![[Previous]](../pics/prev.gif){kind=small}
![[Contents]](../pics/toc.gif){kind=small}
![[Next]](../pics/next.gif){kind=small}
![[IONA Technologies]](../pics/iona.gif){kind=small}
In this chapter we will outline the full functionality supported by the OrbixWeb Implementation Repository. We will describe aspects of registration and activation which affect servers which communicate over either the CORBA Internet Inter-ORB Protocol (IIOP) or the Orbix protocol. We will also discuss aspects of server activation which are specific to IIOP servers; these servers only need to be registered in the Implementation Repository under specific circumstances, and this can be advantageous in a Java environment.
If the server is not running, it will be automatically launched by OrbixWeb when a client binds to one of the server's objects, or when a client invokes an operation on an object reference which names that server. The OrbixWeb daemon launches a Java server by invoking the Java interpreter on the bytecode specified in an Implementation Repository entry.
To allow the daemon to correctly locate and invoke the Java interpreter, it is important that the values
IT_JAVA_INTERPRETER and IT_DEFAULT_CLASSPATH are assigned correctly in the OrbixWeb configuration file, Orbix.cfg. The configuration of these values is described in Chapter 3, "OrbixWeb Configuration" of the OrbixWeb Reference Guide._bind() if pinging is enabled1; otherwise, on the first invocation on an object reference returned by _bind().
ORB.string_to_object() (invoked on the _CORBA.Orbix object).
If the process is already launched when an operation invocation arrives for one of its objects, then OrbixWeb will route the invocation to that process; otherwise OrbixWeb will launch the process (using the Implementation Repository's mapping from server name to class name and class path).
Launching servers in this way is useful for a number of reasons. Some servers take considerable time to initialise themselves, and therefore it is sensible to launch such servers before any client wishes to use them. Also, during development, it may be clearer to launch a server in its own window, allowing its diagnostic messages to be more easily seen.
impl_is_ready(), behave in a similar way to shared activation mode servers. If a server is registered as unshared or per-method, then, in line with the CORBA specification, impl_is_ready() will fail if the server is launched manually (see section 11.6).
A shared server may be registered such that it may only be launched manually–that is, OrbixWeb will not launch the server when an operation invocation arrives for one of its objects. This is explained in section 11.7.
Usually, clients are not concerned with the activation details of a server or aware of what server processes are launched. To a client, a server is viewed as a single unit; an object in a server can be bound to and communicated with without considering activation mode details.
11.2.4 Implementation Repository Entries
The Implementation Repository maintains its data in Implementation Repository entries. An entry for a server in an Implementation Repository includes the following information:
putit command creates an Implementation Repository entry, if no entry exists for the server specified. If an Implementation Repository entry exists for the server, the putit command creates or modifies an activation order within the existing entry. In the latter case, the putit command must specify the same fundamental activation mode (shared, unshared or per-method) as already registered for the server.
putit utility registers servers with OrbixWeb–specifically with the Implementation Repository. Here, we will give some examples of common uses of
putit. A full description of putit and its switches is given in Chapter 1, "The OrbixWeb Utilities" of the OrbixWeb Reference Guide.
The
putit command is mostly used in one of the following forms:
putit serverName -java -classpath classPath className putit serverName -java -addpath partialClassPath classNameThe
-java switch is an extension over the standard Orbix putit command, and indicates that the specified server should be launched via the Java interpreter. This switch can be truncated to -j.The first of the above command forms indicates that the server is to be registered with the specified complete class path, independent of any configuration settings, and with the specified class name. The second indicates that the specified class path should be appended to the value of
IT_DEFAULT_CLASSPATH in the Orbix.cfg file, when the daemon attempts to launch the server.By default,
putit uses the shared activation mode: therefore, on any given host, all objects with the specified server name will be controlled by the same process. Also by default, putit registers a server in the multiple-client activation mode: that is, all client processes will bind to the same server process.For example:
putit BankSrv -java -addpath /usr:/users/chris/banker idl_demo.BankServerThe class
idl_demo.BankServer (with partial class path /usr:/users/chris/banker) will be registered as the implementation code of the server called BankSrv at the current host. The putit command does not launch the server: this can be done explicitly from the shell (or otherwise), or it will be automatically launched in shared mode by OrbixWeb in response to an incoming operation invocation.Server names may be hierarchically structured, in the same way as UNIX file names. For example:
putit banks/BankSrv -java -addpath /usr:/users/chris/banker idl_demo.BankServerHierarchical server names are useful in structuring the name space of servers in Implementation Repositories. The hierarchical structure can be created using the
mkdirit command, as described in Chapter 1, "The OrbixWeb Utilities", of the OrbixWeb Reference Guide.
