenTypes>
<tss:ITTAbsent/>
</tss:identityTokenTypes>
</tss:sasMech>
</tss:compoundSecMech>
</tss:compoundSecMechTypeList>
</tss:tss>
</xml-attribute>
<dependency>
<name>SystemProperties</name>
</dependency>
<dependency>
<name>NameServer</name>
</dependency>
<dependency>
<name>SecurityService</name>
</dependency>
</gbean>
This one specifies a port and hostname in the TSSConfig. There are no
values specified -ORBPort or com.sun.CORBA.ORBServerHost. The
configurator does recognize that a value has been specified in the
TSSConfig, and forces an initial listener on the specified port.
However, it ignores the hostname value, and uses the ORB default
(InetAddress.getLocalHost()).
Also from From configs/j2ee-corba/src/plan/plan.xml:
<!-- orb with no security whatsoever -->
<gbean name="UnprotectedServer" class="org.openejb.corba.CORBABean">
<reference name="ThreadPool">
<name>DefaultThreadPool</name>
</reference>
<attribute name="args">-ORBInitRef,
NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
<attribute
name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
<xml-attribute name="tssConfig">
<tss:tss
xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
<tss:default-principal>
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
</tss:default-principal>
<tss:compoundSecMechTypeList>
<tss:compoundSecMech>
<tss:GSSUP required="true" targetName="default"/>
<tss:sasMech>
<tss:identityTokenTypes>
<tss:ITTAbsent/>
</tss:identityTokenTypes>
</tss:sasMech>
</tss:compoundSecMech>
</tss:compoundSecMechTypeList>
</tss:tss>
</xml-attribute>
<dependency>
<type>CORBABean</type>
<name>Server</name>
</dependency>
<dependency>
<name>SystemProperties</name>
</dependency>
<dependency>
<name>NameServer</name>
</dependency>
<dependency>
<name>SecurityService</name>
</dependency>
</gbean>
This one has neither -ORBPort specified or an SSL config as part of the
TSSConfig. And if I read the code in SunORBConfigAdapter correctly,
this will not initialize any listening ports at all. The code to start
the initial port (SunORBConfigAdapter.postProcess(TSSConfig, ORB)) when
a TSSConfig is available, will only create an endpoint if an instance of
TSSSSLTransportconfig is found.
All of this is a bit confusing as to the intent, and it really would be
nice if CorbaBean allowed an ORB independent method for setting the port
and host name, and then pushed the onus for setting the appropriate
arguments and properties off to the ORB ConfigAdapters. This is pretty
easy to do, but it also needs to be reconciled with the fact we'll end
up with one specification in the TSSConfig, and second directly on the
GBean. A consistent set of rules needs to be defined for how this is
handled. I guess the first pass would be to use the TSSConfig values
first, then the CorbaBean values, defaulting to 6882(?) and
InetAddress.getLocalHost() for any non-specified values.
Thoughts?
Rick
Re: Making sense of CorbaBean listener ports.
Posted by Dain Sundstrom <da...@iq80.com>.
Thought? Ya, don't take the current code too seriously. The code
there is just what we could get to work, so if you have a better way
of doing it, I'm all for it.
-dain
On Jul 19, 2006, at 4:45 AM, Rick McGuire wrote:
> In trying to write an adapter for the Yoko ORB, I've also been
> trying to clean up how the CorbaBean/CSSBean/TSSBean configs are
> managed so that fewer ORB-specific details show up in the plans.
> One place where things seem to be in a particular mess is the
> specification of the CorbaBean host and listener information. It's
> probably best to show some samples from the plans to illustrate the
> problems.
>
> from configs/client-corba/src/plan/plan.xml:
>
> <gbean name="Server" class="org.openejb.corba.CORBABean">
> <reference name="ThreadPool">
> <name>DefaultThreadPool</name>
> </reference>
> <!-- PlanORBSSLPort was 9683-->
> <attribute name="args">-ORBPort, ${PlanORBSSLPort}, -
> ORBInitRef,
> NameService=corbaloc::${PlanCOSNamingHost}:$
> {PlanCOSNamingPort}/NameService</attribute>
> <attribute name="props">
> com.sun.CORBA.ORBServerHost=${PlanORBSSLHost}
> </attribute>
> <dependency>
> <name>SecurityService</name>
> </dependency>
> <dependency>
> <name>CORBASystemProperties</name>
> </dependency>
> </gbean>
>
> In this case, the initial listening port is specified using the -
> ORBPort argument, and the server host name is specified using a Sun-
> specific property com.sun.CORBA.ORBServerHost. This listening port
> is initiated using a side effect of how the SunOrbConfigurator
> works (it passes the args and properties specified on the config
> through to the ORB.init() call), but the configurator is not aware
> of these settings, and also creates a listener on a hard-coded 6882
> port. This ORB has two listeners (each on a separate thread).
