Configure XP firewall to use RMI
I have a RMI server and client application.
They run perfectly when Windows XP's Internet Connection Firewall (ICF) is disabled in Network Connections. However, when the ICF is enabled, client fails to connect to server and obviously I get connection time out exception.
So my question is how to configure Windows XP Firewall (set up port info ect.) so RMI registry and server can accept connection from client and not get connection time out?
Basically does anyone know how to (in details) configure XP ICF to open a port so RMI registry and server can listen, accept and execute client's request(s). I did open a port, but it was unsuccessfull even after rebooting.
As a previous poster said, you need to open for traffic to the rmiregistry (default port 1099), as well as the port for the servise itself. The catch is that the service doesn't by default bind to a specific port, so it's impossible to know which one to keep open in ICF.
Unless, that is, you may rewrite the application itself. In that case, you should be able to specify a custom socket connection factory (both on the server and the client side), that connects on an agreed-upon port. I believe the RMI tutorial at java.sun.com (or maybe the one that's part of the Java 2 SE documentation) mentions how you write a custom socket connection factory.
Similar Messages
-
How to configure OC4J using RMI/IIOP with SSL
Any help?
I just mange configure the OC4J using RMI/IIOP but base on
But when I follow further to use RMI/IIOP with SSL I face the problem with: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
p/s: I use self generate keystore which should be ok as I can use it for https connection.
Any one can help?
Below is the OC4J log:
D:\oc4j\j2ee\home>java -Djavax.net.debug=all -DGenerateIIOP=true -Diiop.runtime.debug=true -jar oc4j.jar
05/02/23 16:43:16 ================ IIOPServerExtensionProvider.preInitApplicationServer
05/02/23 16:43:38 ================= IIOPServerExtensionProvider.postInitApplicationServer
05/02/23 16:43:38 ================== config = {SEPS={IIOP={ssl-port=5556, port=5555, ssl=true, trusted-clients=*, ssl-client-server-auth-port=5557, keystore=D:\\oc4j\\j2ee\\home\\server.keystore, keystore-password=123456, truststore=D:\\oc4j\\j2ee\\home\\server.keystore, truststore-password=123456, ClassName=com.oracle.iiop.server.IIOPServerExtensionProvider, host=localhost}}}
05/02/23 16:43:38 ================== server.getAttributes() = {threadPool=com.evermind.server.ApplicationServerThreadPool@968fda}
05/02/23 16:43:38 ================== pool: null
05/02/23 16:43:38 ====================== In startServer ...
05/02/23 16:43:38 ==================== Creating an IIOPServer ...
05/02/23 16:43:38 ========= IIOP server being initialized
05/02/23 16:43:38 SSL port: 5556
05/02/23 16:43:38 SSL port 2: 5557
05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(IIOP_CLEAR_TEXT, 5555, null)
05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = IIOP_CLEAR_TEXT port = 5555 )
05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL, 5556, null)
05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL port = 5556 )
05/02/23 16:43:45 ***
05/02/23 16:43:45 found key for : mykey
05/02/23 16:43:45 chain [0] = [
Version: V1
Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
b1239fff 2ae5d31d b01a0cfb 1186bae0 bbc7ac41 94f24464 e92a7e33 6a5b0844
109e30fb d24ad770 99b3ff86 bd96c705 56bf2e7a b3bb9d03 40fdcc0a c9bea9a1
c21395a4 37d8b2ce ff00eb64 e22a6dd6 97578f92 29627229 462ebfee 061c99a4
1c69b3a0 aea6a95b 7ed3fd89 f829f17e a9362efe ccf8034a 0910989a a8573305
Validity: [From: Wed Feb 23 15:57:28 SGT 2005,
To: Tue May 24 15:57:28 SGT 2005]
Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
SerialNumber: [ 421c3768]
Algorithm: [MD5withRSA]
Signature:
0000: 34 F4 FA D4 6F 23 7B 84 30 42 F3 5C 4B 5E 18 17 4...o#..0B.\K^..
0010: 73 69 73 A6 BF 9A 5D C0 67 8D C3 56 DF A9 4A AC sis...].g..V..J.
