Using RMI in Report Server
Report Server uses Remote Method Invocation (RMI) for distributed functionality, such as clustering, event system, Remote API, and monitoring system. This topic describes the authentication process, the use of the authentication file, and how you can specify authentication information.
Report Server introduces universal remote object management, to avoid security risks and the mess of using the RMI registry (all the remote objects bound with the RMI registry directly can cause the remote objects to be unmanageable).
In the universal remote object management system, when getting a remote object to perform certain operations, either on a server (local or remote) or in a 3rd-party application (via Remote API), a request must be sent to the remote object management to get that special remote object. Also, authentication is required before any request for a remote object can be processed.
This topic contains the following sections:
The Authentication File
The authentication process requires a remote authentication file that contains the authentication information to accomplish the security check. The remote authentication file (<install_root>\bin\rmi.auth
) is generated by Report Server automatically during the server installation process. You can protect your authentication file by moving it to a safe place after the installation.
Using the Authentication File
The authentication file is commonly used in the following circumstances:
- In Report Server, the remote object management system will use an authentication file, which resides in the
<server_install_root>\bin
directory. - In Report Server Cluster, make sure that the authentication files on all clustered servers are the same. If you want to add a new Report Server that has a different authentication file to the server cluster, you should first backup the authentication file of that server, and then copy the authentication file from a clustered server in the Report Server Cluster to
<server_install_root>\bin
. - This file can then be used in Report Server Monitor. Copy the authentication file generated by the Report Server installation process to the directory
<monitor_install_root>\bin
. Report Server Monitor will then fetch it from<monitor_install_root>\bin
and build an authInfo object. - If the Remote API is used, you must specify the authentication file when launching an application that contains the Remote API invocations, for example,
java -cp ... -Djrs.rmi.auth_file=%authFileName% mainClass
. Also, you can specify a string by specifying the contents of the authentication file, for example,java -cp ... -Djrs.rmi.auth_string=my_auth_info mainClass
. Alternatively, you can specify the authentication string yourself arbitrarily. As long as the authentication strings that both local and remote servers hold are the same, you can pass the authentication check:java -cp ... -Djrs.rmi.auth_string=my_auth_info mainClass
.In Report Server and Report Server Monitor, you can also use -Djrs.rmi.auth_file or -Djrs.rmi.auth_string in the startup file. Report looks up these three locations in turn (-Djrs.rmi.auth_string => -Djrs.rmi.auth_file => <monitor_install_root>\bin) when checking authentication information. It uses the information it finds first for the authentication check in the remote object management system.
Ways to Generate Authentication Information
The authentication information can be of any bytes, as long as the authInfo objects match between the local and the remote servers. The following are the methods for specifying authentication information:
- You can get the authentication file (rmi.auth) generated when installing the server.
- You can use the RMIAuthFileCreator.bat file in
<server_install_root>\bin
to generate the authentication file. - You can compose any string into the auth file using any text editor.
- You can compose any string as the value of the system property -Djrs.rmi.auth_file or -Djrs.rmi.auth to specify authentication information.