Greetings I have now found a solution to this problem and have submitted patched to OpenORB dev forum for the IIOP side of the problem . For the http/bootstrap stepd changes are also required on the xindice side for xindice 1.0
I suggest that xindice 1.0 gets pacthed to support this. I am aware that xindice is moving away from OpenORB so I will jus port the altered file here. file location :- java/src/org/apache/xindice/client/xmldb/ method altered is init. I would like to hear from anybody who is coming across the same issue. Clearly the current implementation is not usefull when run on a secured environment. On Wednesday 20 Nov 2002 11:38 am, JC Tchitchiama wrote: > All, > > I have got an urgent problem I hope someone out there has already come=20 > accross. > > Basically I would like to specify/restrict the range of ports that can be > used between the client and the server during xindice comm across the > network. > > I see that the initial comm is carried accross dynamic ports before > reaching GIOP step. > > Best Regards. > Problem Summary/Background ======================== I have been nagging folks over the past couple of days because I was testing xindice-openorb on an environement with strict of firewall rules and guess what none of my corba client outgoing socket were able to be created unless firewall rules were relaxed for all ports above 1023. These is cleary no acceptable because of security concern. I then looked at OpenORB for an property to set client outgoing port range and discovered that the only option available was on the iiop server side that can be restricted to run only on a specified port (iiop.port=55555) Using ethereal I realised that the port allocation is random and I needed a fix for it. I spoke to couple of you on the user forum and no workaround was available to me. Best Regards. JC. ================================================================== [EMAIL PROTECTED] =================================================================
package org.apache.xindice.client.xmldb; /* * The Apache Software License, Version 1.1 * * * Copyright (c) 1999 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Xindice" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation and was * originally based on software copyright (c) 1999-2001, The dbXML * Group, L.L.C., http://www.dbxmlgroup.com. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * $Id: DatabaseImpl.java,v 1.1.1.1 2001/12/06 19:33:54 bradford Exp $ */ import org.omg.CORBA.ORB; import java.util.*; import java.io.*; import java.net.*; import javax.naming.*; import org.xmldb.api.base.*; import org.apache.xindice.core.FaultCodes; import org.apache.xindice.client.corba.db.*; import org.apache.xindice.client.corba.db.Database; /** * DatabaseImpl is the XML:DB driver implementation for Xindice. It is the entry * point into the Xindice server but is not intended for direct use by users. * Users access it indirectly through the XML:DB DatabaseManager implementation. * * * This API is an implementation of the XML:DB API. More information on this API * can be found by looking at * <a href="http://www.xmldb.org/xapi/index.html";>http://www.xmldb.org/xapi/index.html</a> * <p /> * * The location to find the NamingService ior can be specified by setting the * property xindice.naming.ior using setProperty. By default the system is * bootstrapped via HTTP and doesn't use a CORBA naming service. * * The CORBA ORB implementation can be switched by setting the properties * org.omg.CORBA.ORBClass and org.omg.CORBA.ORBSingletonClass with the values * provided by your orb vendor. The values are set using setProperty(). */ public class DatabaseImpl extends CommonConfigurable implements org.xmldb.api.base.Database { protected Hashtable dbs = null; /** * Name used in the uri for collections associated with this instance. */ public static String INSTANCE_NAME = "xindice"; /** * The characters expected to separate the INSTANCE_NAME from the database * name. */ public static String SEP = "://"; /** * The XML:DB API Core Level Conformance of this implementation. */ public static String CONFORMANCE_LEVEL = "0"; /** * Default CORBA name service name for the Database instance. */ public final static String DEFAULT_CORBA_NAME = "db"; /** * Default location where the bootstrap IOR can be located. */ public final static String DEFAULT_BOOTSTRAP_URI = "http://localhost:4080/db_bootstrap.ior";; /** * Property name to use to set the URI where a CORBA name service can be * located. */ public final static String CORBA_NAMING_PROP = "xindice.naming.ior"; /** * Property name to use to set the name of the ORB Class. This is used