users@glassfish.java.net

Re: Privileged file access for Java EE applications

From: <jmilkiewicz_at_gmail.com>
Date: Wed, 6 Jul 2011 09:57:00 +0200

Hi

Do you mean, you would create a RMI server for each user session ?
If you would, think of maintainance nightmare (multiple RMI servers, each
working on unique port, killing these servers, and so on).

I am not UNIX expert but your problem sounds more like an integration issue
which is not purely what JEE is about.
I would use JEE server for handling user requests, do some processing and
than dispatch to some kind of middleware which would be responsible for
communication with your UNIX backend. I am not talking about SOA buzz, but
about some cute tools like Spring Integration, Apache Camel and the like.
Unfortunately it is highly possible, that using any of these may force you
to change your processing model, like switching from synchronous request
processing to asynchronous.

br Jakub




Maybe instead of RMI server run via native application you can employ some
JMS server or like. Unfortunately i do not know how easy will be to run

2011/7/4 Rudolf Biczok <rcbiczok_at_googlemail.com>

> Dear Apache Tomcat members****
>
>
> I’m working on a new Java EE application that operates as a common UI for
> our native UNIX applications. These UNIX applications are installed on
> single server instance with several file servers attached to it and the UNIX
> profiles for our customers are also on that server instance – and that’s the
> problem.
>
> Any application call and file access made by the Java application server
> (Glassfish) will be performed as www user, which is in fact not that what we
> want. And becoming another user on a UNIX server is not that easy, because
> the setuid system call requires a root privileged process (and running
> Glassfish or any other application server/servlet container as root is also
> not that what we want).
>
> The work-around I developed out looks like this: ****
>
> ** **
>
> · Create a native application which calls setuid and creates another
> process with the user privileges. This application will take a path to a JAR
> file.****
>
> · This JAR file is an executable JAR and creates a RMI server.****
>
> · The EJB inside Glassfish establishes a secure RMI connection to the RMI
> server and performs some operations.****
>
> · The helper-process will be killed at the same time where the
> user-session expires.****
>
>
> Because this sounds a bit tricky and dirty, I would be really grateful for
> any suggestion you can give. ****
>
> I look forward to receiving your reply.****
>
>
> Regards,
> Rudolf Biczok****
>
> ** **
>
> ** **
>