10 Replies Latest reply on Mar 30, 2006 1:30 PM by Anuj Shah

    Help requried for JBoss 3.2.5 behind Firewall

    Sanket Desai Newbie

      Hi all,

      My problem is regarding configuration of JBoss 3.2.5 behind Firewall. I went through so many posts regarding this type of issue, but still I haven't got any solution.

      Problem goes like this. I have installed JBoss 3.2.5. It is behind firewall. According to various articles, ports like 4444, 4445, 1089, 1088, 8080, 8083, 8009 are open. Ports 1089 and 1088 are JNDI ports for my application. My application contains one applet. This applet makes call to EJB. When applet is opened in LAN there is no problem. But over internet is doesn't open. It gives exception like :
      Application Error on localhost at Thu Jun 09 19:46:37 IST 2005
      Probably Cause Message : Exception Occured java.rmi.ConnectException: Connection refused to host: xxx.xxx.xxx.xxx; nested exception is:
      java.net.ConnectException: Connection timed out: connect
      java.net.ConnectException: Connection timed out: connect
      at java.net.PlainSocketImpl.socketConnect(Native Method)
      at java.net.PlainSocketImpl.doConnect(Unknown Source)
      at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
      at java.net.PlainSocketImpl.connect(Unknown Source)
      at java.net.Socket.connect(Unknown Source)
      at java.net.Socket.connect(Unknown Source)
      at java.net.Socket.(Unknown Source)
      at java.net.Socket.(Unknown Source)
      at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown Source)
      at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown Source)
      at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
      at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
      at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
      at sun.rmi.server.UnicastRef.invoke(Unknown Source)
      ...........
      ......


      Then I tried to configure JBoss for RMI and JNDI over HTTP. Configuration is according to other posts available on the forum. But using netstat command I came to know that still applet tries to make connection to 4444 and some other random port. So, according to me it should not use port 4444 and that random port because it is configured as RMI over HTTP.

      For RMI over HTTP, I have configured InvokerURL appropriately in deploy/http-invoker.sar/META-INF/jboss-service.xml . I have also provided required http parameter for client side i.e. for applet. They are as follows:

      java.naming.factory.initial=org.jnp.interfaces.HttpNamingContextFactory
      java.naming.provider.url=http://xxx.xxx.xxx.xxx:8080/invoker/JNDIFactory
      java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces

      Also, on command line I have provided option -Djava.rmi.server.hostname=xxx.xxx.xxx.xxx (which is external IP). But still no sucess. Where am I making mistake ?

      Thanks.

      Sanket.

        • 2. Re: Help requried for JBoss 3.2.5 behind Firewall
          efly Newbie

          I am familiar with that kind of problem. Rmi over http perhaps may help you to solve this.

          • 3. Re: Help requried for JBoss 3.2.5 behind Firewall
            Sanket Desai Newbie

            Dear efly,

            Thanks for your reply. But can you give me guidelines for how to configure JBoss for RMI over HTTP. Because I tried to configure it as per other posts of JBoss but no success yet. So, if you can provide guidelines (i.e. which files to modify, which particular parameters are needed etc..) then it would be very helpful.

            regards,

            Sanket.

            • 4. Re: Help requried for JBoss 3.2.5 behind Firewall
              Dietmar Scheidl Newbie

              Specifying the HttpNamingContextFactory is only half the way. This only enables JNDI requests over HTTP.

              Now you have to specify RMI over HTTP on your EJB in jboss.xml, e.g.:


              <jboss>
              ....
               <session>
               <ejb-name>YourBean</ejb-name>
               <jndi-name>YourBeansJNDIName</jndi-name>
              
               <invoker-bindings>
               <invoker>
               <invoker-proxy-binding-name>http</invoker-proxy-binding-name>
               <jndi-name>YourBeansHTTPJNDIName</jndi-name>
               </invoker>
               </invoker-bindings>
               </session>
              ...
               <invoker-proxy-bindings>
               <invoker-proxy-binding>
               <name>http</name>
               <invoker-mbean>jboss:service=invoker,type=http</invoker-mbean>
               <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
               <proxy-factory-config>
               <client-interceptors>
               <home>
               <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
               <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
               <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
               <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
               </home>
               <bean>
               <interceptor>org.jboss.proxy.ejb.StatefulSessionInterceptor</interceptor>
               <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
               <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
               <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
               </bean>
               </client-interceptors>
               </proxy-factory-config>
               </invoker-proxy-binding>
               </invoker-proxy-bindings>
              ...
              </jboss>
              


              • 5. Re: Help requried for JBoss 3.2.5 behind Firewall
                Sanket Desai Newbie

                Thanks for reply. I tried to implement the way you suggested, but not in EJB jboss.xml but in standardjboss.xml. This file is located in <jboss_directory>/conf/standardjboss.xml. Will it work that way?. Another point that I would like to ask is, if I go the way you suggested then will it require to give invoker-proxy-binding for each EJB my application has?. I am confused.

                regards,

                Sanket.