0020: 88 AF 24 28 C9 39 16 22 29 81 01 93 86 AA 1A 5D ..$(.9.")......]
0030: 07 89 26 22 91 F0 8F DE E1 4A CF 17 9A 02 51 7D ..&".....J....Q.
0040: 92 D3 6D 9B EF 5E C1 C6 66 F9 11 D4 EB 13 8F 17 ..m..^..f.......
0050: E7 66 58 9F 6C B0 60 7C 39 B4 E0 B7 04 A7 7F A6 .fX.l.`.9.......
0060: 4D A5 89 E7 F4 8A DC 59 B4 E7 A5 D4 0A 35 9A F1 M......Y.....5..
0070: A2 CD 3A 04 D6 8F 16 B1 9E 6F 34 40 E8 C0 47 03 ..:[email protected].
05/02/23 16:43:45 ***
05/02/23 16:43:45 adding as trusted cert:
05/02/23 16:43:45 Subject: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Issuer: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3779
05/02/23 16:43:45 Valid from Wed Feb 23 15:57:45 SGT 2005 until Tue May 24 15:57:45 SGT 2005
05/02/23 16:43:45 adding as trusted cert:
05/02/23 16:43:45 Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3768
05/02/23 16:43:45 Valid from Wed Feb 23 15:57:28 SGT 2005 until Tue May 24 15:57:28 SGT 2005
05/02/23 16:43:45 trigger seeding of SecureRandom
05/02/23 16:43:45 done seeding SecureRandom
05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL_MUTUALAUTH, 5557, null)
05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL_MUTUALAUTH port = 5557 )
05/02/23 16:43:45 matching alias: mykey
matching alias: mykey
05/02/23 16:43:46 ORB created ..com.oracle.iiop.server.OC4JORB@65b738
05/02/23 16:43:47 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc [email protected]7
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc com.sun.corba.ee.internal.corba.ServerDelegate@9300cc
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Entering dispatch method
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Consuming service contexts, GIOP version: 1.2
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Has code set context? false
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Dispatching to servant
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Handling invoke handler type servant
05/02/23 16:43:48 NS service created and started ..org.omg.CosNaming._NamingContextExtStub:IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
05/02/23 16:43:48 NS ior = ..IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
05/02/23 16:43:48 Oracle Application Server Containers for J2EE 10g (9.0.4.0.0) initialized
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Server getConnection(119e583[Unknown 0x0:0x0: Socket[addr=/127.0.0.1,port=1281,localport=5556]], SSL)
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): host = 127.0.0.1 port = 1281
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Created connection Connection[type=SSL remote_host=127.0.0.1 remote_port=1281 state=ESTABLISHED]
com.sun.corba.ee.internal.iiop.MessageMediator(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): Creating message from stream
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, SEND TLSv1 ALERT: fatal, description = unexpected_message
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, WRITE: TLSv1 Alert, length = 2
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeSocket()
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ReaderThread(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): IOException in createInputStream: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.readFully(MessageBase.java:520)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.createFromStream(MessageBase.java:58)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.MessageMediator.processRequest(MessageMediator.java:110)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.IIOPConnection.processInput(IIOPConnection.java:339)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.ReaderThread.run(ReaderThread.java:63)
05/02/23 16:45:14 Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
05/02/23 16:45:14 ... 6 more
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.IIOPConnection(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): purge_calls: starting: code = 1398079696 die = true
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): DeleteConn called: host = 127.0.0.1 port = 1281Good point, I do belive what you are referring to is this:
Any client, whether running inside a server or not, has EJB security properties. Table 15-2 lists the EJB client security properties controlled by the ejb_sec.properties file. By default, OC4J searches for this file in the current directory when running as a client, or in ORACLE_HOME/j2ee/home/config when running in the server. You can specify the location of this file explicitly with the system property setting -Dejb_sec_properties_location=pathname.
Table 15-2 EJB Client Security Properties
Property Meaning
# oc4j.iiop.keyStoreLoc
The path and name of the keystore. An absolute path is recommended.
# oc4j.iiop.keyStorePass
The password for the keystore.
# oc4j.iiop.trustStoreLoc
The path name and name of the truststore. An absolute path is recommended.
