Ajanta provides a Java class called AgentServer which implements the basic functionality
described in Chapter 1.   Programmers can extend this class in order to add application-
specific functionality, by writing a subclass of AgentServer.  For example, the subclass could
insert application-defined resources into the resource registry.  Figure 1 shows an agent server
along with an agent currently resident on it.

In .ajanta/servers directory execute the Perl script serverSetup. It will prompt you to enter a
name of server . This script will create a directory with the same name as that of the server, where
server configuration files are kept. It will also ask you to enter the full path to the java class files that
will be used by the other agent server to download classes at runtime. If this server will be used to
launch agents then you should specify full path to the directory where agent's classes can be found.
Else specify full path to directory where agent server classes are stored. For example if you are running
HelloWorld demo program and you are launching HelloAgent then class path should be given as
/home_dir/ajanta/demo/helloworld . On the other hand if this server is just going to host agents then
use /home_dir/ajanta/server as class path.

In this directory perl script generates key files and .config file. For detail discussion on how to generate
key  pairs please refer to installation procedure in Chapter1. A sample .config file is shown below:
        atp_port = 28049
        cs_port  = 22578
        cs_filepath=/home_dir/ajanta/demo/helloworld
        keyfile=/home_dir/.ajanta/servers/helloserver/keys

Here atp_port and cs_port specify the port on which server will listen for agent transfer and port on which
it will serve class requests from other server respectively. Keyfile specify the name of the file where public
key for this server is stored.

3.2 Server URN and Running the Server

Every entity in Ajanta is assigned a URN (name). URN assigned to agent server have very close relation to
the  server name. Last part of the URN should be same as that of the server name. At run time generic
agent server parse this URN to determine the name of the directory ( same as that of server) and use it to
locate the configuration (.config) file.  For example if  the name of the server is helloserver and URN of the user
running the server is "urn:ans:ajanta.cs.umn.edu/rsingh" then the URN of the server should be
"urn:ans:ajanta.cs.umn.edu/rsingh/helloserver"

To start the generic agent server execute the command:
> java ajanta.server.AgentServer helloserver

This will start the agent server and it is ready to accept any agent. The URN of the agent server is formed
by concatenating user's URN and name of the server, passed as command line argument, separated by "/".

3.3 File Access Control List (Only for Ajanta 1.0 & 1.1 release for JDK 1.1)

Every agent server can have a file access control list which is used to control the agent's access to files in the .ajanta/servers/SERVERNAMEdirectory.
The .acl file in each server's directory (.ajanta/servers/serverName) is where a server can give read or write permission to different users.  The Access control list is initialized by reading the .acl file.

A sample entry in a .acl file is given below

/home_dir/.ajanta/servers/calendarServer/HashTableDB  rw  URN:ans:fourier.cs.umn.edu/rsingh
full path to the file     read (r) and/or write(w) permission     user URN

For every file that you want to give access to, put an entry for it in the .acl. There is only one such .acl file.  Thus, any files located in subdirectories of .ajanta/servers/serverName must also be entered into this .acl file.
Example:
For the following directory structure:
%> .ajanta/servers/someServer
            -> SomeFile
            -> TestMessage
            -> SomeDir/
                    -> MessageFile

The .acl file will look as follows:

/home_dir/.ajanta/servers/someServer/SomeFile     rw     URN:ans:plato.cs.umn.edu/pathak
/home_dir/.ajanta/servers/someServer/TestMessage     r     URN:ans:plato.cs.umn.edu/pathak
/home_dir/.ajanta/servers/someServer/SomeDir/MessageFile     r    URN:ans:plato.cs.umn.edu/pathak

The entries in the file indicate that user pathak has read and write permission for the file SomeFile and read permissions for the files TestMessage and SomeDir/MessageFile.  Each entry should start on separate line and there should be no blank lines in the .acl. If there is no .acl file then AjantaSecurityManager by default disallows read and write permissions.

Also see ACL classes.

3.4 Network Access Control List (Only for Ajanta 1.0 & 1.1 release for JDK 1.1)

Every agent server can have a network access control list which is used to control the agent's access to network resources
(eg: URL connections, sockets etc.) while at the agent-server.
The .netacl file in each server's directory (.ajanta/servers/serverName) is where a server can give connect, no_connect, listen, no_listen, accept or no_accept permissions to different users for different hosts and ports.  The Network Access control list
is initialized by reading the .netacl file.

A sample entry in a .netacl file is given below

urn:ans:plato.cs.umn.edu/ajanta1     connect     plato.cs.umn.edu     5000
UserURN                                     permission     HostName         PortNumber

For every host and port that you want to give the agent permission to connect to, listen at or accept connections from, put an entry for it in the .netacl with permission name as connect, listen or accept. If you want to give negative permissions, i.e. if you want to prohibit permission to connect, listen or accept, give the permission name as no_connect, no_listen or no_accept, as shown in the example below.

There is only one .netacl file, under the .ajanta/servers/serverName directory.

The following .netacl file (under the directory: /home/ugrad00/pathak/.ajanta/servers/helloserver1):

urn:ans:plato.cs.umn.edu/ajanta1    connect     plato.cs.umn.edu       5000        anyport
urn:ans:plato.cs.umn.edu/ajanta1    listen         7500                       anyport
urn:ans:plato.cs.umn.edu/ajanta1    accept       newton.cs.umn.edu   7500        anyport
urn:ans:plato.cs.umn.edu/tripathi     listen          8888
urn:ans:plato.cs.umn.edu/tripathi     connect     www.cs.umn.edu       anyport     anyport
urn:ans:plato.cs.umn.edu/tripathi     connect     fourier.cs.umn.edu     connect    50000
urn:ans:plato.cs.umn.edu/kakani     no_connect     whale.itlabs.umn.edu     80
urn:ans:plato.cs.umn.edu/kakani     no_listen     800     1000
urn:ans:plato.cs.umn.edu/kakani     no_accept   www.itlabs.umn.edu  80
 

gives the following permissions to agents while at pathak's helloserver1 agent-server:

User ajanta1's agents: Permission to connect to plato.cs.umn.edu on any port above 5000, permission to create a server socket and listen at ports 7500 and up and permission to accept connections from newton.cs.umn.edu, remote ports 7500 and up

User tripathi's agents: Permission to create a server socket and listen at port 8888, permission to connect to www.cs.umn.edu on any port between 1 and 65000 and permission to connect to fourier.cs.umn.edu on port 50000

User kakani's agents:  No Permission to connect to whale.itlabs.umn.edu on port 80, no permission to create server sockets on ports between 800 and 1000 and no permission to accept connections from www.itlabs.umn.edu on port 80.

Each entry in the .netacl file should start on a separate line and there should be no blank lines in the .netacl. If there is no .netacl file then the AjantaSecurityManager by default disallows connect, listen and accept permissions.

Also see ACL classes.

 GO  TO- Top of this page    Previous Chapter  Next  Chapter   Table of Contents of this Guide