5 Replies Latest reply on Nov 3, 2005 11:04 AM by Johann DUPUIS

    Stateless Session Bean behind firewall/proxy -- RMI over HTT

    Johann DUPUIS Newbie

      Hi all,

      I'm trying to access SLSB on a remote JBoss server using RMI over HTTP.

      It seems to work, but by looking closer using Ethereal I can see that no only HTTP (port 8080) is used but also the JRMP (port 4444).

      Since in a near future I would like to access these EJBs behind a firewall/proxy, I expect communication between client/server to be fully HTTP (and on a single static port only).

      Find below the configuration file and code sample I'm using.

      Could you explain me what I missed?

      Help would be greatly appreciated.
      Johann

      jboss.xml

       <enterprise-beans>
       <session>
       <ejb-name>ClaimPersistence</ejb-name>
       <jndi-name>ejb/claimPersistence</jndi-name>
       <configuration-name>HTTP Session</configuration-name>
       </session>
       </enterprise-beans>
      
       <resource-managers>
       </resource-managers>
       <container-configurations>
       <container-configuration extends="Standard Stateless SessionBean">
       <container-name>HTTP Session</container-name>
       <home-invoker>jboss:service=invoker,type=http</home-invoker>
       <bean-invoker>jboss:service=invoker,type=http</bean-invoker>
       </container-configuration>
       </container-configurations>
      


      Client Code
      ClaimPersistenceHome claimPersistenceHome= null;
      ClaimPersistence claimPersistence= null;
      try {
       InitialContext ic = null;
      
       Hashtable props = new Hashtable();
       props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
       props.put(Context.PROVIDER_URL, "http://192.123.1.2:8080/invoker/JNDIFactory");
       ic = new InitialContext(props);
      
       Object home = ic.lookup("ejb/claimPersistence");
       ClaimPersistenceHome sfHome = (ClaimPersistenceHome) PortableRemoteObject.narrow(home, ClaimPersistenceHome.class);
       claimPersistence = sfHome.create();
       Collection col= claimPersistence.findClaimViews();
      
       System.out.println("Col.size():" + col.size());
      }
      catch (Exception e){
       e.printStackTrace();
      }
      


      Other info:
      192.123.1.2 is the IP address of my JBoss server
      192.123.1.1 is the IP address of my client
      Jboss version: 3.2.5
      Server is Gentoo Linux.
      Client is Windows XP (firewall disabled).


        • 1. Re: Stateless Session Bean behind firewall/proxy -- RMI over
          Benoit Xhenseval Newbie

          Hi Johann,

          I am facing exactly the same problem and have reached the same point: port 4444 is used...

          I have reached this without having to change the jboss.xml. Why do you have to?

           <container-configurations>
           <container-configuration extends="Standard Stateless SessionBean">
           <container-name>HTTP Session</container-name>
           <home-invoker>jboss:service=invoker,type=http</home-invoker>
           <bean-invoker>jboss:service=invoker,type=http</bean-invoker>
           </container-configuration>
           </container-configurations>
          


          I have done the JNDI over https, details of which I can send if you want.

          Have you solved your problem with port 4444?
          I tried this:
          http://www.nemesisit.ro/opendocs/ejboverhttp.html
          But that did not seem to work for me either...

          Anyone who solved this, please share it...

          Thanks
          Tot ziens,

          Benoit

          • 2. Re: Stateless Session Bean behind firewall/proxy -- RMI over
            Johann DUPUIS Newbie

            Hi Benoit,


            I have reached this without having to change the jboss.xml. Why do you have to?

            I've followed the tutorial :
            http://www.nemesisit.ro/opendocs/ejboverhttp.html
            In practice, I'm not sure it's mandatory.


            I have done the JNDI over https, details of which I can send if you want.

            It could be interesting, so please send me details.


            Have you solved your problem with port 4444?

            Unfortunately not, else I would have post my solution here ;-)
            It seems to me like a standard way of using JBoss (behind a firewall over http) so it sounds strange to me that no one has a response for this!?

            Regards.
            Johann


            • 3. Re: Stateless Session Bean behind firewall/proxy -- RMI over
              Benoit Xhenseval Newbie

              Hi Johann,

              Yes I find it surprising that nobody seems to have an answer... Guys, please share it!!!

