Peter, thank you for your help. I can run the Hello World demo
application now.
By the way, I would like to return to the question about integrity
verification using HTTPMD URLs. Previously, Dan Creswell requested
some of my config files. As a matter of fact, that's the server's
config file:
-------
import java.security.Permission;
import com.sun.jini.config.ConfigUtil;
import net.jini.constraint.BasicMethodConstraints;
import net.jini.core.constraint.InvocationConstraint;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.core.constraint.Confidentiality;
import net.jini.core.constraint.Integrity;
import net.jini.jeri.*;
import net.jini.jeri.ssl.*;
import net.jini.url.httpmd.HttpmdUtil;
Test {
/* policy file name */
policy = "policy.all";
/* codebase URL */
codebase =
HttpmdUtil.computeDigestCodebase("/home/helcio/jini/exemplos/securityTest",
(String) ConfigUtil.concat(new Object[] {
"httpmd://", ConfigUtil.getHostName(),
":8086/AbstractConfigurationServer-dl.jar;sha=0"}));
/* Exporter for the server proxy */
exporter =
/* Use secure exporter */
new BasicJeriExporter(
/* Use SSL transport */
SslServerEndpoint.getInstance(0),
new ProxyTrustILFactory(
/* Require integrity for all methods */
new BasicMethodConstraints(
new InvocationConstraints(
new InvocationConstraint[] { Integrity.YES,
Confidentiality.YES }, null)
),
null)
);
}
---------------
Some days ago, I've used a BasicILFactory, and, as I've said
before, my proxy was not considered trusted by its client. After I've
taken a look on Dan Creswell's tutorial about JINI and SSL
(http://www.dancres.org/cottage/jini_ssl.html), I've choose to replace
it by a ProxyTrustILFactory. But, as it was shown by exceptions thrown
below, my service must implement the ServerProxyTrust interface, and
that's include an implementation of getProxyVerifier method.
Does somebody can help me providing an example of such
implementation? Should I extend some class implementing
ServerProxyTrust? I know the getProxyVerifier returns a (local) porxy
verifier that must be used to enforce integrity at code and data
levels. But I am not sure about what is the most suitable action to
perform now.
Once more, thanks in advance, gentlemen!
--------------
--> exporting a proxy for client...java.rmi.server.ExportException:
impl must implement ServerProxyTrust
at
net.jini.jeri.ProxyTrustILFactory.getRemoteInterfaces(ProxyTrustILFactory.java:106)
at
net.jini.jeri.AbstractILFactory.getProxyInterfaces(AbstractILFactory.java:154)
at
net.jini.jeri.AbstractILFactory.createInstances(AbstractILFactory.java:450)
at net.jini.jeri.BasicJeriExporter.export(BasicJeriExporter.java:621)
at
server.SecAbstractConfigurationServer.<init>(SecAbstractConfigurationServer.java:129)
at
server.SecAbstractConfigurationServer$1.run(SecAbstractConfigurationServer.java:68)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at
server.SecAbstractConfigurationServer.init(SecAbstractConfigurationServer.java:64)
at
server.SecAbstractConfigurationServer.main(SecAbstractConfigurationServer.java:39)
2011/8/31 Peter Firmstone <[email protected]>:
>> Solved! After I've typed:
>>
>> /usr/local/apache-river-2.2.0/lib-ext# cp jsk-policy.jar
>> /usr/local/jdk1.6.0_24/jre/lib/ext/
>>
>> ...the ssl-reggie.sh script is working now! My apologies for that
>> last message!
>>
>> Kindest regards to everybody.
>>
>> Helcio.
>
> Helcio,
>
> If you don't want to install it into jre/lib/ext/ you can also have it
> loaded as an extension by setting the following system property with the
> following argument on the command line:
>
> -java.ext.dirs=/usr/local/jdk1.6.0_24/jre/lib/ext/:/usr/local/apache-river-2.2.0/lib-ext/
>
> Cheers,
>
> Peter.
>