# oc4j.iiop.trustStorePass
The password for the truststore.
# oc4j.iiop.enable.clientauth
Whether the client supports client-side authentication. If this property is set to true, you must specify a keystore location and password.
# oc4j.iiop.ciphersuites
Which cipher suites are to be enabled. The valid cipher suites are:
TLS_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_MD5
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
nameservice.useSSL
Whether to use SSL when making the initial connection to the server.
client.sendpassword
Whether to send user name and password in clear form (unencrypted) in the service context when not using SSL. If this property is set to true, the user name and password are sent only to servers listed in the trustedServer list.
oc4j.iiop.trustedServers
A list of servers that can be trusted to receive passwords sent in clear form. This has no effect if client.sendpassword is set to false. The list is comma-delimited. Each entry in the list can be an IP address, a host name, a host name pattern (for example, *.example.com), or * (where "*" alone means that all servers are trusted. -
RMI server behind firewall--must use host as name, not IP
Server is running behind a firewall, which runs such that any machine behind the firewall cannot use the external IP to get back to itself.
That is:
- outside IP = 192.171.20.5 (port forwards 1099 to 192.168.1.5:1099)
- inside IP = 192.168.1.5 (rmi server listens on 1099)
from the machine inside (192.168.1.5), it is IMPOSSIBLE to create a socket to [outside ip](192.171.20.5), port 1099, and expect it to get back to the machine inside--the firewall prohibits this.
I -can- use name-based lookups, such that I can edit the hosts file on the inside box to route (myhost.com to 192.168.1.5). So, if everyone's DNS resolves myhost.com -> 192.171.20.5, then clients anywhere can go to myhost.com:1099 and will be redirected to my internal machine (192.168.1.5:1099).
The problem with this is that the names get translated to IPs and sent back to the client.
Is there a way to keep the names as names, so that both client (using external real-world DNS entries) and server (using local hosts file) can both resolve to the proper IP addresses?
I'm starting server, as follows:
java -Djava.rmi.server.codebase=http://myhost.com/rmi/ -Djava.security.policy=/policypath/policy -Djava.rmi.server.hostname=myhost.com mypkg.myclass
The client connects and gets this message (from a connection exception):
java.rmi.ConnectException: Connection refused to host: 192.168.1.5;Server is running behind a firewall, which runs such
that any machine behind the firewall cannot use the
external IP to get back to itself.I dont really understand this statement.. Machines behind the firewall referring to the external ip would be going to the gateway, not themselves.. Or do you have an internal AND external ip on the machines behind the firewall? Or are we referring to the gateway machine as an internal machine as well as external?
That is:
- outside IP = 192.171.20.5 (port forwards 1099 to
192.168.1.5:1099)
- inside IP = 192.168.1.5 (rmi server listens on
1099)looks good, what kinda OS/firewall? If we're talking linux/ipchains (or iptables) with ip masquerading, I may be of some use to you...
from the machine inside (192.168.1.5), it is
IMPOSSIBLE to create a socket to [outside
ip](192.171.20.5), port 1099, and expect it to get
back to the machine inside--the firewall prohibits
this.If you're on the internal network, why can't you just go for the internal ip addr? If I'm understanding correctly, you want internal dns requests for myhost.com to resolve to 192.168.1.5, and external dns requests to resolve to 192.171.20.5? That should't be a problem...
I -can- use name-based lookups, such that I can edit
the hosts file on the inside box to route (myhost.com
to 192.168.1.5). So, if everyone's DNS resolves
myhost.com -> 192.171.20.5, then clients anywhere can
go to myhost.com:1099 and will be redirected to my
internal machine (192.168.1.5:1099).the hosts file has nothing to do with routing, it's simply a dns-type thing... If your dns is giving external users a 192.168 address as the ip for myhost.com, they will never get to it. 192.168 is not routable on the internet, i think most inet routes will drop packets from 192.168.x.x or 10.x.x.x.
Is there a way to keep the names as names, so that
both client (using external real-world DNS entries)
and server (using local hosts file) can both resolve
to the proper IP addresses?As long as your dns is working correctly, java doesn't care if you use ips or host names.. Hostnames are preferable, so when you change your network around, you wont affect your rmi server.
