10 Replies Latest reply on Mar 30, 2006 1:30 PM by anshah1

Help requried for JBoss 3.2.5 behind Firewall

sanketdesai Jun 9, 2005 11:12 AM

Hi all,

My problem is regarding configuration of JBoss 3.2.5 behind Firewall. I went through so many posts regarding this type of issue, but still I haven't got any solution.

Problem goes like this. I have installed JBoss 3.2.5. It is behind firewall. According to various articles, ports like 4444, 4445, 1089, 1088, 8080, 8083, 8009 are open. Ports 1089 and 1088 are JNDI ports for my application. My application contains one applet. This applet makes call to EJB. When applet is opened in LAN there is no problem. But over internet is doesn't open. It gives exception like :
Application Error on localhost at Thu Jun 09 19:46:37 IST 2005
Probably Cause Message : Exception Occured java.rmi.ConnectException: Connection refused to host: xxx.xxx.xxx.xxx; nested exception is:
java.net.ConnectException: Connection timed out: connect
java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.(Unknown Source)
at java.net.Socket.(Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown Source)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
...........
......

Then I tried to configure JBoss for RMI and JNDI over HTTP. Configuration is according to other posts available on the forum. But using netstat command I came to know that still applet tries to make connection to 4444 and some other random port. So, according to me it should not use port 4444 and that random port because it is configured as RMI over HTTP.

For RMI over HTTP, I have configured InvokerURL appropriately in deploy/http-invoker.sar/META-INF/jboss-service.xml . I have also provided required http parameter for client side i.e. for applet. They are as follows:

java.naming.factory.initial=org.jnp.interfaces.HttpNamingContextFactory
java.naming.provider.url=http://xxx.xxx.xxx.xxx:8080/invoker/JNDIFactory
java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces

Also, on command line I have provided option -Djava.rmi.server.hostname=xxx.xxx.xxx.xxx (which is external IP). But still no sucess. Where am I making mistake ?

Thanks.

Sanket.

1. Re: Help requried for JBoss 3.2.5 behind Firewall

sanketdesai Jun 11, 2005 1:32 AM (in response to sanketdesai)

Please help !!!!!!!!!!!!!!
Actions
2. Re: Help requried for JBoss 3.2.5 behind Firewall

efly Jun 12, 2005 11:15 PM (in response to sanketdesai)

I am familiar with that kind of problem. Rmi over http perhaps may help you to solve this.
Actions
3. Re: Help requried for JBoss 3.2.5 behind Firewall

sanketdesai Jun 13, 2005 12:32 AM (in response to sanketdesai)

Dear efly,

Thanks for your reply. But can you give me guidelines for how to configure JBoss for RMI over HTTP. Because I tried to configure it as per other posts of JBoss but no success yet. So, if you can provide guidelines (i.e. which files to modify, which particular parameters are needed etc..) then it would be very helpful.

regards,

Sanket.
Actions

4. Re: Help requried for JBoss 3.2.5 behind Firewall

didi1976 Jun 13, 2005 3:54 AM (in response to sanketdesai)

Specifying the HttpNamingContextFactory is only half the way. This only enables JNDI requests over HTTP.

Now you have to specify RMI over HTTP on your EJB in jboss.xml, e.g.:

<jboss>
....
 <session>
 <ejb-name>YourBean</ejb-name>
 <jndi-name>YourBeansJNDIName</jndi-name>

 <invoker-bindings>
 <invoker>
 <invoker-proxy-binding-name>http</invoker-proxy-binding-name>
 <jndi-name>YourBeansHTTPJNDIName</jndi-name>
 </invoker>
 </invoker-bindings>
 </session>
...
 <invoker-proxy-bindings>
 <invoker-proxy-binding>
 <name>http</name>
 <invoker-mbean>jboss:service=invoker,type=http</invoker-mbean>
 <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
 <proxy-factory-config>
 <client-interceptors>
 <home>
 <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
 <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
 <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
 <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
 </home>
 <bean>
 <interceptor>org.jboss.proxy.ejb.StatefulSessionInterceptor</interceptor>
 <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
 <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
 <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
 </bean>
 </client-interceptors>
 </proxy-factory-config>
 </invoker-proxy-binding>
 </invoker-proxy-bindings>
...
</jboss>

