users@glassfish.java.net

Re: Connecting to EJBs from different network

From: Adam Jenkins <adamjenkinstmpredirect_at_yahoo.com.au>
Date: Mon, 13 Apr 2009 14:42:45 -0700 (PDT)

Just some extra information, I'm using ubuntu 2.6.27-11-server with the ubuntu packaged version of glassfish (it says Sun Java System Application Server 9.1_01 (build local) in the admin console, but I don't think that's correct -- I'm pretty sure it's v2ur2).

When I nmap the machine, both locally and remotely, the iiop port doesn't show up, but when I telnet to it locally no problem.

IPTables output is:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

So there should be no problem :(
--- On Tue, 14/4/09, Adam Jenkins <adamjenkinstmpredirect_at_yahoo.com.au> wrote:

From: Adam Jenkins <adamjenkinstmpredirect_at_yahoo.com.au>
Subject: Connecting to EJBs from different network
To: users_at_glassfish.dev.java.net
Received: Tuesday, 14 April, 2009, 7:07 AM


Hi Guys,

I'm tearing my hair out over an issue I'm getting with my EJBs, and I'm just wondering if there is some kind of inbuilt security mechanism I'm not aware of?  I have a bunch of EJBs, secured using @RolesAllowed annotation with a custom JAAS module.

They work absolutely fine when accessed from the same machine (I have a server instance running a war in a different JVM).  The war instance on the same machine has no problems connecting via an ejb-ref pointing to corbaname:iiop:DOMAIN_NAME:33701#ejb/MyEJB (where DOMAIN_NAME has been changed in this email for security reasons).  The war can even create an InitialContext(ejbVMProperties) and load the ejbs (the old fashioned way) no problems at all.

NOTE:  The war and the ejb-jar are on the same machine, but in different server instances (managed by a node-agent), and hence different JVMs.  The iiop listener for the EJB instance has it's "Network Address" configured to DOMAIN_NAME and I've also set the JVM Property -Djava.rmi.server.hostname=DOMAIN_NAME

Now, the problem is, if I try to access the same EJBs from a different machine on a different network using a stand alone client I get the error below (note: whereever you see <<REMOVED>>, that's some text I've removed from the email for security reasons).  I've checked the host and port and obvious stuff like that to make sure it's correct -- infact, when I'm on the same machine I can telnet to the ejb iiop port no problems, however I can't from a remote machine -- I don't have any iptables or anything on this box yet, it's a new install). 

Is there some kind of inbuild firewall in the ejb server I have to disable?


14/04/2009 06:49:47 com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl <init>
WARNING: "IOP00410201: (COMM_FAILURE) Connection failure: socketType: IIOP_CLEAR_TEXT; hostname: <<REMOVED>>; port: <<REMOVED>>"
org.omg.CORBA.COMM_FAILURE:   vmcid: SUN  minor code: 201  completed: No
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2690)
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2711)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:261)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:274)
        at com.sun.corba.ee.impl.transport.SocketOrChannelContactInfoImpl.createConnection(SocketOrChannelContactInfoImpl.java:130)
        at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:192)
        at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:181)
        at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClientDelegateImpl.java:325)
        at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
        at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.java:69)
        at com.sun.enterprise.naming.SerialContext.narrowProvider(SerialContext.java:134)
        at com.sun.enterprise.naming.SerialContext.getRemoteProvider(SerialContext.java:220)
        at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.java:159)
        at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:409)
        at javax.naming.InitialContext.lookup(InitialContext.java:392)
        at com.<<REMOVED>>.batch.standalone.WebSpiderClient.main(WebSpiderClient.java:80)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
        at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSocketFactory.java:347)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:244)
        ... 13 more
Caused by: java.net.ConnectException: Connection refused: connect
        at sun.nio.ch.Net.connect(Native Method)
        at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:507)
        at com.sun.corba.ee.impl.orbutil.ORBUtility.openSocketChannel(ORBUtility.java:105)
        at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSocketFactory.java:332)
        ... 14 more
14/04/2009 06:49:50 com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl <init>
WARNING: "IOP00410201: (COMM_FAILURE) Connection failure: socketType: IIOP_CLEAR_TEXT; hostname: <<REMOVED>>; port: <<REMOVED>>"
org.omg.CORBA.COMM_FAILURE:   vmcid: SUN  minor code: 201  completed: No
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2690)
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2711)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:261)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:274)
        at com.sun.corba.ee.impl.transport.SocketOrChannelContactInfoImpl.createConnection(SocketOrChannelContactInfoImpl.java:130)
        at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:192)
        at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:181)
        at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClientDelegateImpl.java:325)
        at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
        at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.java:69)
        at com.sun.enterprise.naming.SerialContext.narrowProvider(SerialContext.java:134)
        at com.sun.enterprise.naming.SerialContext.getRemoteProvider(SerialContext.java:220)
        at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.java:159)
        at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:409)
        at javax.naming.InitialContext.lookup(InitialContext.java:392)
        at com.<<REMOVED>>.batch.standalone.WebSpiderClient.main(WebSpiderClient.java:80)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
        at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSocketFactory.java:347)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:244)
        ... 13 more
Caused by: java.net.ConnectException: Connection refused: connect
        at sun.nio.ch.Net.connect(Native Method)
        at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:507)
        at com.sun.corba.ee.impl.orbutil.ORBUtility.openSocketChannel(ORBUtility.java:105)
        at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSocketFactory.java:332)
        ... 14 more
14/04/2009 06:49:54 com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl <init>
WARNING: "IOP00410201: (COMM_FAILURE) Connection failure: socketType: IIOP_CLEAR_TEXT; hostname: <<REMOVED>>; port: <<REMOVED>>"
org.omg.CORBA.COMM_FAILURE:   vmcid: SUN  minor code: 201  completed: No
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2690)
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2711)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:261)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:274)
        at com.sun.corba.ee.impl.transport.SocketOrChannelContactInfoImpl.createConnection(SocketOrChannelContactInfoImpl.java:130)
        at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:192)
        at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:181)
        at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClientDelegateImpl.java:325)
        at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
        at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.java:69)
        at com.sun.enterprise.naming.SerialContext.narrowProvider(SerialContext.java:134)
        at com.sun.enterprise.naming.SerialContext.getRemoteProvider(SerialContext.java:220)
        at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.java:159)
        at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:409)
        at javax.naming.InitialContext.lookup(InitialContext.java:392)
        at com.<<REMOVED>>.batch.standalone.WebSpiderClient.main(WebSpiderClient.java:80)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
        at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSocketFactory.java:347)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:244)
        ... 13 more
Caused by: java.net.ConnectException: Connection refused: connect
        at sun.nio.ch.Net.connect(Native Method)
        at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:507)
        at com.sun.corba.ee.impl.orbutil.ORBUtility.openSocketChannel(ORBUtility.java:105)
        at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSocketFactory.java:332)
        ... 14 more



      Enjoy a better web experience. Upgrade to the new Internet Explorer 8 optimised for Yahoo!7. Get it now.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net