>
> From configs/j2ee-corba/src/plan/plan.xml:
>
> <gbean name="Server" class="org.openejb.corba.CORBABean">
> <reference name="ThreadPool">
> <name>DefaultThreadPool</name>
> </reference>
> <attribute name="args">-ORBInitRef, NameService=corbaloc::$
> {PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
> <attribute
> name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</
> attribute>
> <xml-attribute name="tssConfig">
> <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-
> tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/
> security-1.1">
> <tss:default-principal>
> <sec:principal
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrinci
> pal" name="guest"/>
> </tss:default-principal>
> <tss:SSL port="${PlanORBSSLPort}" hostname="$
> {PlanORBSSLHost}">
> <tss:supports>Integrity Confidentiality
> EstablishTrustInTarget</tss:supports>
> <tss:requires>Integrity Confidentiality</
> tss:requires>
> </tss:SSL>
> <tss:compoundSecMechTypeList>
> <tss:compoundSecMech>
> <tss:GSSUP required="true"
> targetName="default"/>
> <tss:sasMech>
> <tss:identityTokenTypes>
> <tss:ITTAbsent/>
> </tss:identityTokenTypes>
> </tss:sasMech>
> </tss:compoundSecMech>
> </tss:compoundSecMechTypeList>
> </tss:tss>
> </xml-attribute>
> <dependency>
> <name>SystemProperties</name>
> </dependency>
> <dependency>
> <name>NameServer</name>
> </dependency>
> <dependency>
> <name>SecurityService</name>
> </dependency>
> </gbean>
>
> This one specifies a port and hostname in the TSSConfig. There are
> no values specified -ORBPort or com.sun.CORBA.ORBServerHost. The
> configurator does recognize that a value has been specified in the
> TSSConfig, and forces an initial listener on the specified port.
> However, it ignores the hostname value, and uses the ORB default
> (InetAddress.getLocalHost()).
>
> Also from From configs/j2ee-corba/src/plan/plan.xml:
>
> <!-- orb with no security whatsoever -->
> <gbean name="UnprotectedServer"
> class="org.openejb.corba.CORBABean">
> <reference name="ThreadPool">
> <name>DefaultThreadPool</name>
> </reference>
> <attribute name="args">-ORBInitRef, NameService=corbaloc::$
> {PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
> <attribute
> name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</
> attribute>
> <xml-attribute name="tssConfig">
> <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-
> tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/
> security-1.1">
> <tss:default-principal>
> <sec:principal
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrinci
> pal" name="guest"/>
> </tss:default-principal>
> <tss:compoundSecMechTypeList>
> <tss:compoundSecMech>
> <tss:GSSUP required="true"
> targetName="default"/>
> <tss:sasMech>
> <tss:identityTokenTypes>
> <tss:ITTAbsent/>
> </tss:identityTokenTypes>
> </tss:sasMech>
> </tss:compoundSecMech>
> </tss:compoundSecMechTypeList>
> </tss:tss>
> </xml-attribute>
> <dependency>
> <type>CORBABean</type>
> <name>Server</name>
> </dependency>
> <dependency>
> <name>SystemProperties</name>
> </dependency>
> <dependency>
> <name>NameServer</name>
> </dependency>
> <dependency>
> <name>SecurityService</name>
> </dependency>
> </gbean>
>
> This one has neither -ORBPort specified or an SSL config as part of
> the TSSConfig. And if I read the code in SunORBConfigAdapter
> correctly, this will not initialize any listening ports at all.
> The code to start the initial port (SunORBConfigAdapter.postProcess
> (TSSConfig, ORB)) when a TSSConfig is available, will only create
> an endpoint if an instance of TSSSSLTransportconfig is found.
>
> All of this is a bit confusing as to the intent, and it really
> would be nice if CorbaBean allowed an ORB independent method for
> setting the port and host name, and then pushed the onus for
> setting the appropriate arguments and properties off to the ORB
> ConfigAdapters. This is pretty easy to do, but it also needs to be
> reconciled with the fact we'll end up with one specification in the
> TSSConfig, and second directly on the GBean. A consistent set of
> rules needs to be defined for how this is handled. I guess the
> first pass would be to use the TSSConfig values first, then the
> CorbaBean values, defaulting to 6882(?) and InetAddress.getLocalHost
> () for any non-specified values.
>
> Thoughts?
>
> Rick