to * override the JDKs built in CORBA ORB. */ public final static String ORB_CLASS_PROP = "org.omg.CORBA.ORBClass"; /** * Property name to use to set the name of the ORB singleton Class. This is * used to override the JDKs built in CORBA ORB. */ public final static String ORB_SINGLETON_CLASS_PROP = "org.omg.CORBA.ORBSingletonClass"; // CORBA naming context root element. protected static String ROOT_CONTEXT = INSTANCE_NAME; /** * Constructor for the DatabaseImpl object */ public DatabaseImpl() { super(); dbs = new Hashtable(); } /** * Gets the instance Name * * @return The Name value * @exception XMLDBException */ public String getName() throws XMLDBException { return INSTANCE_NAME; } /** * Creates a Collection instance using the URI to locate the collection in * the Xindice instance. Applications should not call this method directly. * Instead they should call org.xmldb.api.base.DatabaseManager.getCollection(). * <p /> * The URI format accepted by this method: * xindice:/[Nameservice host]//[Database Instance Name in the CORBA Name Service]/[collection path] * <p /> * Nameservice host is optional. * * This usually looks something like this: * xindice:///db/root/ocs. or * xindice://some.host.com:8309/db/root/ocs * <p /> * When you pass the URI to DatabaseManager.getCollection(uri) you must * prepend an xmldb: to the beginning to make it a valid XML:DB URI. * So to normal users of the API URIs will look like this: * xmldb:xindice:///db/root/ocs. DatabaseManager will strip the * xmldb: before handing the URI to this getCollection implementation. * <p /> * @param uri The URI specifing the location of the collection. * @return The Collection value * @exception XMLDBException */ public org.xmldb.api.base.Collection getCollection(String uri, String username, String password) throws XMLDBException { if (uri == null) { throw new XMLDBException(ErrorCodes.INVALID_URI); } // Get the name service name to use to locate the server String corbaName = getNamingNameFromURI(uri); if (corbaName == null) { corbaName = DEFAULT_CORBA_NAME; } // Get the bootstrap URI to use to locate the server String corbaBootstrapURI = getNamingURI(uri, corbaName); if (corbaBootstrapURI == null) { corbaBootstrapURI = DEFAULT_BOOTSTRAP_URI; } // Create a Database instance for this name if it doesn't already // exist. String dbKey = corbaBootstrapURI + " " + corbaName; if (dbs.get(dbKey) == null) { init(corbaBootstrapURI, corbaName); } // xindice:///db-instance/collection-path String collectionName = getCollectionFromURI(uri); org.xmldb.api.base.Collection collection = null; try { Database db = (Database) dbs.get(dbKey); collection = new CollectionImpl(db.getCollection(collectionName), db, this); } catch (APIException e) { if (e.faultCode == FaultCodes.COL_COLLECTION_NOT_FOUND) { return null; } else { throw FaultCodes.createXMLDBException(e); } } catch (Exception e) { throw FaultCodes.createXMLDBException(e); } return collection; } /** * Gets the ConformanceLevel attribute of the DatabaseImpl object * * @return The ConformanceLevel value * @exception XMLDBException Description of Exception */ public String getConformanceLevel() throws XMLDBException { return CONFORMANCE_LEVEL; } /** * Used by org.xmldb.api.base.DatabaseManager to determine if this database * instance is the proper one to handle a request or not. * * @param uri The uri to test - see getCollection for a description of the * format. * @return true if the URI can be handled, false otherwise. * @exception XMLDBException */ public boolean acceptsURI(String uri) throws XMLDBException { if (uri.startsWith(INSTANCE_NAME)) { return true; } return false; } /** * Returns the Collection path portion of the URI. * * @param uri the URI to parse. * @return The collection path portion of the URI. * @exception XMLDBException */ protected String getCollectionFromURI(String uri) throws XMLDBException { if ( ! uri.startsWith(INSTANCE_NAME) ) { throw new XMLDBException(ErrorCodes.INVALID_DATABASE); } // Find the start of the collection path skipping over the database name. int start = uri.indexOf('/', INSTANCE_NAME.length() + SEP.length()); start = uri.indexOf('/', start + 1); // Remove the protocol and database instance name String result = "/"; if ( start != -1 ) { result = uri.substring(start, uri.length()); } return result; } /** * Returns the CORBA name service name portion of the URI. * This is xindice:///[corba name]/ * * @param uri the URI to parse. * @return The collection path portion of the URI. * @exception XMLDBException */ protected String getNamingNameFromURI(String uri) throws XMLDBException { if ( ! uri.startsWith(INSTANCE_NAME) ) { throw