Re: RMI from EJB, permissions in EJB

Thu, 31 Aug 2000 10:50:33 -0700 

Where do you see that? I don't read any particular restriction on making RMI
calls; you're not allowed to explicitly listen for any incoming socket
calls, but that's not the same.

When I stop to think about it, in fact, a reference to another EJB itself
may be a remote reference, so the EJB spec CAN'T, in my interpretation,
forbid RMI calls, because then a Bean could never refer to another bean in
any way. Is there some text I missed in that section? (I freely admit, I
just skimmed it just now--not a real deep read--but didn't see anything
along those lines.)

Ted Neward
Java Instructor, DevelopMentor (http://www.develop.com)
http://www.javageeks.com/~tneward

----- Original Message -----
From: "Dave Smith" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Thursday, August 31, 2000 9:10 AM
Subject: Re: RMI from EJB, permissions in EJB


> I'm not sure you can. I think this kind of behaviour (i.e. opening sockets
> to remote registries) is explicitly forbidden in section 18.1.2 of the EJB
> 1.1 spec.
>
> Friedrich Dodt wrote:
>
> > How do I get my Session Bean to issue an RMI call successfully?
> >
> > I am trying to contact a simple RMI method that runs on an RMI server
> > (rmiregistry) from code in my Session Bean. Up to now without success.
> >
> > 1. With the naive approach
> >
> >         System.setSecurityManager(new RMISecurityManager());
> >         RemoteObject remo = (RemoteObject) Naming.lookup(toLookup);
> >
> > I get a  (java.net.SocketPermission xxx.xxx.xxx.xxx:xxxx
> > connect,resolve)
> >
> > To overcome this, I have changed
> > - {java.home}/lib/security/java.policy
> > - and I have tried it the with the command line arguments
> >         -Djava.security.manager -Djava.security.policy==my.policy
> >   when I start orion.jar.
> >
> > This policy file contained just
> >
> > grant {
> >         // Allow everything for now
> >         permission java.security.AllPermission;
> >         permission com.evermind.server.AdministrationPermission;
> >         permission java.net.SocketPermission "*:1024-65535",
> > "listen,accept,connect,resolve";
> > };
> >
> > However, this didn't change Orions behaviour.
> >
> > The approach with
> >         // create and fill a Hashtable "environment", then call
> >         InitialContext context = new InitialContext (environment);
> > didn't work either.
> >
> > 2. Suspecting that the Orion server interferes with the normal policy
> > concept, I tried to change the rmi.xml file.
> >
> > The mere adding of a line like
> >
> > <server host="localhost" username="admin" password="admin" />
> >
> > to rmi.xml leads to the server not starting up. It does not say "Orion
> > 1.0.3 initialized" and it does not react (in the case rmiregistry runs;
> > if not an Exception is thrown indicating the connection is refused).
> >
> > This is clearly a bug: If the server can't cope with a situation it
> > should at least leave a message and not just be stuck silently. This is
> > true if you start Orion just as it ships with just the rmi.xml changed.
> >
> > So the question is: How can I contact an RMI server from within an EJB?
> >
> > If you don't know that, perhaps you can answer this one: How can I
> > permit SocketPermission (and other permissions?) to the code in my EJB?
> >
> > Thanks in advance
>

Reply via email to