I'm starting server, as follows:
java -Djava.rmi.server.codebase=http://myhost.com/rmi/
-Djava.security.policy=/policypath/policy
-Djava.rmi.server.hostname=myhost.com mypkg.myclass
The client connects and gets this message (from a
connection exception):
java.rmi.ConnectException: Connection refused to host:
192.168.1.5;Is your server compiled with the 192.171 ip? That's not gonna work, you have to use the same IP the server is running on. I'm still not clear on your network layout, is 192.171.20.5 and 192.168.1.5 the 2 gateway ip's, or is 192.168.1.5 a physically different machine? I'd be willing to bet that your server is compiled with the external address, and if that's not the same machine, then there's no chance of that working....
There's more than port forwarding going on.. IIRC, java rmi keeps track of its own ip's.. A client request to an external ip will not connect to a server running on the internal ip, even if you forward the port, rmi itself doesn't recognize the internal as the ip it's trying to get to (even if it is true), so it bombs out.. This can happen if you run the rmi server on a gateway, and compile the server with the external ip, and try to connect to the internal ip.. If you want external machines to connect, you MUST run the server on an external ip.
Give a little more info, we'll getcha running... I'm also assuming you have full control of your network (ie, firewall/dns)
doug -
How-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device
Dear All
I have a 2504 Wireless Controller with multiple radios attached. I currently have a "private" WLAN configured (taking ip from windows server based DHCP of Range 192.1681.0/24 ) and working, but I need to add a Guest/Public WLAN which should take the IP from Other DHCP Configured on Fortigate UTM of range 172.16.0.0/24.
We have one SG300 switch in the office and the rest are basic switches.
Our firewall/router is a Fortigate UTM 240D
Find the attached network diagram for the issue.
Is there a SIMPLE way to enabling guest access that doesn't require VLANS (or are VLANS easier than I'm making them)?
Thanks.
- See more at: https://supportforums.cisco.com/discussion/12473186/how-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device#sthash.aj1XcWI0.dpufComplete these steps in order to configure the devices for this network setup:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html
Configure Dynamic Interfaces on the WLC for the Guest and Internal Users
Create WLANs for the Guest and Internal Users
Configure the Layer 2 Switch Port that Connects to the WLC as Trunk Port -
What are the limitations of using RMI over http with EJB?
We have a requirement for an intranet application where the majority of the clients
(Swing clients) will be able to connect directly using either T3 or IIOP. However,
there are a number of clients that will need to traverse a firewall.
We could use SOAP, but I dont want to lose the value that RMI gives us (clustering,
security, statefullness support etc). I am thinking of using RMI over http - which
Weblogic supports.
I have been trying to find some documentation on the topic - but havent succeded
so far. What I would like to understand is: What limitations I would have using
RMI over http. Do I lose anything (apart from performance) using http?
Regards,
NickYou will have to enable tunneling on the server side and I have not heard of any
complaints of using it.
Shiva.
Nick Minutello wrote:
In fact, we are not using applets - and its not an internet application. We are
using Java Webstart and Swing on our intranet (the problem of the size of the
weblogic.jar is a pain - but well known)
The question for me is; Apart from performance, are there any limitations to using
RMI over http?
Can we also use JMS over http?
-Nick
Shiva Paranandi <[email protected]> wrote:
"Old wine new bottle".
The biggest problem with the approach of Applets like
stuff connecting to weblogic is the size of the classes that need to
be supplied to the
users. The applets/swing would need a lot of weblogic classes which you
need to
supply as jar file. This file can be in the order of MBs depending on
the
weblogic version. we had a similar kind of problem and migrated the applets
to use
servlets instead of directly invoking ejbs or jms topics etc. Having
the applets
connect
to servlets you would still benefit from the features of clustering etc.
and added to
that
you would reduce the number of remote calls.
Shiva.
Nick Minutello wrote:
We have a requirement for an intranet application where the majorityof the clients
(Swing clients) will be able to connect directly using either T3 orIIOP. However,
there are a number of clients that will need to traverse a firewall.
We could use SOAP, but I dont want to lose the value that RMI givesus (clustering,
security, statefullness support etc). I am thinking of using RMI overhttp - which
Weblogic supports.