              Here is how I managed to use https to access JNDI:

              Client code:

              System.out.println("Connect HTTPS");
              Properties prop = System.getProperties();
              
              prop.put("java.naming.factory.initial",
               "org.jboss.naming.HttpNamingContextFactory");
              prop.put("org.jboss.security.ignoreHttpsHost", "true");
              prop.put("java.naming.provider.url", "https://myserver.com:8443/invoker/JNDIFactory");
              
              // Create a trust manager that does not validate certificate chains (if it is self signed)
              TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
               public java.security.cert.X509Certificate[] getAcceptedIssuers() {
               return null;
               }
              
               public void checkClientTrusted(
               java.security.cert.X509Certificate[] certs, String authType) {
               }
              
               public void checkServerTrusted(
               java.security.cert.X509Certificate[] certs, String authType) {
               }
              } };
              
              // Install the all-trusting trust manager
              try {
               SSLContext sc = SSLContext.getInstance("SSL");
               sc.init(null, trustAllCerts, new java.security.SecureRandom());
               HttpsURLConnection
               .setDefaultSSLSocketFactory(sc.getSocketFactory());
              } catch (Exception e) {
              }
              
              MyEJBHome home;
              try {
               System.err.println("About to connect to JNDI HTTPS");
               home = (MyEJBHome) connect("MyJNDINameBean",
               MyEJBHome.class, prop);
               System.err.println("Got the HOME interface");
               MyEJBRemote remote = home.create();
               System.err.println("Got the REMOTE interface");
              } catch (NamingException e) {
               // TODO Auto-generated catch block
               e.printStackTrace();
              } catch (RemoteException e) {
               // TODO Auto-generated catch block
               e.printStackTrace();
              } catch (CreateException e) {
               // TODO Auto-generated catch block
               e.printStackTrace();
              }
              


              and the jboss-service.xml in http-invoker.sar/META-INF

               <!-- Expose the Naming service interface via HTTPS -->
               <mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
               name="jboss:service=invoker,type=http,target=Naming">
               <!-- The Naming service we are proxying -->
               <attribute name="InvokerName">jboss:service=Naming</attribute>
               <!-- Compose the invoker URL from the cluster node address -->
               <attribute name="InvokerURLPrefix">https://</attribute>
               <attribute name="InvokerURLSuffix">:8443/invoker/JMXInvokerServlet</attribute>
               <attribute name="UseHostName">true</attribute>
               <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
               <attribute name="JndiName"></attribute>
               <attribute name="ClientInterceptors">
               <interceptors>
               <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
               <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
               <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
               <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
               </interceptors>
               </attribute>
               </mbean>
              


              Hope this help

              Benoit

              • 4. Re: Stateless Session Bean behind firewall/proxy -- RMI over
                Johann DUPUIS Newbie

                Hi all,

                Investigated more, here is the status.
                By using the configuration above, ONLY JNDI over HTTP is enabled.

                So my question is, how to enable RMI over HTTP? HTTPS? Especially on the client side.

                Thanks for help.
                Johann

                • 5. Re: Stateless Session Bean behind firewall/proxy -- RMI over
                  Johann DUPUIS Newbie

                  Hi all,

                  I've got it.

                  Tutorial is for deployment on JBoss 3.0 and *NOT* JBoss 3.2:

                  http://www.nemesisit.ro/opendocs/ejboverhttp.html


                  DTD of jboss.xml has changed in v3.2, configuration should be for each ejb:

                  <ejb-name>MyBean</ejb-name>
                  <jndi-name>ejb/MyBean</jndi-name>
                  <invoker-bindings>

                  <invoker-proxy-binding-name>stateless-http-invoker</invoker-proxy-binding-name>

                  </invoker-bindings>

                  <method-attributes>
                  </method-attributes>


                  and:

                  <invoker-proxy-bindings>
                  <!-- A custom invoker for RMI/HTTP -->
                  <invoker-proxy-binding>
                  stateless-http-invoker
                  <invoker-mbean>jboss:service=invoker,type=http</invoker-mbean>
                  <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
                  <proxy-factory-config>
                  <client-interceptors>

                  org.jboss.proxy.ejb.HomeInterceptor
                  org.jboss.proxy.SecurityInterceptor
                  org.jboss.proxy.TransactionInterceptor
                  org.jboss.invocation.InvokerInterceptor


                  org.jboss.proxy.ejb.StatelessSessionInterceptor
                  org.jboss.proxy.SecurityInterceptor
                  org.jboss.proxy.TransactionInterceptor
                  org.jboss.invocation.InvokerInterceptor

                  </client-interceptors>
                  </proxy-factory-config>
                  </invoker-proxy-binding>
                  </invoker-proxy-bindings>


                  Modifying jboss.xml and jboss-service.xml allow to enable https if needed.

                  Regards.

                  Johann