5 Replies Latest reply on Oct 2, 2003 3:56 AM by gnangoma

    Configuring a remote client

      Hello,
      I am having a lot of trouble trying to make my remote client connect to a stateless session bean. When I run the client on the same machine with the JBOSS Server, everything is fine; my client can lookup the session bean and can also invoke methods.

      But when I moved the client to a remote machine (192.168.0.7) I went through a very hard time trying to solve a number of exceptions.

      I have no probems with classpath. All JBOSS jar files are included in the classpath. I am quite sure it has nothing to do with classpath.

      I created a security policy file and include it into my context as shown below:


      env.put(Context.INITIAL_CONTEXT_FACTORY,
      "org.jnp.interfaces.NamingContextFactory");

      env.put(Context.PROVIDER_URL, "192.168.0.6:1099");


      env.put("java.naming.factory.url.pkgs", "org.jboss.naming.jnp.interfaces");
      env.put("java.rmi.server.hostname","192.168.0.6");
      env.put("java.security.policy", "C:\\security\\securityFile");
      Context ctx = new InitialContext(env);


      The server is at 192.168.0.6:

      Here is the exception I am getting:

      java.security.AccessControlException: access denied (java.net.SocketPermission 230.0.0.4 connect,accept,resolve)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
      at java.security.AccessController.checkPermission(AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)

      All in all, it appears something to do with connectivity or security issue. My client does not see the server at all, even though my server is pingable from the client.

      Any ideas are highly appreciated...

        • 1. Re: Configuring a remote client

          Just to check, can you access the JMX-Console from the remote machine.

          • 2. Re: Configuring a remote client

            > Just to check, can you access the JMX-Console from
            > the remote machine.
            >
            Thanks for u'r suggesstion. I will try to do that. I have also read in other discussion about /etc/hosts file. My server is running on Linux box. I made sure that I have the right entries in hosts file. One thing though, I inserted an entry into windows hosts file:

            192.168.0.6 kilimanjaro whereas kilimanjaro is my server name. But when I ping kilimanjaro from PC, it does not work. I thought, PC should be able to do hostname resolution to IP Address as long as you have entries into C:\windows\hosts file: Could that be an issue?

            • 3. Re: Configuring a remote client

              Hello,
              The jmx-console works fine from a remote m/c as I expected. I believe this is because, the index.jsp page is running in the same JVM as the JBOSS Container. It is a different scenario with my standalone appln which is outside JBOSS Container's JVM. As I pointed out earlier, I do not have any problem when I run my application on the same box as the JBOSS Server.

              • 4. Re: Configuring a remote client

                Silly me, u are right.
                But one of the things i noticed is yr hosts file on windows.
                I'm a linux user, but as far as i know on windows the file to add these enteries live under C:\ WINNT\system32\drivers\etc\lmhosts.sam
                You might want to check on this.
                I dont know what widow o/s u are running.


                Vishal.

                • 5. Re: Configuring a remote client

                  > Silly me, u are right.
                  > But one of the things i noticed is yr hosts file on
                  > windows.
                  > I'm a linux user, but as far as i know on windows the
                  > file to add these enteries live under C:\
                  > WINNT\system32\drivers\etc\lmhosts.sam
                  > You might want to check on this.
                  > I dont know what widow o/s u are running.
                  >
                  >
                  > Vishal.

                  Hello Vishal,
                  Thanks for your advice. Actually, I am using win XP and you're absolute right that I was modifying the wrong file. After modifying the right one, then I was able to ping the linux box by its hostname from the PC; that's great!!

                  I am also very happy that I was able to fix my problems; now my remote client can connect to J2EE Server running on Linux:

                  Below are my observations:
                  After moving my client from linux box (linux box is where the server is running) to win XP, and made changes to the classpath to include all JBOSS client jar file; to me, I thought that was enough. When I ran the program: and I got this error message:

                  java.security.AccessControlException: access denied (java.net.SocketPermission 230.0.0.4 connect,accept,resolve)

                  Whereas 230.0.0.4 is multicasting ip address. As a matter of fact, I did not specify this IP Address. After reading some postings here I came across the suggestion to specify
                  env.put("jnp.discoveryPort", "192.168.0.6:1099");
                  where 192.168.0.6 is the server IP address. When specifying that I encountered another error as shown below:
                  java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.6:1099 connect,resolve)

                  At this juncture, I realized that there has got to do with security. So I used the policy file under $JBOSS-HOME/server/default/conf/server.policy which basically open the door wide open. I specified this in run.sh file under OPTS parameter. This as well, did not help.

                  At this point, I was really frustrated, and I was about to throw a towel. But I decided to hang on.

                  My last stone killed the bird !!!!
                  I recalled my RMI programming way back. I decided to specify security policy file at the client side. -Djava.security.policy=MyPolicyFile. It did not work too. Actually, it appears as if the client did not even parse the policy file. I deliberately introduced some errors in the file, the client did not even complain. So, I knew that it did not parse it. After reading some java security page at javasoft.com, I came across the option -Djava.security.manager. I then corrected my policy file, and guess what, it worked:

                  Summary:
                  Specify -Djava.rmi.serve.hostname especially when you have multi-home server. Do this on the server side and make sure that your hostname is remotely pingable.

                  If you get Security Exception, specify policy file. But always remember to put -Djava.security.manager

                  Also specify env.put("jnp.discoveryPort", "192.168.0.6:1099") just to start with, if your client tries to talk to multicating IP Address: 230.0.0.4


                  Thanks again everyone for your valuable input....
                  Godfrey