JBoss

RMI Registry Conflict in JBoss

If the engine is running as an RMI server (or has security enabled), then by default it will attempt to use the RMI registry port 1099. This causes a conflict with JBoss, which also starts an RMI registry on port 1099. It is important for Flux to use a different registry port than the one used by JBoss.

To change the port that Flux uses, set the REGISTRY_PORT configuration option. For example, you can start Flux using port 1199 instead by setting:

REGISTRY_PORT=1199

 

 

 
LikeBe the first to like this
No labels

4 Comments

 
Anonymous
 

The JDiff between 7.10 and 7.11 mentions flux.security.FluxLoginModule has been removed. How does one bridge JBoss 5.1+ JAAS to FLUX_USER, FLUX_GROUP, FLUX_ROLE, etc., without it?

 
 
 

HI – sorry for the confusion! From Flux 7.10+, Flux uses its own internal security mechanism, so there should be no need to modify any settings in JBoss – Flux's security mechanism will work out of the box.

Flux does support external LDAP servers, but does not provide support for other JAAS security systems like JBoss's internal security.

We've removed the offending sections from this wiki – let us know if you have any questions!

 
 
Anonymous
 

Does that still hold true with RMI enabled? Without the JAAS-related System Properties set in JBoss' JVM, I get "java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)", when Flux does a simple datasource lookup when I try to start engines. This permission used to be granted with the old fluxjaas.policy file from samples.

-- TMT

 
 
 

Hi TMT – yes, it should still be the same with RMI enabled. Flux's own permissions don't require any integration into JBoss / JAAS, but JAAS does restrict some activities like accessing JVM features or loading files. In this case it looks like those JAAS settings are preventing the class loader from loading – do you have the full stack trace available from this?

The easiest way to fix this would be to add the desired JAAS permissions for operations that the Flux application should be allowed to perform into the JAAS policy that JBoss is using (such as in a grant codebase statement for the flux.jar).

In a typical Flux use case, the Flux codebase requires the following JAAS permissions:


permission java.util.PropertyPermission "*", "read,write";

permission javax.security.auth.AuthPermission "*";

permission java.lang.RuntimePermission "*";

permission java.net.SocketPermission "*:10489", "connect";

permission java.net.SocketPermission "*:10736", "connect";

permission java.security.SecurityPermission "setPolicy";

Sorry for any confusion, let me know if I can clarify anything for you!

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.