You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geronimo.apache.org by "Zakharov, Vasily M" <va...@intel.com> on 2005/11/21 14:19:10 UTC

JNDI remote authentication problem

Hello, all.

 

I'm trying to run an application that should access the beans (deployed
in a Geronimo server running on other machine) with a JNDI request.

 

However, I get the following exception immediately at "new
InitialContext()" statement:

 

javax.naming.AuthenticationException: Cannot deternmine server protocol
version: Received null/0.0; nested exception is:


        java.io.IOException: Unable to read protocol version.  Reached
the end of the stream.        

 

The Geronimo console states the following at that moment:

 

15:31:20,132 ERROR [EJB] Host <app-host> is not authorized to access
this service.

java.lang.SecurityException: Host <app-host> is not authorized to access
this service.

        at
org.activeio.xnet.hba.ServiceAccessController.checkHostsAuthorization(Se
rviceAccessController.java:78)

        at
org.activeio.xnet.hba.ServiceAccessController.service(ServiceAccessContr
oller.java:51)

        at
org.activeio.xnet.ServiceLogger.service(ServiceLogger.java:74)

        at
org.activeio.xnet.ServiceDaemon$SocketListener.run(ServiceDaemon.java:15
1)

        at java.lang.Thread.run(Unknown Source)

 

(here <app-host> replaces the IP address of the machine where I run my
application)

 

I'm using a default installation of Geronimo 1.0 M5, and Windows XP SP2
and Sun's JRE 1.4.2_08 on both machines.

 

The client application's system properties include:

java.naming.factory.initial=org.openejb.client.RemoteInitialContextFacto
ry

java.naming.provider.url=<geronimo-host>:4201

java.naming.security.principal=system

java.naming.security.credentials=manager

 

(here <geronimo-host> replaces the name of the machine where Geronimo is
running and principal/credentials are the same I use to login to
Geronimo console)

 

Also, I've put a local copy of openejb-core-2.0-G1M5.jar to the
application's classpath for context factory to be found.

 

Could somebody please point me at what I'm doing wrong and how can I
tune Geronimo to accept JNDI connections from the remote machine?

 

Thanks in advance,

 

   Vasily Zakharov, Intel Managed Runtime Division

Re: JNDI remote authentication problem

Posted by John Sisson <jr...@gmail.com>.

Hi Vasily,

In the j2ee-server-plan.xml file it configures the IP addresses that the 
(OpenEJB) EJB daemon will accept connections from in the "allowHosts" 
attribute.  For example:

    <!-- EJB Protocol -->
    <gbean gbeanName="geronimo:type=NetworkService,name=EJB" 
class="org.activeio.xnet.StandardServiceStackGBean">
        <attribute name="name">EJB</attribute>
        <attribute name="port">${PlanOpenEJBPort}</attribute>
        <attribute name="host">${PlanServerHostname}</attribute>
        <attribute name="allowHosts">${PlanClientAddresses}</attribute>
        <attribute name="logOnSuccess">HOST,NAME,THREADID,USERID</attribute>
        <attribute name="logOnFailure">HOST,NAME</attribute>
        <reference 
name="Executor"><name>DefaultThreadPool</name></reference>
        <reference 
name="Server"><gbean-name>openejb:type=Server,name=EJB</gbean-name></reference>
    </gbean>

The In the geronimo\var\config.xml file (where you can specify attribute 
values that can override the values in the deployed plan) you should see 
the following section:

    <configuration name="org/apache/geronimo/Server">
        <gbean name="openejb:type=NetworkService,name=EJB">
            <attribute name="host">0.0.0.0</attribute>
            <attribute name="port">4201</attribute>
        </gbean>
    </configuration>

In theory, you should be able to edit the config.xml file and specify 
the allowable remote host by doing something like:

    <configuration name="org/apache/geronimo/Server">
        <gbean name="openejb:type=NetworkService,name=EJB">
            <attribute name="host">0.0.0.0</attribute>
            <attribute name="port">4201</attribute>
            <attribute name="allowHosts">myhostname</attribute>
        </gbean>
    </configuration>

*** But I have a bug currently open where the port number in the 
config.xml file as shown in the example above is not actually used and I 
have a feeling the same problem will happen for allowHosts (see 
http://issues.apache.org/jira/browse/GERONIMO-1151 ).  I haven't had a 
chance to debug this yet.  Let me know what happens.

I think most of the testing so far has been done on the localhost with 
the default port.

Regards,

John

Zakharov, Vasily M wrote:

> Hello, all.
>
>  
>
> I'm trying to run an application that should access the beans 
> (deployed in a Geronimo server running on other machine) with a JNDI 
> request.
>
>  
>
> However, I get the following exception immediately at "new 
> InitialContext()" statement:
>
>  
>
> javax.naming.AuthenticationException: Cannot deternmine server 
> protocol version: Received null/0.0; nested exception 
> is:                                                
>
>         java.io.IOException: Unable to read protocol version.  Reached 
> the end of the stream.       
>
>  
>
> The Geronimo console states the following at that moment:
>
>  
>
> 15:31:20,132 ERROR [EJB] Host <app-host> is not authorized to access 
> this service.
>
> java.lang.SecurityException: Host <app-host> is not authorized to 
> access this service.
>
>         at 
> org.activeio.xnet.hba.ServiceAccessController.checkHostsAuthorization(ServiceAccessController.java:78)
>
>         at 
> org.activeio.xnet.hba.ServiceAccessController.service(ServiceAccessController.java:51)
>
>         at org.activeio.xnet.ServiceLogger.service(ServiceLogger.java:74)
>
>         at 
> org.activeio.xnet.ServiceDaemon$SocketListener.run(ServiceDaemon.java:151)
>
>         at java.lang.Thread.run(Unknown Source)
>
>  
>
> (here <app-host> replaces the IP address of the machine where I run my 
> application)
>
>  
>
> I'm using a default installation of Geronimo 1.0 M5, and Windows XP 
> SP2 and Sun's JRE 1.4.2_08 on both machines.
>
>  
>
> The client application's system properties include:
>
> java.naming.factory.initial=org.openejb.client.RemoteInitialContextFactory
>
> java.naming.provider.url=<geronimo-host>:4201
>
> java.naming.security.principal=system
>
> java.naming.security.credentials=manager
>
>  
>
> (here <geronimo-host> replaces the name of the machine where Geronimo 
> is running and principal/credentials are the same I use to login to 
> Geronimo console)
>
>  
>
> Also, I've put a local copy of openejb-core-2.0-G1M5.jar to the 
> application's classpath for context factory to be found.
>
>  
>
> Could somebody please point me at what I'm doing wrong and how can I 
> tune Geronimo to accept JNDI connections from the remote machine?
>
>  
>
> Thanks in advance,
>
>  
>
>    Vasily Zakharov, Intel Managed Runtime Division
>
>  
>