NO_PERMISSION exception (using SSLIOP) calling an IDL method through a separate thread
kanth...@gmail.com
I am a new user of ACE and TAO. I am facing an issue using Security
(SSLIOP).
Some help would be highly appreciated.
Below is the PROBLEM-REPORT-FORM
****************************************************************************************
TAO VERSION: 1.4a_p11
HOST MACHINE and OPERATING SYSTEM:
32-bit Pentium 2.26 GHz
Red Hat Linux
TARGET MACHINE and OPERATING SYSTEM, if different from HOST: same
COMPILER NAME AND VERSION (AND PATCHLEVEL): g++ 3.4.3
CONTENTS OF $ACE_ROOT/ace/config.h [if you use a link to a
platform-
specific file, simply state which one]: config-linux.h
CONTENTS OF $ACE_ROOT/include/makeinclude/platform_macros.GNU
(unless
this isn't used in this case, e.g., with Microsoft Visual C+
+): platform_linux.GNU
CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/
default.features
(used by MPC when you generate your own makefiles): no file
LEVEL OF URGENCY (LOW, MEDIUM, or HIGH): HIGH
AREA/CLASS/EXAMPLE AFFECTED: Security, not any example, using our
own code
[What example failed? What module failed to compile?]
DOES THE PROBLEM AFFECT:
COMPILATION? no
If so, what do your $ACE_ROOT/ace/config.h and
$ACE_ROOT/include/makeinclude/platform_macros.GNU contain?
LINKING? no
On Unix systems, did you run make realclean first?
EXECUTION? yes
OTHER (please specify)? our application
[Please indicate whether ACE/TAO, your application, or both are
affected.]
SYNOPSIS:
[Brief description of the problem]
Using Security, through a separate thread, we are trying to resolve
and narrow own ORB and through the narrowed object, calling a
different IDL method.
Then, it throws NO_PERMISSION exception.
DESCRIPTION:
[Detailed description of problem. Don't just say "<blah>
doesn't work, here's a fix," explain what your program does
to get to the <blah> state. ]
We are using Naming Service through SSLIOP and we have our own module,
A, which resolves naming service and gets itself registered with
Naming service (with a name, say, "MODULEA") and does ORB->run(). It
also impements an IDL which contains two methods sendMessage() and
callMessage().
In sendMessage() method we are creating a separate thread.
In this thread, through naming context, we are trying to resolve and
narrow "MODULEA" (i.e., trying to resolve and narrow own module).
Through the narrowed object, we are trying to call other IDL method
i.e callMessage().
Then, it throws a NO_PERMISSION exception.
******namingSvc.conf*********
dynamic SSLIOP_Factory Service_Object *
TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLAuthenticate
SERVER_AND_CLIENT -SSLPrivateKey PEM:/root/certificates/namingKey.pem -
SSLCertificate PEM:D:/root/certificates/namingCert.pem"
static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
********moduleA_Svc.conf*******
dynamic SSLIOP_Factory Service_Object *
TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLAuthenticate NONE -
SSLPrivateKey PEM:/root/certificates/moduleAKey.pem -SSLCertificate
PEM:/root/certificates/moduleACert.pem"
static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
We have working certificates and keys, CA certificate, all generated
through OpenSSL.
The same scenario works fine without security.
I understand that a separate SSL context is created for a separate
thread. But I am unable to find out why this context is not being
identified here.
Also, I notice that if a different module is resolved and narrowed and
an IDL method is called through it, it works fine. The problem occurs
trying with same module. (i.e. resolving and narrowing own ORB of the
IDL and calling a method on it).
REPEAT BY:
[What you did to get the error; include test program or session
transcript if at all possible. ] none
SAMPLE FIX/WORKAROUND: not able to get any
[If available ]
****************************************************************************************
Thanks & Regards
Ravi
Johnny Willemsen
For any issues related to the OCI distribution contact sup...@ociweb.com.
Regards,
Johnny Willemsen
Remedy IT
Postbus 101
2650 AC Berkel en Rodenrijs
The Netherlands
www.theaceorb.nl / www.remedy.nl
<kanth...@gmail.com> wrote in message
news:<1174979058.6...@r56g2000hsd.googlegroups.com>...