I have been trying to find some documentation on the topic - but haventsucceded
so far. What I would like to understand is: What limitations I wouldhave using
RMI over http. Do I lose anything (apart from performance) using http?
Regards,
Nick -
Hi everyone,
I have an applet that uses RMI to communicate with an RMI registry that is on the originating server for the applet. To enable the applet to make RMI calls over port 1099 I have had to modify the policy file of my Java plug-in (to grant socket permissions to the server over port 1099).
My understanding was that applets by default were able to communicate with their originating servers. Is this correct?
I am asking because I want end-users to be able to use this applet in their browsers without having to perform any security configurations. At the moment, if they don't have a Java plug-in, one will be automatically downloaded and installed on their system (which is great). But, as the application currently stands, they will then have to make an additonal step to modify their policy file.
This doesn't seem right to be. Any suggestions?
Thanks in advance.
Kind regards,
Ben DeanyI tried this a couple of years ago. In theory, it should work. If I remember correctly, I believe that the RMI API kept trying to crawl out of the sandbox by doing things that seemed to have no relation to RMI. Finally, I got a certificate and life got much simpler.
-
Client-Server using RMI on Win2000
I have a client server application using RMI that works on Win NT4.0 when I am connected
to a network or when the it is not connected (workstation is client and server).
This same application does not work as a standalone (not connected to network) when running
on Win2000. I've been able to start the server (still under Win2000) by adding a Microsoft
Loopback Adapter but the client do (can) not communicate ( see) the server(s) at all.
Does anyone knows the difference between WinNT4.0 and Win2000 network,
configure Win2000 for client-server on RMI loopback?
Thanks,
IsaganiYes, I did. But let me expand on the problem and observations.
Running under Win2000 and connected to the network and working.
- I use netstat -n (a util ) to see how my application is running when it is working.
The port (1101) the apps uses eventually loops back to the system and the app is able
create the multicast sockets it needs and can join the group. And everyone is happy.
When not connected to the network, port 1101 makes a connection back to the system
but somehow the system breaks the loop back, basically throwing an exception.
I do not these problem with WinNT4.0
Any ideas?
Thanks,
Isagani -
Hello friends.
We have developed an Explorer(Windows style) Using RMI which can browse any client computer (shared/non shared).
It works quite well but we have some problem like not all file/folders
are accessible(though they are visible).
All those interested can help me out.
Source with details are available at
geocities.com/dev.sushant/rmiAs Bob rightly says you may have a problem if the machine you are trying to access is on a corporate network as you will need the permission and help of the network administrator to achieve this.
I assume from your post that there is not a VPN connection set up on the remote PC network. Assuming that you have access to the router on the remote network then you will need to set up portforwarding on it at some point so I suggest you go to this page and see if your router is listed as you will need some instructions if you don't use the software suggested by Bob.
When accessing a remote machine, PC or Mac, I have always used a secure connection to do so and the alternative to a VPN is an SSH tunnel. Unfortunately unlike the Mac Windows doesn't come with SSH server software installed so if you want to go down this route you will have to install and configure this first. I haven't tried this on Windows 7 yet but I have been successful on Windows XP and there are plenty of sites with instructions on how to set this up like this one here. Once the SSH server is set up on the PC and port 22 on your remote router has been forwarded then you can set up a SSH tunnel in the same way as described in my post in this thread http://discussions.apple.com/thread.jspa?messageID=10847513�
Message was edited by: Sean Dale1 -
Configure 5515x firewall in below scenario
Dear all,
I need to configure 5515x firewall in existing network
in existing network two workstations are connected with different vlans in 3750G switch with respective SVIs hence both vlans are communicated with each other.
now we are planing to keep firewall in between switch and 2-workstations.
Note: two workstations are used as fail over for other workstations which are in different vlan.
for better understand find network architecture.....
Thanks in advanceHi,
Firewall is required between VLAN20 and 30, correct?
If yes then there are two ways to add firewall.
1. Add ASA in transparent mode between 20 and 30 VLAN
2. Configure these 2 VLAN SVI on firewall.
Let me know if any quetsions.
