Skip to main content

Securing RMI/IIOP conversation with application client

No replies
ianblav
Offline
Joined: 2012-10-24
Points: 0

G'day

I'd like to secure the RMI/IIOP conversation between my application client and Glassfish. After looking at a lot of documents about making socket factories and such I finally discovered that Glassfish now supports this natively. As I understand it Glassfish has three ORB listeners - one insecure, one with SSL without client authentication, and one with SSL with client authentication. (Strictly these are listeners for the naming service but I assume that the subsequent conversation is secured as the name suggests.)

My first attempt was to force the client to contact glassfish on the port (3820) used by the the 'SSL without client authentication listener' (by putting
-Dorg.omg.CORBA.ORBInitialPort=3820 in the Netbeans -> project properties -> Run -> VM options field of the application client). This caused an IIOP hernia within glassfish when the application client was run. The root error appears to be either an IOException End of Stream or a JNDI lookup failure (not sure which as both are listed as causes in the stack trace.)

My second attempt was to remove the above JVM option from the application client and instead use the glassfish admin server to secure the conversation on port 3700 (the default). I did this by checking 'Security: Enabled' in orb-listener-1 (the insecure listener that uses port 3700). The client then executed without error.

My question is, have I actually secured the conversation by doing this ? Or have I only secured the conversation with the naming service.