我正尝试使用独立的Java程序远程登录Domino。
我在classpath中有ncso.jar
(和TrustedCerts.class)。
DIIOP_IOR.TXT
文件由diiop任务生成。如果我将文件内容直接复制到我的程序中并尝试创建如下会话:
String ior = "IOR:....." // 404 bytes
Session session = NotesFactory.createSessionWithIOR(ior, "username", "password");
结果是:
org.omg.CORBA.COMM_FAILURE: java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine Host: poseidon.heeros.com Port: 0 vmcid: 0x0 minor code: 1 completed: No
服务器名称有效但端口0看起来很奇怪。我在http://www2.parc.com/istl/projects/ILU/parseIOR/尝试了在线解码器,结果如下:
object key is <#048525651a-ec68-106c-eee0-007e2d2233b5#00LotusNOI#01#00#01>;
no trustworthy most-specific-type info; unrecognized ORB type;
reachable with IIOP 1.1 at host "poseidon.heeros.com", port 0
......似乎确认端口不正确。我已在Internet站点中使用IIOP站点文档指定了服务器URL,但没有端口字段。
问题:
diiop_ior.txt
中显示的端口?以下是服务器上tell diiop show config
的结果:
Dump of Domino IIOP (DIIOP) Configuration Settings
Full Server Name: CN=Afrodite/O=Heeros
Common Server Name: Afrodite/Heeros
Refresh Interval: 3 minutes
Host Full Name: poseidon.heeros.com
Host Short Name: poseidon
Host Address: 10.163.0.146
Public Host Name/Address: poseidon.heeros.com
TCP Port: 0 Disabled
SSL Port: 63149 Enabled
Initial Net Timeout: 120 seconds
Session Timeout: 60 minutes
Client Session Timeout: 62 minutes
Allow Ambiguous Names: True
Web Name Authentic: False
User Lookup View: ($Users)
Allow Database Browsing: False
Internet Sites: Enabled
Internet Site Name: Heeros
Site Config Loaded from: Domino IIOP and Web Internet Site documents
Site is Default: False
Site Public Host Name/Address: poseidon.heeros.com
Site IOR File: D:\Lotus\Domino\data\domino\html\diiop_ior.txt
Site SSL Key File: D:\Lotus\Domino\data\heeros.kyr
Site Java Key File: D:\Lotus\Domino\data\domino\java\TrustedCerts.class
Site TCP Name/Password Allowed: False
Site TCP Anonymous Allowed: False
Site SSL Name/Password Allowed: True
Site SSL Anonymous Allowed: True
Site Multi-Server Session Authentication: Enabled
Site Multi-Server Session Configuration: LtpaToken
Single Server Cookies: Disabled
答案 0 :(得分:1)
似乎正确的端口号是63148.它必须在端口的服务器文档中指定 - &gt;互联网端口 - &gt; DIIOP为&#34; TCP / IP端口号&#34;。
此外,在IIOP站点文档中,必须允许TCP身份验证。
答案 1 :(得分:1)
根据我的经验,DIIOP根本不使用SSL / TLS。仅通过SSL / TLS下载DIIOP_IOR.TXT
。使用Wireshark或类似方法捕获网络流量并监控:port 63148 or port 63149
。 @ lauri-laanti:如果连接是用wireshark加密的话,请你在你的环境中测试一下吗?
Wireshark我们的输出:带用户名和密码的GIOP createSession(用X替换)
0000 00 50 56 69 f5 2b 00 50 56 c0 00 02 08 00 45 00 .PVi.+.PV.....E.
0010 00 c0 0d 06 40 00 80 06 bb ca c0 a8 58 01 c0 a8 ....@.......X...
0020 58 15 d2 e0 f6 ac ef b6 47 e8 13 10 53 10 50 18 X.......G...S.P.
0030 01 00 29 bb 00 00 47 49 4f 50 01 00 00 00 00 00 ..)...GIOP......
0040 00 8c 00 00 00 00 00 00 00 05 01 00 00 00 00 00 ................
0050 00 31 04 38 35 32 35 36 35 31 61 2d 65 63 36 38 .1.8525651a-ec68
0060 2d 31 30 36 63 2d 65 65 65 30 2d 30 30 37 65 32 -106c-eee0-007e2
0070 64 32 32 33 33 62 35 00 4c 6f 74 75 73 4e 4f 49 d2233b5.LotusNOI
0080 01 00 01 00 00 00 00 00 00 0e 63 72 65 61 74 65 ..........create
0090 53 65 73 73 69 6f 6e 00 00 00 00 00 00 00 00 00 Session.........
00a0 00 01 00 00 00 00 00 00 00 01 00 00 00 0f 00 00 ................
00b0 00 06 00 61 00 64 00 6d 00 69 00 6e 00 00 00 00 ...a.d.m.i.n....
00c0 00 06 00 XX XX XX XX XX XX XX XX XX XX 00 ...XXXXXXXXXX.
使用的Java代码:
_diiop_args = new String[]{"-ORBEnableSSLSecurity", "-HTTPEnableSSLSecurity"};
String ior = NotesFactory.getIOR(_diiop_host + ":" + _diiop_port,
_diiop_args, _user_name, _user_pass);
_session = NotesFactory.createSessionWithIOR(ior, _user_name, _user_pass);