11.3.1 Examples of using putit
The following examples illustrate some further switches to putit. Full details of the available switches to putit are given in Chapter 1, "The OrbixWeb Utilities" of the OrbixWeb Reference Guide.
-unshared switch registers a server in the unshared activation mode:
putit -unshared NationalTrust -java -classpath
/classes:/jdk/classes:/tmp/bank bankPackage.BankServerThis command registers an unshared server called "
NationalTrust" on the local host, with the class name and full class path. Each activation for an object will go to a unique server process for that particular object. All end users accessing a particular object share the same server process.
putit command to identify an object to which the putit applies:
putit -h alpha -marker Boston NationalBank -java -addpath
/bank/classes:/local/classes bankPackage.BankServerThis command registers a shared server called "
NationalBank", with the specified class name and partial class path. However activation will only occur for the object whose marker matches "Boston". There will be at most one server process resulting from this registration request; although other -marker registrations can be issued for server NationalBank for other objects in the server. All end users accessing the "Boston" object share the same server process.The
-h switch specifies the host name on which to execute the putit command.
A simple program which supports this is supplied with OrbixWeb; this program is called
jrunit and is installed by default in the OrbixWeb bin directory. By using jrunit, an Orbix programmer can register an OrbixWeb server in the Orbix Implementation Repository.To register an OrbixWeb server in the Orbix Implementation Repository, the Orbix
putit command (which currently does not support the -java switch) should be used as follows:
putit serverName "jrunit -classpath classPath className commandLineArgs"The
commandLineArgs value simply specifies parameters to be passed to the server main() method, if any. The following Orbix
putit command:
putit BankSrv "jrunit -classpath /usr:/users/chris/banker idl_demo.BankServer"is equivalent to the OrbixWeb
putit command:
putit BankSrv -java -classpath /usr:/users/chris/banker idl_demo.BankServerNote that, if the
jrunit command specified in the server launch command is not prefixed by a full path name, then the location of jrunit should be in the environment path setting, as passed to the Orbix daemon at start-up.
putit can be managed using the following commands. Executing any command without arguments gives a summary of its switches
Since objects can be named, the various activation policies can be instructed to use pattern matching when seeking to identify which server process to communicate with. In particular, when a server is registered, it is possible to specify that it should be launched if any of a set of its objects are invoked. This set of objects is specified by registering a marker pattern which uses wildcard characters. If no pattern is specified, invoking on any of a server's objects will cause the server to be launched (if it is not already launched).
11.6 Persistent Servers and impl_is_ready()
A persistent server should ensure that the server name is correctly set before it has any interaction with OrbixWeb. For example, a persistent server should not pass out an object reference for one of its objects (as a parameter or return value, or even by printing its object reference string) until the server name has been set.3 Normally, the server name is set by calling impl_is_ready(). Alternatively, the server name can be set using the method ORB.setServerName(), which can be invoked on the _CORBA.Orbix object.
Other interactions with OrbixWeb such as calling an operation on a remote object, or using the locator, also cause difficulties if they occur in a persistent server before
impl_is_ready() is called.impl_is_ready() behave as shared activation mode servers. In line with the CORBA specification, if a server is registered as unshared or per-method, then impl_is_ready() will fail if the server is launched manually.11.7 Unregistered Servers
In some circumstances, it may be useful not to register servers with the Implementation Repository. To support this, the OrbixWeb daemon may be configured to allow unregistered servers using the -u switch (see Chapter 3, "OrbixWeb Configuration" of the OrbixWeb Reference Guide). Any server process can then be started manually; when it calls impl_is_ready(), it can pass any string as its server name, and the daemon will not check that this is a server name known to it.
A disadvantage of this approach is that an unregistered server will not be known to the daemon so the daemon will not be able to automatically invoke the Java interpreter on the server bytecode when a client binds to or invokes an operation on one of its objects. The server must be launched in advance of a client invocation, if that invocation is to succeed.
11.8 Activation Issues Specific to IIOP Servers
OrbixWeb servers which communicate over IIOP do not need to be registered in the Implementation Repository. As described in Chapter 9, "ORB Interoperability", an IIOP server can publish Interoperable Object References (IORs) for the implementation objects it creates and then awaits incoming client requests on those objects without contacting an OrbixWeb daemon.