Regards
Daljeet Singh -
Dear,
Can anyone tell me when we use RMI-IIOP? When we use RMI-IIOP and
EJB? When will use JSP? When will use servlet?
Sorry for that silly question, but i really want to know it?
kurtAs I know, If using RMI-IIOP, we have to handle lots of stuffs like
connection pool, security...etc.
Am I right?
Kurt
Tom Barnes <[email protected]> wrote in message
news:[email protected]..
>
>
Andy Piper wrote:
RMI-IIOP is useful for:
a) Interop, i.e. between different appservers
b) C++ client integration
Customers also sometimes want it because they have security
restrictions on what protocols they can put through a firewall.
It is also useful for light-weight Java clients. RMI-IIOP clients need
not use the (large) weblogic.jar jar.
Tom -
External Providers when No Firewall is used
Has anyone been successful in implementing YellowBrix portlets into their Portal
pages when not accessing the Internet via a firewall? The process appears to be fairly simple when a firewall is used but following the same instructions when direct access to the internet is available allows the portlets to be displayed in the portlet repository but when trying to use them in a Portal page only a blank page is displayed.Trilby wrote:
Why don't you give us that idea? Try another WM, see if the problem remains.
Also, what is the video card and driver that you are using?
http://pb.abhijeetr.com/CQRP
The issue is not reproducible by a certain way. It happens randomly. Using a new WM will require configuring it and it takes time. That's why I got lazy. I'll have to use it for a few days and see if I see any issues. If that's the only thing I can do, I'll certainly do that. -
HT200259 Configuring adaptive firewall for VNC and RDP connections
Hello, I'm using Yosemite with OSX Server. Is there a way of configuring adaptive firewall for VNC and RDP connections?
Apple has never documented what the adaptive firewall really does, as far as I know. It seems that the built-in network services send it some kind of notification whenever there is a connection attempt. The Screen Sharing service is one of those, so it should be protected. There is no built-in RDP service, so if you somehow added one, it would not be protected.
-
Pass Swing components as parameters using RMI
My question is this. Suppose I have a server and a server configuration tool in the same LAN. Suppose I have JPanels assigned to each component of the server as configuration panes. Can I pass the JPanel to the configuration tool from the server depending upon the component selected to be configured.
Simply the question is can I pass a swing component (provided all the components inside this Swing components will be Serializable) as a parameter to another machine using RMI.
Some people say this is not possible because Swing components are not serializable but when I looked in the javadocs most of the Swing components are serializable.
eg. JPanel, JButton, etc.Hi
I tnxk is possible, because the only condition is the params must be serializable.
If you look at JPanel code you can see :
* JPanel is a generic lightweight container.
* <p>
* <strong>Warning:</strong>
* Serialized objects of this class will not be compatible with
* future Swing releases. The current serialization support is appropriate
* for short term storage or RMI between applications running the same
* version of Swing. A future release of Swing will provide support for
* long term persistence. -
Is there any problems in IE if using RMI.?
Hello buddies,
this is my 3rd attempt to get answer. before it i tried 2 times but didn't get answered.
actually i m making a chat application. in that there is a canvas on which we can draw something and send it to all users. i make an applet and from within the applet i m calling a frame. all this awt components like canvas and buttons etc. displays in the frame. applet is just a platform do call the frame. i m using RMI to do the chat. i tried to run it first in appletviewer and it works fine. but when i tried to run in IE from <applet> tag no frame is displays. i am trying to solve it from last 20 days but still unsolved. here is the code if anybody wishes to try it.
// clinet frame...
import java.rmi.*;
import java.rmi.server.*;
import canvas.Drawer;
import java.awt.*;
import java.applet.*;
import java.applet.Applet;
import java.awt.event.*;
import java.util.*;
import ru.zhuk.graphics.*;
/*<applet code="ChatClient" width=600 height=300>
</applet>
public class ChatClient extends Frame implements IChatClient,ActionListener,MouseListener,MouseMotionListener
// GLOBAL VARIABLES USED IN THE PROGRAMME...
