users@glassfish.java.net

Securing communication between tiers

From: <glassfish_at_javadesktop.org>
Date: Fri, 29 Oct 2010 14:35:17 PDT

Hi,

I'm using Glassfish 2.1.1 and am wanting to communicate between nodes over an un trusted network. I am happy to use ssl tunnels and/or a ESB like mule to get secure communications between the web and the app tiers.

On the web tier I have changed GF's ports and set the app server to point to a local ssh tunnel that directs to port 3700 on the app tier, the app tier still want's to use it's external address:

I have also noticed that this causes other problems because application deployment tried to use the local server on the default ports rather than the ones I have configured in domain.xml

java.naming.factory.initial=com.sun.enterprise.naming.SerialInitContextFactory
java.naming.factory.url.pkgs=com.sun.enterprise.naming
java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl
org.omg.CORBA.ORBInitialHost=localhost
org.omg.CORBA.ORBInitialPort=93700

It still tries to connect to other ports using the actual ip address of the app tier.

[#|2010-10-28T08:02:52.398+0000|WARNING|sun-appserver2.1|javax.enterprise.resource.corba.ee.S1AS-ORB.rpc.transport|_ThreadID=10;_ThreadNa
me=main;IIOP_CLEAR_TEXT;192.168.4.112;3920;;_RequestID=6ff79731-f6ff-4602-8d89-df65867078c8;|"IOP00410201:
(COMM_FAILURE) Connection fail
ure: socketType: IIOP_CLEAR_TEXT; hostname: 192.168.4.112; port: 3920"
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed: No

[#|2010-10-28T08:03:13.648+0000|WARNING|sun-appserver2.1|javax.enterprise.resource.corba.ee.S1AS-ORB.rpc.transport|_ThreadID=10;_ThreadNa
me=main;IIOP_CLEAR_TEXT;192.168.4.112;3700;;_RequestID=6ff79731-f6ff-4602-8d89-df65867078c8;|"IOP00410201:
(COMM_FAILURE) Connection fail
ure: socketType: IIOP_CLEAR_TEXT; hostname: 192.168.4.112; port: 3700"
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed: No

[#|2010-10-28T08:03:34.648+0000|WARNING|sun-appserver2.1|javax.enterprise.resource.corba.ee.S1AS-ORB.rpc.transport|_ThreadID=10;_ThreadNa
me=main;IIOP_CLEAR_TEXT;192.168.4.112;3820;;_RequestID=6ff79731-f6ff-4602-8d89-df65867078c8;|"IOP00410201:
(COMM_FAILURE) Connection fail
ure: socketType: IIOP_CLEAR_TEXT; hostname: 192.168.4.112; port: 3820"
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed: No

I really need to encrypt the traffic between nodes and use iptables to strictly restrict traffic to/from all nodes.
Can I do this using glassfish 2.1.1?

Regards,
Ian.
[Message sent by forum member 'nocadminguv']

http://forums.java.net/jive/thread.jspa?messageID=486506
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.