new XMLDBException(ErrorCodes.INVALID_DATABASE); } // Find the start of the collection path. int start = uri.indexOf('/', INSTANCE_NAME.length() + SEP.length()); int end = uri.indexOf('/', start + 1); // Remove the protocol and Database instance name String result = null; if ( end != -1 ) { result = uri.substring(start + 1, end); } else { result = uri.substring(start + 1, uri.length()); } return result; } /** * Returns the CORBA bootstrap name from the URI. * The XML:DB URI should contain xindice://[bootstrap host]/ * * @param uri the URI to parse. * @return The collection path portion of the URI. * @exception XMLDBException */ protected String getNamingURI(String uri, String instance) throws XMLDBException { if ( ! uri.startsWith(INSTANCE_NAME) ) { throw new XMLDBException(ErrorCodes.INVALID_DATABASE); } String result = null; // Find the first double slashes. int first = uri.indexOf("//", INSTANCE_NAME.length()); // Find the next slash.c int end = uri.indexOf('/', first + 2); // If we don't have 3 consecutive slashes then there should be a host if ( first != (end - 2) ) { result = uri.substring(first + 2, end); result = "http://"; + result + "/" + instance + "_bootstrap.ior"; } return result; } /** * Initializes the connection to Xindice via the CORBA API. */ protected void init(String bootstrapURI, String corbaName) throws XMLDBException { Properties orbConfig = getOrbConfig(); Socket socket = null; final int INVALID_PORT = 0; try { ORB orb = ORB.init(new String[0], orbConfig); Database db = null; // If a naming service is specified we use that to bootstrap String namingURI = (String) config.get(CORBA_NAMING_PROP); if ( namingURI != null ) { Hashtable env = new Hashtable(5, 0.75f); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.cosnaming.CNCtxFactory"); env.put("java.naming.provider.url", namingURI); env.put("java.naming.corba.orb", orb); Context ic = new InitialContext(env); db = (org.apache.xindice.client.corba.db.Database) DatabaseHelper.narrow((org.omg.CORBA.Object) ic.lookup(ROOT_CONTEXT + "/" + corbaName)); } // Otherwise we get the bootstrap IOR via HTTP else { URL url = new URL (bootstrapURI); BufferedReader in = null; String ior = null; /** * To satisfy the local firewall constraints the local outgoing port is * specified. In that case we got to use it to open the socket connection. * The outgoing local port is specified in the system property. */ String clt_port_min = (String)System.getProperty("xindice.client.port.min"); String clt_port_max = (String)System.getProperty("xindice.client.port.max"); int min_port = (clt_port_min != null ? min_port = new Integer(clt_port_min).intValue(): 0); int max_port = (clt_port_max != null ? max_port = new Integer(clt_port_max).intValue(): 0); if ((min_port != INVALID_PORT) && (max_port != INVALID_PORT)) { for(int clt_port = min_port; ((clt_port <= max_port) && (socket == null)); clt_port++) { try { socket = new Socket(url.getHost(), //server host url.getPort(), //server port InetAddress.getLocalHost(), //local addr clt_port); //local port } catch(IOException ex) { //do nothing here } } if (socket != null) { PrintStream ps = new PrintStream(socket.getOutputStream()); ps.print("GET " + url.getFile() + " HTTP/1.0\n"); ps.print("Accept: text/html\n"); ps.print("Accept: text/plain\n"); ps.print("User-Agent: pmx/0.1\n"); ps.print("\n\r\n\r"); in = new BufferedReader(new InputStreamReader(socket.getInputStream())); String line; while((line=in.readLine()) != null) { if (line.startsWith("IOR")) { ior = line; } } } } //Otherwise use the default local port allocated if (in == null) { in = new BufferedReader(new InputStreamReader( url.openStream())); ior = in.readLine(); } in.close(); db = (org.apache.xindice.client.corba.db.Database) DatabaseHelper.narrow(orb.string_to_object(ior)); } // Store the Database instance for this name. dbs.put(bootstrapURI + " " + corbaName, db); } catch (Exception e) { throw new XMLDBException(ErrorCodes.VENDOR_ERROR, 1, "A connection to the Database instance '" + corbaName + "' could not be created. Error: " + e.getMessage()); } finally { if (socket != null) { try { socket.close(); } catch(IOException e) { throw FaultCodes.createXMLDBException(e); } } } } protected Properties getOrbConfig() { Properties orbConf = new Properties(); // See if we're overriding the default ORB String orbClass = (String) config.get(ORB_CLASS_PROP); if (orbClass != null) { orbConf.put("org.omg.CORBA.ORBClass", orbClass); } String orbSingletonClass = (String) config.get(ORB_SINGLETON_CLASS_PROP); if (orbSingletonClass != null) { orbConf.put("org.omg.CORBA.ORBSingletonClass", orbSingletonClass); } return orbConf; } }