Unregistered IIOP servers are important in a Java domain, as they can be completely independent of any supporting processes which may be platform specific. In particular, any server which relies on the OrbixWeb daemon to establish initial connections will depend on the availability of the daemon on specific platforms. An OrbixWeb unregistered IIOP server is completely self-contained and platform independent.
11.8.1 Comparison of IIOP Servers with Orbix Protocol Servers
OrbixWeb supports servers which communicate over IIOP and servers which communicate over the standard Orbix protocol4. In each case, a server may or may not be registered in the OrbixWeb Implementation Repository. The combination of a server's communications protocol and its registration characteristics has important implications for the deployment of the server in a Java environment.
All Orbix protocol servers require an Orbix or OrbixWeb daemon process to establish client-server communications. As the OrbixWeb daemon is not currently implemented in Java, these servers cannot be deployed in a completely platform-independent manner.
_bind() method to contact an IOR will need to contact the daemon). These servers do not rely on any non-Java applications and can be deployed on any platform supported by Java. They can also maintain consistent IORs between server processes, if configured correctly. However, these servers must be launched manually. 11.9 Security Issues for OrbixWeb Servers
The following subsections cover issues concerned with security for OrbixWeb servers.11.9.1 Identity of the Caller of an Operation
A server object can obtain the user name of the process that made the current operation call by using the method get_principal() on the _CORBA.Orbix object. This method is listed in class BOA as follows:
// Java // In package IE.Iona.Orbix2.CORBA, // in class BOA. public String get_principal (IE.Iona.Orbix2.CORBA._ObjectRef oref) throws SystemException;The parameter of type
_ObjectRef is not used, but it is supported for compatibility with CORBA.
The entries in the access control list can be either user names or group names. There is also a pseudo group name called
all, which can be used to implicitly add all users to an access control list. The owner of an Implementation Repository entry is always allowed to launch it and invoke operations on its objects.The
chmodit command can be used to modify the two access control lists.The group system is determined by the underlying operating system. For example, on UNIX, group membership of a user is determined using the user's primary group as well as the user's supplementary groups (as specified in the
/etc/group file).Only the owner of an Implementation Repository entry can call the
chmodit command on it. The original owner is the user who calls the putit command; subsequently, the ownership can be changed using the chownit command.
orbixd is not running as the root (super-) user, then the uid and gid of every activated server process will be that of orbixd itself.
orbixd is run as root, then it will attempt to activate a server with the uid and gid of the, possibly remote, principal attempting to activate the server.
orbixd is running, then, orbixd will attempt to run the new server with uid and gid of a standard user "orbixusr".
orbixusr", then orbixd will attempt to run the new server with uid and gid of a user "nobody".
nobody", then the activation will fail and an exception will be returned to the caller.
orbixd as root because to do so would allow a client running as root on a remote machine to launch a server with root privileges on a different machine. This security risk can be avoided by setting the set-uid bit of the orbixd executable and giving ownership of the executable to a user called, say, orbixusr that does not have root privileges. Then orbixd, and any server launched by the daemon, will not have root privileges. Any servers that must be run with different privileges can have the set-uid bit set on the executable file.
In a server, this information can be found by invoking the following methods–defined in class
BOA–on the _CORBA.Orbix object:
public String myMarkerName () throws SystemException;
public String myMethodName () throws SystemException;
public String myMarkerPattern () throws SystemException;
impl_is_ready() is called):
public String myImplementationName () throws SystemException;
// Server activation modes // (defined in IE.Iona.Orbix2.CORBA.BOA). static final short perMethodActivationMode = 0; static final short unsharedActivationMode = 1; static final short persistentActivationMode = 2; static final short sharedActivationMode = 3; static final short unknownActivationMode = 4; public short myActivationMode () throws SystemException;Each of these methods raises an exception if called by a client.
IT_daemon and its operations are explained in the OrbixWeb Reference Guide. Note that the UNIX utilities (
putit, catit, and so on) and the Orbix Server Manager (available under Windows 95 and Windows NT) are implemented in terms of the daemon's IDL interface.
ORB.pingDuringBind() (defined in package IE.Iona.Orbix2.CORBA) can be called on the _CORBA.Orbix object (defined in package IE.Iona.Orbix2) to configure this.