users@glassfish.java.net

Re: Securing RMI/IIOP conversation with application client

From: Russell Gold <russgold_at_gmail.com>
Date: Wed, 31 Oct 2012 13:14:15 -0400

In general, you connect originally (usually to the Naming Service) using an
insecure connection. But you can mark EJB calls as being secure
http://java.dzone.com/articles/secure-ssl-ejb-communication - in which case
the IIOP automatically uses the appropriate secure connection using the
CSIv2 standard.

On Fri, Oct 26, 2012 at 5:02 AM, <forums_at_java.net> wrote:

> G'day I'd like to secure the RMI/IIOP conversation between my application
> client and Glassfish. After looking at a lot of documents about making
> socket
> factories and such I finally discovered that Glassfish now supports this
> natively. As I understand it Glassfish has three ORB listeners - one
> insecure, one with SSL without client authentication, and one with SSL with
> client authentication. (Strictly these are listeners for the naming service
> but I assume that the subsequent conversation is secured as the name
> suggests.) My first attempt was to force the client to contact glassfish on
> the port (3820) used by the the 'SSL without client authentication
> listener'
> (by putting -Dorg.omg.CORBA.**ORBInitialPort=3820 in the Netbeans ->
> project
> properties -> Run -> VM options field of the application client). This
> caused
> an IIOP hernia within glassfish when the application client was run. The
> root
> error appears to be either an IOException End of Stream or a JNDI lookup
> failure (not sure which as both are listed as causes in the stack trace.)
> My
> second attempt was to remove the above JVM option from the application
> client
> and instead use the glassfish admin server to secure the conversation on
> port
> 3700 (the default). I did this by checking 'Security: Enabled' in
> orb-listener-1 (the insecure listener that uses port 3700). The client then
> executed without error. My question is, have I actually secured the
> conversation by doing this ? Or have I only secured the conversation with
> the
> naming service.
>
> --
>
> [Message sent by forum member 'ianblav']
>
> View Post: http://forums.java.net/node/**891795<http://forums.java.net/node/891795>
>
>
>