Interoperability and RMI-IIOP
This chapter describes interoperability and RMI-IIOP protocol used by EJB.
1. Overview
JEUS supports RMI-IIOP protocol used to invoke EJB from a different WAS or system. RMI-IIOP is based on Common Object Request Broker Architecture (CORBA) that is defined by OMG (http://www.omg.org/), and EJB specification standard for interoperability. Consider using the RMI-IIOP interoperability function to support remote calls within JEUS or from a different WAS. The RMI-IIOP remote call method is one of the methods that support calls from a different WAS or system. There are other methods that call EJB on JEUS from a different WAS and integrates the transaction, or vice versa, but this chapter only covers the RMI-IIOP method.
Interoperability can mean calling EJB on JEUS from another system and calling EJB on WAS from JEUS, which means JEUS can be both a RMI-IIOP server and client. There needs to be runtime support for Object Request Broker (ORB), and support for transaction and security interoperability.
JEUS contains ORB runtime which automatically creates dynamic stub in memory without using COS Naming Server or stub classes that support the CORBA Naming Service. It implements the Object Transaction Service (OTS) specification for transaction interoperability and the Common Secure Interoperability version 2 (CSIv2) specification for security interoperability.
For more information about CORBA and RMI-IIOP, refer to the following links.
1.1. Transaction Interoperability (OTS)
Transaction interoperability is implemented based on the OTS specification. The object mentioned here is the CORBA Object, which is affected by the transaction.
When using OTS, an interceptor (a listener type) which can process transactions is added to CORBA. This additional interceptor handles the transaction related part of the IIOP protocol header. Through this, JEUS, which plays a role of a client or server, supports transaction propagation between different remote systems such as WAS or JEUS.
OTS specification 1.2 is the currently supported version. |
1.2. Security Interoperability (CSIv2)
Common Secure Interoperability version 2 (CSIv2) specification guarantees security interoperability. If this CSI is used, like the OTS, an interceptor that can process security is added to ORB, and this interceptor handles the header and other security related parts.
Security interoperability starts by attaching security information for CSI to Interoperable Object Reference (IOR) of EJB reference. If IOR is registered to a naming service, the client side ORB that is trying to used it and the JEUS MS handles negotiation on the security level of the IIOP protocol. JEUS MS acts as a client when it needs CSI Services to call another EJB bean.
For more information about security interoperability, refer to CSIv2 specification of CORBA. |
2. Configuring Interoperability
The interoperability must be configured for use because it is not configured by default.
In order to expose JEUS EJB to RMI-IIOP, activate the Enable Interop option of COS Naming Service and MS. EJB should be deployed with IIOP export related settings configured. If JEUS is only used as a RMI-IIOP client, only the 'Enable Interop' option of the relevant MS needs to be activated.
The interoperability settings can be configured in domain.xml.
2.1. COS Naming Service Configuration
Besides the basic JNDI Naming Service provided by MS, the COS Naming Service for CORBA objects can also be added. An EJB reference (stub) exposed to RMI-IIOP is saved in the COS Naming Service, and an EJB client looks up the reference and uses it. The COS Naming Service operates in the JEUS Manager JVM and uses 'BASEPORT + 4 (e.g. 9740)' as the service port.
2.2. Activating Interoperability
In order to use interoperability needed for RMI-IIOP clients and servers, interoperability property must be activated. This must be done to initialize the ORB.
To activate the interoperability property, set <enable-interop/> in domain.xml. For more information, see "Configuring domain.xml settings" in JEUS XML Reference Guide.
For more information about CSlvs, refer to Configuring the CSIv2 Security Interoperability.
2.3. Configuring the CSIv2 Security Interoperability
In order to perform CSIv2 protocol, use the information from two additional security environment files and JEUS Security Manager. The two additional security environment files are keystore and truststore. The paths and necessary information of these two files can be configured through the the system properties.
Security Environment File | Description |
---|---|
Keystore file |
File that stores keys for X.509 and implements Oracle’s X.509 keystore. It is sent to the client when Secure Socket Layer (SSL) is called. |
Truststore file |
Certificate configuration file for the client side X.509. The format is same as the keystore file. |
CSIv2-related settings are specified in the <interop-ssl-config> tag in domain.xml. For more information, refer to "Configuring domain.xml settings" in JEUS XML Reference Guide.
<enable-interop> <interop-ssl-config> <keystore-path>/jeus/domains/domain1/ssl</keystore-path> <keystore-alias>changeit</keystore-alias> <keystore-password>changeit</keystore-password> <keystore-keypassword>{DES}FQrLbQ/D8O1l</keystore-keypassword> <truststore-path>/jeus/domains/domain1/ssl<</truststore-path> <truststore-password>changeit</truststore-password> </interop-ssl-config> </enabpe-interop>
CSIv2 settings can also be configured through the system property of the execution script. Nevertheless, settings in domain.xml take precedence.
The following are options for this setting. Set this value by using "-D" option.
Parameter | Description |
---|---|
jeus.ssl.keystore |
Absolute path to the keystore file. (Default value: DOMAIN_HOME/config/keystore) |
jeus.ssl.keypass |
Password for the keystore file. (Default value: jeuskeypass) |
jeus.ssl.truststore |
Absolute path to the truststore file. (Default value: DOMAIN_HOME/config/truststore) |
jeus.ssl.trustpass |
Password for the truststore file. (Default value: jeustrustpass) |
Authentication and authorization may not be needed between trusted nodes.
By setting the IP address to jeus.ejb.csi.trusthosts, you can prevent any unnecessary security checks between trusted nodes. JEUS Security Manager uses the guest user, which represents an anonymous principal for anonymous user access.
