远程iiop连接到Filenet内容引擎

Question

我有两个WebSphere服务器。第一个(v.8.5.5)托管我的EJB本地(RunsAS 'Admin‘角色映射到'domain_user')，第二个(v.7)托管FileNet ContentEngine 5.1。当我将Ejb部署到第二个Websphere并连接到iiop://localhost:2809/FileNet/Engine时，可以吗？

但是，当我从1nd WAS iiop://second was:2809/FileNet/Engine远程连接时，会出现错误。

我已经向他们倾诉了：

System.setProperty("java.security.auth.login.config"，"c:\eq\config\jaas.conf.WebSphere")；System.setProperty("com.ibm.CORBA.ConfigURL"，"file:c:\ea\config\sas.client.props")； ..。那就做PushSubject

[4/9/16 21:50:04:038 YEKT] 0000022f BusinessExcep E   CNTR0020E: EJB threw an unexpected (non-declared) exception during invocation of method "getDocumentContent" on bean "BeanId(web-services-bni#ejb-1.0.1-SNAPSHOT.jar#CeServiceImpl, null)". Exception data: com.filenet.api.exception.EngineRuntimeException: FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED: Access to Content Engine was not allowed because the request was made anonymously instead of by an authenticated user. The application server reported that the user was anonymous. errorStack={
    at com.filenet.engine.context.SecurityContext.<init>(SecurityContext.java:75)
    at com.filenet.engine.context.ServerCallContext.<init>(ServerCallContext.java:107)
    at com.filenet.engine.context.ServerCallContext.newInstance(ServerCallContext.java:1115)
    at com.filenet.engine.jca.impl.RequestBrokerImpl.executeSearch(RequestBrokerImpl.java:814)
    at com.filenet.engine.ejb.EngineCoreBean._executeSearch(EngineCoreBean.java:318)

我的EJB代码：

@DeclareRoles({"Everyone", "Admin"})
@RolesAllowed({"Everyone", "Admin"})
@RunAs("Admin")
@Stateless
public class CeServiceImpl implements CeServiceLocal {
    private static final Logger logger = Logger.getLogger(CeServiceImpl.class.getName());

    private CeServiceHelper serviceHelper;
    private Subject subject;

    @PostConstruct
    public void init() {
        logger.info("CeServiceImpl init started");

        String ceUri = ConfigHelper.getCeUri();
        if (ceUri == null) {
            logger.log(Level.SEVERE, "ceUri can not be null");
            throw new NullPointerException("ceUri can not be null");
        }
        logger.info("ceUri: " + ceUri);


        System.setProperty("java.security.auth.login.config", "c:\\ea\\config\\jaas.conf.WebSphere");
        System.setProperty("com.ibm.CORBA.ConfigURL", "file:c:\\ea\\config\\sas.client.props");


        Connection connection = Factory.Connection.getConnection(ceUri);

        subject = UserContext.createSubject(connection, "os_user", "password", "FileNetP8");
        try {
            UserContext.get().pushSubject(subject);
        } catch (Exception e) {
            logger.warning(e.getMessage());
        }


        serviceHelper = new CeServiceHelper(connection);

    }

顺便说一下，我的最终目标是透明地创建远程连接(没有pushSubject，popSubject..)

Answer 1

我有以下建议：

可能您应该通过以下方式同步两个WAS单元：

1. 在一个WAS单元中生成LTPA密钥：sslmanagelptakeys.html
2. 在第二个WAS单元格上导入它们：altpaimp.html?lang=en

Answer 2

您可以检查两个服务器的日期时间:这两个服务器必须在最多5分钟内同步到UTC时间。希望能帮上忙。