5. Re: Help requried for JBoss 3.2.5 behind Firewall

sanketdesai Jun 13, 2005 6:07 AM (in response to sanketdesai)

Thanks for reply. I tried to implement the way you suggested, but not in EJB jboss.xml but in standardjboss.xml. This file is located in <jboss_directory>/conf/standardjboss.xml. Will it work that way?. Another point that I would like to ask is, if I go the way you suggested then will it require to give invoker-proxy-binding for each EJB my application has?. I am confused.

regards,

Sanket.
Actions
6. Re: Help requried for JBoss 3.2.5 behind Firewall

didi1976 Jun 13, 2005 7:45 AM (in response to sanketdesai)

You have to decide which EJBs are accessible from the "outside". For those EJBs you have to set the invoker.

Entity Beans are normaly not accessed from any client, instead you use the session facade pattern. So you only need to set the invoker for those Session Beans not for the Entity Beans.

If you set the invoker-proxy-binding in the standardjboss.xml you are chaning that for all deployments. So if you are hosting different applications on your server you have to take care not to overwrite any defaults an other application relys on.
Actions
7. Re: Help requried for JBoss 3.2.5 behind Firewall

sanketdesai Jun 13, 2005 8:57 AM (in response to sanketdesai)

Thanks for your instant reply.

Do I need to add or modify anything for container configuration in standardjboss.xml. I would like to make this (rmi over http) configuration for all applications so I want to modify standardjboss.xml.

thanks

Sanket.
Actions
8. Re: Help requried for JBoss 3.2.5 behind Firewall

anshah1 Mar 29, 2006 5:53 PM (in response to sanketdesai)

I am trying to achieve the same kind of deal. RMI over http with JBOSS 4.

I was wondering what would be the correct way of testing this. Everything seems to be working fine however I do not know whether it's over Http or direct RMI.

i have modified my jboss.xml to create invoker bindings for both stateless and stateful sessions beans. My Entity beans are accessed only locally by the server.

Thanks,
anuj
Actions
9. Re: Help requried for JBoss 3.2.5 behind Firewall

sanketdesai Mar 29, 2006 11:40 PM (in response to sanketdesai)

Hi Anuj,

Can you send your jboss.xml? I want to know what modifications have you made (I know you that it is for JBoss 4, but let me see).

Did you make any changes in standard-jboss.xml file?

regards,

Sanket.
Actions

10. Re: Help requried for JBoss 3.2.5 behind Firewall

anshah1 Mar 30, 2006 1:30 PM (in response to sanketdesai)

Hi Sanket,

Here's a list of things i did.

Firstly my client code

Properties env = new Properties();

 env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
 env.setProperty(Context.PROVIDER_URL, "http://externaladdr:8080/invoker/JNDIFactory");
 Context ctx = new InitialContext(env);
 Object data = ctx .lookup("jmx/invoker/RMIAdaptor");

So, i am not using a jndi properties file on the client at all. it's all hard coded in there at present.

Then my jboss.xml for one particular bean is

<session>
 <ejb-name>CCEAppSessionBean</ejb-name>
 <jndi-name>ejb/CCEAppSessionBean</jndi-name>
 <local-jndi-name>CCEAppSessionBeanLocal</local-jndi-name>
 <configuration-name>Standard Stateless SessionBean</configuration-name>
 <invoker-bindings>
 <invoker>
 <invoker-proxy-binding-name>
 stateless-http-invoker
 </invoker-proxy-binding-name>
 </invoker>
 </invoker-bindings>
 <method-attributes>
 </method-attributes>
 </session>

and the invoker binding is

 <invoker-proxy-binding>
 <name>stateless-http-invoker</name>
 <invoker-mbean>jboss:service=invoker,type=http</invoker-mbean>
 <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
 <proxy-factory-config>
 <client-interceptors>
 <home>
 <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
</home>
<bean>
<interceptor>
</interceptor>
 <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
 </bean>
</client-interceptors>
</proxy-factory-config>
</invoker-proxy-binding>

And this is the jboss.xml for my application. As far as the jboss-service.xml is concerned i am not sure whether i have to change anything cause that looks all configured by default. This seems like a good tech-note to do, a step by step process. Couldn't find sufficient documentation on this topic at all.

Thanks.,
Anuj

Go to original post