-
1. Re: Kerberos, ejb, rmi
anil.saldhana Mar 8, 2009 12:16 PM (in response to ruhe)There is JBossNegotiation that does the kerberos stuff for the web layer. There is plan to do it for EJBs/ws etc.
-
2. Re: Kerberos, ejb, rmi
alexanders Mar 25, 2009 8:06 PM (in response to ruhe)I think where are some good reasons for you to switch the protocol.
Where is no standard implementations and I think specification for RMI to handle kerberos negotiation.
In addition I had couple of problems to get RMI working in cluster environment behind LB.
Actually I didn't got it working... maybe it failed just because WebsFear as client and server....
I'm trying JBossRemoting to get "RMI over HTTP".
This could be a standard way for kerberized remote EJB invocation.
Also it is a good choice for you to use REST like invocation from java desktop application.
And wrap the EJB invocation inside restlet.
RMI protocol need be deprecated... To my opinion. -
3. Re: Kerberos, ejb, rmi
ruhe Mar 26, 2009 5:52 AM (in response to ruhe)Hi, alexanders.
It's a good idea to use HTTP for rmi invocations to enable kerberized authentication.
If you have problems with HTTPInvoker, so here is my config:path: JBOSS_HOME/server/default/deploy/http-invoker.sar/META-INF/jboss-service.xml <mbean code="org.jboss.invocation.http.server.HttpInvoker" name="jboss:service=invoker,type=http"> <attribute name="InvokerURLPrefix">http://</attribute> <attribute name="InvokerURLSuffix">:8080/invoker/EJBInvokerServlet/</attribute> <attribute name="UseHostName">true</attribute> </mbean>
And you'll find in docs how to customize invoker for ejb. -
4. Re: Kerberos, ejb, rmi
alexanders Mar 26, 2009 12:34 PM (in response to ruhe)"ruhe" wrote:
Hi, alexanders.
It's a good idea to use HTTP for rmi invocations to enable kerberized authentication.
If you have problems with HTTPInvoker, so here is my config:
....
And you'll find in docs how to customize invoker for ejb.
Actually the invoker configuration is not a problem.
The key is configuring the invokers war web.xml to apply kerberized security constraint on InvokerServlet.
This not quite for me to do changes in framework core.
I'm looking for a wrap way.
Maybe running invoker core mbean within my own application.
And applying the security constraint inside my own deployment unit...
Thanks to new MC...