Using RMI in Logi Report Server
Remote Method Invocation (RMI) is used in Logi Report Server for distributed functionality, such as for clustering, event system, Remote API, and monitoring system. To avoid security risks and the mess of using the RMI registry (all the remote objects bound with the RMI registry directly can cause the remote objects to be unmanageable), universal remote object management has been introduced into Logi Report Server.
In the universal remote object management system, when getting a remote object to perform certain operations, either on a server (local or remote) or in a 3rd-party application (via Remote API), a request must be sent to the remote object management to get that special remote object. Also, authentication is required before any request for a remote object can be processed.
The authentication process requires a remote authentication file that contains the authentication information to accomplish the security check. The remote authentication file (
<install_root>\bin\rmi.auth) is generated by Logi Report Server automatically during the server installation process. You can protect your authentication file by moving it to a safe place after installation.
The authentication file is commonly used in the following circumstances:
- In Logi Report Server, the remote object management system will use an authentication file, which resides in the
- In Logi Report Server Cluster, make sure that the authentication files on all clustered servers are the same. If you want to add a new Logi Report Server that has a different authentication file to the server cluster, you should first backup the authentication file of that server, and then copy the authentication file from a clustered server in the Logi Report Server Cluster to
- This file can then be used in Logi Report Server Monitor. Copy the authentication file generated by the Logi Report Server installation process to the directory
<monitor_install_root>\bin. Logi Report Server Monitor will then fetch it from
<monitor_install_root>\binand build an authInfo object.
- If the Remote API is used, you must specify the authentication file when launching an application that contains the Remote API invocations, for example,
java -cp ... -Djrs.rmi.auth_file=%authFileName% mainClass. Also, you can specify a string by specifying the content of the authentication file, for example,
java -cp ... -Djrs.rmi.auth_string=my_auth_info mainClass. Alternatively, you can specify the authentication string yourself arbitrarily. As long as the authentication strings that the local and remote server both hold are the same, you can pass the authentication check:
java -cp ... -Djrs.rmi.auth_string=my_auth_info mainClass.
Note: In Logi Report Server and Logi Report Server Monitor, you can also use -Djrs.rmi.auth_file or -Djrs.rmi.auth_string in the startup file. Logi Report Server/Logi Report Server Monitor looks up these three locations in turn (-Djrs.rmi.auth_string => -Djrs.rmi.auth_file => <monitor_install_root>\bin) when checking authentication information. The information first found will be used for the authentication check in the remote object management system.
The authentication information can be of any bytes, as long as the authInfo objects match between the local and the remote server. The following are the methods for specifying authentication information:
- You can get the authentication file (rmi.auth) generated when installing the server.
- You can use the RMIAuthFileCreator.bat file stored in
<server_install_root>\binto generate the authentication file.
- You can compose any string into the auth file using any text editor.
- You can compose any string as the value of the system property -Djrs.rmi.auth_file or -Djrs.rmi.auth to specify authentication information.