users@glassfish.java.net

Re: Secure JNDI in unsecure network?

From: <glassfish_at_javadesktop.org>
Date: Tue, 25 Nov 2008 01:48:09 PST

Thx for the answer. Sorry for the unclear question, maybe I should get more specific.

I want to run a server in a data center, which runs a database and Glassfish in which some servlets and EJBs are deployed. In the jndi context of the server is a connection pool, pooling connections to the local database. Only the EJBs should access the database directly (through the connection pool, using JPA). Now I want some client (application client or stand-alone, doesn't really matter) to access the EJBs. The client connects to the EJBs through the internet and can use ProgrammaticLogin, the EJBs set the roles to manage how access is allowed.

As far as I know, this should be nothing special and shouldn't be very complex to implement.

Now [b]my problem[/b] is that when I access the EJBs remote interface, I have to allow access to an ORB listener (which is used for jndi lookups and for sending the client the exact ip/port for the rmi call itself). But when the ORB listener is open, the whole network which is able to access it can perform a lookup on the connection pool instead of only the EJBs remote interfaces (the rmi reference) and thereby bypass all the security constraints set in the EJB.

[b]A workaround[/b] for this [b]could be[/b] to put the server and every client in a VPN but then still every client in the VPN could bypass the security constraints by looking up the connection pool.
This could be compared to put the server and every client to the some LAN (except that there are no possibilities for eavesdropping in the VPN which might be possible in a LAN). But when RMI can't even be used in a secure way on the own LAN - what is it good for?

The [b]next solution I thought of[/b] is to implement the client as a web client, accessing the EJBs through RMI and bind the ORB listener only to localhost (or block extern access with the firewall). This would be a good working solution if a thin client would be a solution for me but unfortunately I needed a rich client.

The [b]last idea I have[/b] to implement this in a secure way is to block the ORB listener(s) and access the EJBs through a web service. The web service of course had to be encrypted.
But this solution would create more overhead and, as far as I know, wouldn't apply to the concept of Java EE.

[i]How can I achieve this requirements? What did I forget to think about? Are my concepts maybe totally wrong?
My requirements should be a default use case, aren't they? But anyways, I was unable to make any progress on this for days. I hope somebody can help me or has some hints.[/i]
[Message sent by forum member 'mastag' (mastag)]

http://forums.java.net/jive/thread.jspa?messageID=318595