2.4. Configuring EJB RMI-IIOP
In order to expose EJB to RMI-IIOP, configure the <export-iiop> option for each EJB in jeus-ejb-dd.xml. If the <export-iiop> option is set, EJB Home Reference is registered to a COS Naming Service using the given <export-name>. This way, EJB Reference can be fetched and used through the COS Naming Service.
The following is an example of the jeus-ejb-dd.xml file in which EJB RMI-IIOP is configured.
... <jeus-bean> <ejb-name>CalcEJB</ejb-bean> <export-name>ejb/Calc</export-name> <export-iiop> <only-iiop>true</only-iiop> </export-iiop> </jeus-bean> ...
Tag | Description |
---|---|
<only-iiop> |
Specifies whether to expose EJB through RMI and RMI-IIOP or only through RMI-IIOP. If it is exposed through both, RMI/IIOP stub gets registered to the COS Naming Service and the general RMI stub gets registered to the JEUS Naming Server. |
Only EJB Home and EJB Object Reference can be currently exposed through RMI-IIOP. EJB 3.0 business views cannot be exposed through RMI-IIOP. |
3. RMI/IIOP Client
RMI-IIOP clients can be standalone clients, or WAS from another JEUS or another vendor. This section describes the methods for using EJB.
3.1. JEUS Managed Server
The following is the method for calling RMI-IIOP EJB on JEUS or another vendor’s WAS from applications running on a JEUS MS.
First, COS Naming Server looks up EJB Home Reference (Stub). The Naming Server can get it directly by using the JNDI APIs corbaname URL as follows:
InitialContext ctx = new InitialContext(); Object obj = ctx.lookup("corbaname:iiop:1.2@192.168.11.22:9740#ejb/Calc"); CalcHome home = (CalcHome)PortableRemoteObject.narrow(obj, CalcHome.class); Calc calcRef = home.create();
URL has the form of "corbaname:iiop:1.2@<host>:<port>#<name>", and <host> and <port> are the address of the COS Naming Server. Also, by directly specifying the COS Naming Server as the PROVIDER URL, you can get and use the InitialContext.
Since there are multiple methods to specify the PROVIDER URL, you should specify one to use as in the following example.
Hashtable env = new Hashtable(); env.put(Context.PROVIDER_URL, "iiop://192.168.11.22:9740"); // env.put(Context.PROVIDER_URL, "iiopname://192.168.11.22:9740"); // env.put(Context.PROVIDER_URL, "corbaname:iiop:1.2@192.168.11.22:9740"); // env.put(Context.PROVIDER_URL, "corbaloc:iiop:1.2@192.168.11.22:9740"); InitialContext ctx = new InitialContext(env); Object obj = ctx.lookup("ejb/Calc"); CalcHome home = (CalcHome)PortableRemoteObject.narrow(obj, CalcHome.class); Calc calcRef = home.create();
For clients using dependency injection or a logical JNDI name in the form of "java:comp/env/", the <export-name> option should be mapped to the previous corbaname URL in the JEUS application DD file, such as the jeus-web-dd.xml file.
@EJB(name="ejb/Calc") private CalcHome calcHome;
<ejb-ref> <jndi-info> <ref-name>ejb/Calc</ref-name> <export-name>corbaname:iiop:1.2@192.168.11.22:9740#ejb/Calc</export-name> </jndi-info> </ejb-ref>
3.2. Other Vendors' WASs
The method to call RMI-IIOP EJB of JEUS from applications running on another vendor’s WAS is similar to the method described in JEUS Managed Server. In this case, check whether ORB configuration is needed like in JEUS, and configure it if necessary. For more information, refer to the relevant product documentation.
3.3. Standalone Clients
Since ORB runtime and related settings are not configured for standalone clients, you need to add the jclient.jar client library, as well as the omgapi.jar and peorb.jar files to the class path. You must also add the jeus.client.interop=true system property.
The method to obtain the EJB Home Reference (Stub) is similar to that in JEUS Managed Server. However, you should also configure the JNDI provider from JEUS.
Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "jeus.jndi.JNSContextFactory"); env.put(Context.PROVIDER_URL, "iiop://192.168.11.22:9740"); InitialContext ctx = new InitialContext(env); Object obj = ctx.lookup("ejb/Calc"); CalcHome home = (CalcHome)PortableRemoteObject.narrow(obj, CalcHome.class); Calc calcRef = home.create();
4. Known Issues
Some known issues are as follows:
-
Continued retries to access a server for one minute when server access fails
ORB embedded in JEUS performs retries to access a server for 60 seconds when it cannot access the server. A separate sleep time is not used in this case. Therefore, too many log messages may occur or CPU may experience extreme overload. To prevent this, the following option should be set as a system property of a client (unit: ms, the default value: 60,000).
com.sun.corba.ee.transport.ORBCommunicationsRetryTimeout=1
-
NullPointerException occurs after PortableRemoteObject.narrow() is invoked
When a client executes the following, home object is returned as null and the NullPointerException may occur.
NullPointerException OccurrenceCalcHome home = (CalcHome)PortableRemoteObject.narrow(obj, CalcHome.class); // null is returned Calc calcRef = home.create(); // NullPointerException
This exception is thrown when CORBA stub class can not be found. This occurs when the Enable Interop setting is incorrectly configured in JEUS MS. If it is correctly configured, a correct ORB is initialized and Stub is automatically created in memory. For external clients, this error may occur if there is no function to create dynamic stub in memory.
For standalone clients, check whether the following is configured in the system property.
jeus.client.interop=true
-
Unable to find EJB with a name that includes a period (.) in WebLogic
If <export-name> is specified with a value that includes a period (.) like in "com.acme.CalcHome", lookup fails in WebLogic. Because WebLogic handles a period (.) like a slash (/), it forwards the request as "com/acme/CalcHome". In this case, you must not use a name that includes a period (.).