                • 6. Re: Help requried for JBoss 3.2.5 behind Firewall
                  Dietmar Scheidl Newbie

                  You have to decide which EJBs are accessible from the "outside". For those EJBs you have to set the invoker.

                  Entity Beans are normaly not accessed from any client, instead you use the session facade pattern. So you only need to set the invoker for those Session Beans not for the Entity Beans.

                  If you set the invoker-proxy-binding in the standardjboss.xml you are chaning that for all deployments. So if you are hosting different applications on your server you have to take care not to overwrite any defaults an other application relys on.

                  • 7. Re: Help requried for JBoss 3.2.5 behind Firewall
                    Sanket Desai Newbie

                    Thanks for your instant reply.

                    Do I need to add or modify anything for container configuration in standardjboss.xml. I would like to make this (rmi over http) configuration for all applications so I want to modify standardjboss.xml.

                    thanks

                    Sanket.

                    • 8. Re: Help requried for JBoss 3.2.5 behind Firewall
                      Anuj Shah Newbie

                      I am trying to achieve the same kind of deal. RMI over http with JBOSS 4.

                      I was wondering what would be the correct way of testing this. Everything seems to be working fine however I do not know whether it's over Http or direct RMI.

                      i have modified my jboss.xml to create invoker bindings for both stateless and stateful sessions beans. My Entity beans are accessed only locally by the server.

                      Thanks,
                      anuj

                      • 9. Re: Help requried for JBoss 3.2.5 behind Firewall
                        Sanket Desai Newbie

                        Hi Anuj,

                        Can you send your jboss.xml? I want to know what modifications have you made (I know you that it is for JBoss 4, but let me see).

                        Did you make any changes in standard-jboss.xml file?

                        regards,

                        Sanket.

                        • 10. Re: Help requried for JBoss 3.2.5 behind Firewall
                          Anuj Shah Newbie

                          Hi Sanket,

                          Here's a list of things i did.

                          Firstly my client code

                          Properties env = new Properties();
                          
                           env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
                           env.setProperty(Context.PROVIDER_URL, "http://externaladdr:8080/invoker/JNDIFactory");
                           Context ctx = new InitialContext(env);
                           Object data = ctx .lookup("jmx/invoker/RMIAdaptor");
                          


                          So, i am not using a jndi properties file on the client at all. it's all hard coded in there at present.

                          Then my jboss.xml for one particular bean is

                          <session>
                           <ejb-name>CCEAppSessionBean</ejb-name>
                           <jndi-name>ejb/CCEAppSessionBean</jndi-name>
                           <local-jndi-name>CCEAppSessionBeanLocal</local-jndi-name>
                           <configuration-name>Standard Stateless SessionBean</configuration-name>
                           <invoker-bindings>
                           <invoker>
                           <invoker-proxy-binding-name>
                           stateless-http-invoker
                           </invoker-proxy-binding-name>
                           </invoker>
                           </invoker-bindings>
                           <method-attributes>
                           </method-attributes>
                           </session>
                          


                          and the invoker binding is

                           <invoker-proxy-binding>
                           <name>stateless-http-invoker</name>
                           <invoker-mbean>jboss:service=invoker,type=http</invoker-mbean>
                           <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
                           <proxy-factory-config>
                           <client-interceptors>
                           <home>
                           <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
                          <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
                          <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
                          </home>
                          <bean>
                          <interceptor>
                          </interceptor>
                           <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
                          <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
                          <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
                           </bean>
                          </client-interceptors>
                          </proxy-factory-config>
                          </invoker-proxy-binding>
                          


                          And this is the jboss.xml for my application. As far as the jboss-service.xml is concerned i am not sure whether i have to change anything cause that looks all configured by default. This seems like a good tech-note to do, a step by step process. Couldn't find sufficient documentation on this topic at all.

                          Thanks.,
                          Anuj