boolean flag=false;
int n;
String str="";
String Coord=null;
IChatService service=null;
FrameApplet fa=null;
TextField servername,serverport,username;
Button connect,disconnect;
TextField message;
Button send,sendText;
TextArea fromserver;
int i=0,j=0;
int x[] = new int[1000];
int y[] = new int[1000];
Drawer canvas;
boolean connected=false;
String title,user="";
// Class Members //
public ChatClient()
public ChatClient(String str)
super(str);
setBounds(50,20,600,450);
setLayout(new FlowLayout(FlowLayout.CENTER,45,10));
title=str;
setStatus();
// Create controls //
add(new Label("Chat Server Name : "));
servername=new TextField(20);
add(servername);
servername.setText("localhost");
add(new Label("Chat Server Port : "));
serverport=new TextField(20);
add(serverport);
serverport.setText("900");
add(new Label("Your User Name : "));
username=new TextField(20);
add(username);
username.setText("Umesh");
connect=new Button("Connect");
connect.addActionListener(this);
add(connect);
disconnect=new Button("Disconnect");
disconnect.addActionListener(this);
add(disconnect);
message=new TextField(30);
add(message);
sendText=new Button("Send Text");
sendText.addActionListener(this);
add(sendText);
fromserver=new TextArea(10,50);
add(fromserver);
fromserver.setEditable(false);
canvas = new Drawer();
canvas.setSize(250,250);
canvas.setBackground(Color.cyan);
add(canvas);
canvas.addMouseListener(this);
canvas.addMouseMotionListener(this);
send=new Button("Send");
send.addActionListener(this);
add(send);
try
UnicastRemoteObject.exportObject(this);
catch(Exception e)
setVisible(true);
for(j=0;j<1000;j++)
x[j]=0;
y[j]=0;
Coord = new String();
Coord = "";
// fa=new FrameApplet();
public void mousePressed(MouseEvent me){}
public void mouseReleased(MouseEvent me)
Coord = Coord + "r";
public void mouseClicked(MouseEvent me){}
public void mouseEntered(MouseEvent me){}
public void mouseExited(MouseEvent me){}
public void mouseDragged(MouseEvent me)
if (Coord == "")
Coord = me.getX() + "," + me.getY();
else
Coord = Coord + " " + me.getX() + "," + me.getY();
public void mouseMoved(MouseEvent me){}
// RMI connection //
private void connect()
try
service = (IChatService)Naming.lookup("rmi://pcname/ChatService");
service.addClient(this);
connected=true;
setStatus();
user=username.getText();
Coord = "";
catch(Exception e)
fromserver.append("Error Connecting ...\n" + e);
System.out.println(e);
connected=false;
setStatus();
service=null;
private void disconnect()
try
if(service==null)
return;
service.removeClient(this);
service=null;
catch(Exception e)
fromserver.append("Error Connecting ...\n");
finally
connected=false;
setStatus();
private void setStatus()
if(connected)
setTitle(title+" : Connected");
else
setTitle(title+" : Not Connected");
// IChatClient methods //
public String getName()
return user;
public void sendMessage(String msg)
fromserver.append(msg+"\n");
public void SendCanvasObject(String str)
this.str = str;
fromserver.append(str + "\n");
Graphics g = canvas.getGraphics();
paint(g);
// Actionlistener //
public void actionPerformed(ActionEvent e)
if(e.getSource()==connect)
connect();
if(connected)
servername.setEnabled(false);
serverport.setEnabled(false);
username.setEnabled(false);
connect.setEnabled(false);
Coord = "";
else
if(e.getSource()==disconnect)
disconnect();
servername.setEnabled(true);
serverport.setEnabled(true);
username.setEnabled(true);
connect.setEnabled(true);
else
if(e.getSource()==send)
flag = true;
if(service==null)
return;
try
fromserver.append("Sending an image...\n");
service.SendCanvasObject(this,Coord);
i=0;
for(j=0;j<1000;j++)
x[j]=0;
y[j]=0;
Coord = "";
fromserver.append("\n" + "Image Sent...");
catch(RemoteException re)
fromserver.append("Error Sending Message ...\n" + re);
catch(Exception ee)
fromserver.append("Error Sending Message ...\n" + ee);
else
if(e.getSource()==sendText)
if(service==null)
return;
try
service.sendMessage(this,message.getText());
message.setText("");
catch(RemoteException exp)
