You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by "Zakharov, Vasily M" <va...@intel.com> on 2005/11/21 14:19:10 UTC
JNDI remote authentication problem
Hello, all.
I'm trying to run an application that should access the beans (deployed
in a Geronimo server running on other machine) with a JNDI request.
However, I get the following exception immediately at "new
InitialContext()" statement:
javax.naming.AuthenticationException: Cannot deternmine server protocol
version: Received null/0.0; nested exception is:
java.io.IOException: Unable to read protocol version. Reached
the end of the stream.
The Geronimo console states the following at that moment:
15:31:20,132 ERROR [EJB] Host <app-host> is not authorized to access
this service.
java.lang.SecurityException: Host <app-host> is not authorized to access
this service.
at
org.activeio.xnet.hba.ServiceAccessController.checkHostsAuthorization(Se
rviceAccessController.java:78)
at
org.activeio.xnet.hba.ServiceAccessController.service(ServiceAccessContr
oller.java:51)
at
org.activeio.xnet.ServiceLogger.service(ServiceLogger.java:74)
at
org.activeio.xnet.ServiceDaemon$SocketListener.run(ServiceDaemon.java:15
1)
at java.lang.Thread.run(Unknown Source)
(here <app-host> replaces the IP address of the machine where I run my
application)
I'm using a default installation of Geronimo 1.0 M5, and Windows XP SP2
and Sun's JRE 1.4.2_08 on both machines.
The client application's system properties include:
java.naming.factory.initial=org.openejb.client.RemoteInitialContextFacto
ry
java.naming.provider.url=<geronimo-host>:4201
java.naming.security.principal=system
java.naming.security.credentials=manager
(here <geronimo-host> replaces the name of the machine where Geronimo is
running and principal/credentials are the same I use to login to
Geronimo console)
Also, I've put a local copy of openejb-core-2.0-G1M5.jar to the
application's classpath for context factory to be found.
Could somebody please point me at what I'm doing wrong and how can I
tune Geronimo to accept JNDI connections from the remote machine?
Thanks in advance,
Vasily Zakharov, Intel Managed Runtime Division
Re: JNDI remote authentication problem
Posted by John Sisson <jr...@gmail.com>.
Hi Vasily,
In the j2ee-server-plan.xml file it configures the IP addresses that the
(OpenEJB) EJB daemon will accept connections from in the "allowHosts"
attribute. For example:
<!-- EJB Protocol -->
<gbean gbeanName="geronimo:type=NetworkService,name=EJB"
class="org.activeio.xnet.StandardServiceStackGBean">
<attribute name="name">EJB</attribute>
<attribute name="port">${PlanOpenEJBPort}</attribute>
<attribute name="host">${PlanServerHostname}</attribute>
<attribute name="allowHosts">${PlanClientAddresses}</attribute>
<attribute name="logOnSuccess">HOST,NAME,THREADID,USERID</attribute>
<attribute name="logOnFailure">HOST,NAME</attribute>
<reference
name="Executor"><name>DefaultThreadPool</name></reference>
<reference
name="Server"><gbean-name>openejb:type=Server,name=EJB</gbean-name></reference>
</gbean>
The In the geronimo\var\config.xml file (where you can specify attribute
values that can override the values in the deployed plan) you should see
the following section:
<configuration name="org/apache/geronimo/Server">
<gbean name="openejb:type=NetworkService,name=EJB">
<attribute name="host">0.0.0.0</attribute>
<attribute name="port">4201</attribute>
</gbean>
</configuration>
In theory, you should be able to edit the config.xml file and specify
the allowable remote host by doing something like:
<configuration name="org/apache/geronimo/Server">
<gbean name="openejb:type=NetworkService,name=EJB">
<attribute name="host">0.0.0.0</attribute>
<attribute name="port">4201</attribute>
<attribute name="allowHosts">myhostname</attribute>
</gbean>
</configuration>
*** But I have a bug currently open where the port number in the
config.xml file as shown in the example above is not actually used and I
have a feeling the same problem will happen for allowHosts (see
http://issues.apache.org/jira/browse/GERONIMO-1151 ). I haven't had a
chance to debug this yet. Let me know what happens.
I think most of the testing so far has been done on the localhost with
the default port.
Regards,
John
Zakharov, Vasily M wrote:
> Hello, all.
>
>
>
> I'm trying to run an application that should access the beans
> (deployed in a Geronimo server running on other machine) with a JNDI
> request.
>
>
>
> However, I get the following exception immediately at "new
> InitialContext()" statement:
>
>
>
> javax.naming.AuthenticationException: Cannot deternmine server
> protocol version: Received null/0.0; nested exception
> is:
>
> java.io.IOException: Unable to read protocol version. Reached
> the end of the stream.
>
>
>
> The Geronimo console states the following at that moment:
>
>
>
> 15:31:20,132 ERROR [EJB] Host <app-host> is not authorized to access
> this service.
>
> java.lang.SecurityException: Host <app-host> is not authorized to
> access this service.
>
> at
> org.activeio.xnet.hba.ServiceAccessController.checkHostsAuthorization(ServiceAccessController.java:78)
>
> at
> org.activeio.xnet.hba.ServiceAccessController.service(ServiceAccessController.java:51)
>
> at org.activeio.xnet.ServiceLogger.service(ServiceLogger.java:74)
>
> at
> org.activeio.xnet.ServiceDaemon$SocketListener.run(ServiceDaemon.java:151)
>
> at java.lang.Thread.run(Unknown Source)
>
>
>
> (here <app-host> replaces the IP address of the machine where I run my
> application)
>
>
>
> I'm using a default installation of Geronimo 1.0 M5, and Windows XP
> SP2 and Sun's JRE 1.4.2_08 on both machines.
>
>
>
> The client application's system properties include:
>
> java.naming.factory.initial=org.openejb.client.RemoteInitialContextFactory
>
> java.naming.provider.url=<geronimo-host>:4201
>
> java.naming.security.principal=system
>
> java.naming.security.credentials=manager
>
>
>
> (here <geronimo-host> replaces the name of the machine where Geronimo
> is running and principal/credentials are the same I use to login to
> Geronimo console)
>
>
>
> Also, I've put a local copy of openejb-core-2.0-G1M5.jar to the
> application's classpath for context factory to be found.
>
>
>
> Could somebody please point me at what I'm doing wrong and how can I
> tune Geronimo to accept JNDI connections from the remote machine?
>
>
>
> Thanks in advance,
>
>
>
> Vasily Zakharov, Intel Managed Runtime Division
>
>
>