Using RMI in JReport Server

Remote Method Invocation (RMI) is used in JReport Server for distributed functionality, such as for clustering, event system, Remote API, and monitoring system. To avoid security risks and the mess of using the RMI registry (all the remote objects bound with the RMI registry directly can cause the remote objects to be unmanageable), universal remote object management has been introduced into JReport Server.

In the universal remote object management system, when getting a remote object to perform certain operations, either on a server (local or remote) or in a 3rd-party application (via Remote API), a request must be sent to the remote object management to get that special remote object. Also, authentication is required before any request for a remote object can be processed.

The authentication file

The authentication process requires a remote authentication file that contains the authentication information to accomplish the security check. The remote authentication file (<install_root>\bin\rmi.auth) is generated by JReport Server automatically during the server installation process. You can protect your authentication file by moving it to a safe place after installation.

Using the authentication file

The authentication file is commonly used in the following circumstances:

• In JReport Server, the remote object management system will use an authentication file, which resides in the <server_install_root>\bin directory.
• In JReport Server Cluster, make sure that the authentication files on all clustered servers are the same. If you want to add a new JReport Server that has a different authentication file to the server cluster, you should first backup the authentication file of that server, and then copy the authentication file from a clustered server in the JReport Server Cluster to <server_install_root>\bin.
• This file can then be used in JReport Server Monitor. Copy the authentication file generated by the JReport Server installation process to the directory <monitor_install_root>\bin. JReport Server Monitor will then fetch it from <monitor_install_root>\bin and build an authInfo object.
• If the Remote API is used, you must specify the authentication file when launching an application that contains the Remote API invocations. For example, java -cp ... -Djrs.rmi.auth_file=%authFileName% mainClass. Also, you can specify a string by specifying the content of the authentication file. For example, java -cp ... -Djrs.rmi.auth_string=my_auth_info mainClass. Alternatively, you can specify the authentication string yourself arbitrarily. As long as the authentication strings that the local and remote server both hold are the same, you can pass the authentication check: java -cp ... -Djrs.rmi.auth_string=my_auth_info mainClass.

  Note: In JReport Server and JReport Server Monitor, you can also use -Djrs.rmi.auth_file or -Djrs.rmi.auth_string in the startup file. JReport Server/JReport Server Monitor looks up these three locations in turn (-Djrs.rmi.auth_string => -Djrs.rmi.auth_file => <monitor_install_root>\bin) when checking authentication information. The information first found will be used for the authentication check in the remote object management system.

Ways to generate authentication information

The authentication information can be of any bytes, as long as the authInfo objects match between the local and the remote server. The following are the methods for specifying authentication information:

• You can get the authentication file (rmi.auth) generated when installing the server.
• You can use the RMIAuthFileCreator.bat file stored in <server_install_root>\bin to generate the authentication file.
• You can compose any string into the auth file using any text editor.
• You can compose any string as the value of the system property -Djrs.rmi.auth_file or -Djrs.rmi.auth to specify authentication information.