fromserver.append("Remote Error Sending Message ...\n" + exp);
catch(Exception ee)
fromserver.append("Error Sending Message ...\n" + ee);
public void paint(Graphics g)
if(flag==true)
i=0;
StringTokenizer stoken = new StringTokenizer(str,"r");
String strin = "";
while(stoken.hasMoreTokens())
strin = stoken.nextToken();
fromserver.append("\n" + strin + "\n");
StringTokenizer stoken1 = new StringTokenizer(strin," ");
String strin1 = "";
j=0;
while(stoken1.hasMoreTokens())
strin1 = stoken1.nextToken();
fromserver.append("\n" + strin1 + "\n");
x[j]=Integer.parseInt(strin1.substring(0,strin1.indexOf(",")));
y[j]=Integer.parseInt(strin1.substring(strin1.indexOf(",")+1,strin1.length()));
j++;
for(int k=0;k<j-1;k++)
g.drawLine(x[k],y[k],x[k+1],y[k+1]);
i++;
import java.rmi.*;
import java.rmi.server.*;
import canvas.Drawer;
import java.util.*;
import ru.zhuk.graphics.*;
import java.awt.*;
import java.awt.event.*;
import java.applet.*;
public class FrameApplet extends Applet implements ActionListener
ChatClient f;
public void init()
Button b = new Button("Start Chat");
b.addActionListener(this);
add(b);
public void actionPerformed(ActionEvent ae)
f=new ChatClient("Chat");
f.show();
f.setSize(400,400);
here is html file which i calls from IE
<html>
<title>Micky Chat</title>
<body>
<br>
<br>
<center>
<applet code="FrameApplet.class" width=200 height=200>
</applet>
</center>
</body>
</html>
and at last a shocking thing is it is runs in Netscape displaying frames but not calling paint method.
pls. help me
thanks a lot
umeshHi Umesh!
Sorry that I cannot be too concrete about that since it has to be centuries ago when I fell over this problem.
As far as I can remember, the JDK provided by MS has no RMI built-in. These was probably one of the main reasons why Sun sued Microsoft concering its handling of Java.
Afterwards MS released a path for its Java Runtime that included RMI support, but AFAIK they never included it in the standard package. So much luck when searching for the ZIP! (-;
A little bit of googling might help, e.g.:
http://groups.google.com/groups?hl=de&lr=&ie=UTF-8&oe=UTF-8&threadm=37f8ddf6.4532124%40news.online.no&rnum=17&prev=/groups%3Fq%3Dmicrosoft%2Bjvm%2Brmi%2Bsupport%26start%3D10%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3D37f8ddf6.4532124%2540news.online.no%26rnum%3D17
cheers,
kdi -
I gave my old iPad to my daughter without restoring it to original configuration, how can she use it with her iTunes?
try
http://support.apple.com/kb/ht2589
Maybe you are looking for
-
The support page is ridiculous, it assumes you already have Firefox and that the install went fine. I am having trouble with an update to Version 4. I have an ibook G4 running OS X. I have used Firefox for years. When I downloaded the update, the Fir
-
Where can I get a really low-priced iPhone 3G case?
Where can I buy a high quality, good, preferably new, iPhone 3G case that is very low in price? I'm talking below $5. Thanks. Remember, I want a *high quality* case that will last a while and will actually *protect my phone*. And try to give me somet
-
MySQL temp tables or Calling Stored procedures in CS4
I need to filter a result set by username before performing a LEFT JOIN and including OR IS NULL rows. The SQL works from from the mysqli client, by either creating a temp table using "create temporary table temp_appts select * from..." Or by creat
-
Importing EDLs and Reconnecting Media... Who can answer this question?
Hi, happy holidays! What am I missing here: I have an EDL with in and out points from a number of different source files. I import the EDL in Final Cut Pro as a sequence. I click on the sequence. The edit decisions can be seen in the timeline, with a
-
Multiple service deployment in Axis
Hi I am using Axis 2.0 as a web service platform for my application. The following is what I am trying to do. 1) I am generating the server side codes from WSDL using WSDL2Java tool. 2) Then using the generated codes I have developed my application.