Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations sizbut on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

RMI Sockets & Firewalls

Status
Not open for further replies.
grega

grega

Programmer
Feb 2, 2000
932
GB
I am developing a small RMI application which implements a secure credit card refund. The basic architecture is that the RMI client is on a client server, the RMI server (which
communicates with the secure site using JSSE & XML-RPC) is on a secure machine in a hosting centre. There is a firewall between the client and server and this is what is causing the problem. These machines are all running Solaris.

I've read and almost understood the article by Tim Goffings ...


but still have a few problems. Basically, the RMI server listens on port 1099 so I've enabled this in java.policy. This is where I'm at the limits of my understanding, but when the client communicates with the server, traffic is also generated on another (seemingly random) port - port 0 -which is assigned by the OS.

When I implement the server solution (by extending RMISocketFactory) above to use port 1098 for other communication, this seems to work OK, but when I tie down the sockets in java.policy on both machines to 1098 & 1099, the client still reports an Access Denied exception on an arbitrary high numbered port (e.g. 32277) when I try to run it.

How can I tie the client down to use a single additional port as I have done for the server, as we can only open specific ports on the firewall. I suspect it's centred around implementing RMIClientSocketFactory but am unsure as how to proceed.

Any ideas would be much appreciated.

Greg.
 
Sort by date Sort by votes
Things suggest to check:

1. In your extended RMISocketFactory, have you override createServerSocket method like the example to restrict RMI server creating a different client port other than 1098:

public ServerSocket createServerSocket(int port)
throws IOException {
port = (port == 0 ? 1098 : port);
System.out.println("creating ServerSocket on port " + port);
return new ServerSocket(port);
}

2. in the RMI server have you set the SocketFactory to your new extended factory
Code: 
try {
   RMISocketFactory.setSocketFactory(new FixedPortRMISocketFactory());
} catch (IOException e) {
  e.printStackTrace();
}
3. Have you create registry under port 1099 in the server RMI after you set the RMISocketFactory and before you bind the server.
Code: 
   Registry reg = LocateRegistry.createRegistry(1099);
 
Upvote 0 Downvote
Unfortunately, yes, yes and yes!

I'm creating the registry on port 1200, and in the constructor of the server I'm doing a super(1201) which call a constructor of the UnicastRemoteObject.

The only ports I'm opening in the policy files are 1200 and 1201. Now when I run the client I get an "error unmarshalling return header" and the server reports an AccessControlException on port 35496.

This is infuriating, but fun :)

Greg.
 
Upvote 0 Downvote
I have pretty much solved this, if anyone's interested.

Greg.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

seema165
  • Locked
  • Question
Web Application (JSP, Servlets, Struts) Issue - Java & Tomcat Upgrade
Replies
12
Views
329
Diancecht
Diancecht
PROFESSORSPARKIE
  • Locked
  • Question
Take an application program & convert to an Applet
Replies
8
Views
208
drdad5727
drdad5727
yogpatel
  • Locked
  • Question
java & cmdline
Replies
3
Views
101
stefanwagner
stefanwagner
yogpatel
  • Locked
  • Question
cmdline & java
Replies
2
Views
101
stefanwagner
stefanwagner
1DMF
  • Locked
  • Question
Dynamic casting & serialised objects 1
Replies
6
Views
151
Diancecht
Diancecht

Part and Inventory Search

Sponsor

Back
Top