Re: Limiting RMI to localhost
On Jul 1, 12:57 am, Tom Anderson <t...@urchin.earth.li> wrote:
On Mon, 30 Jun 2008, Gordon Beaton wrote:
On Mon, 30 Jun 2008 18:49:01 +0100, Tom Anderson wrote:
On Mon, 30 Jun 2008, Ronny Schuetz wrote:
Can't you setup to RMI server socket to explicitly listen on
localhost:<your port>? This way it shouldn't be accessible from outsi=
de.
A server socket bound to localhost will be able to receive
connections from outside.
A ServerSocket bound to a particular address can *only* accept
connections that arrive on the corresponding interface. If that address
is 127.0.0.1 then any remote connection attempts will result in
"connection refused". No firewall is necessary.
Aha! Of course! When Ronny said "localhost", i was thinking
InetAddress.getLocalHost(), which is (usually?) a proper interface, and
therefore accessible. But you read it, as he must have meant it, as
meaning the loopback interface. And absolutely, that's not accessible to
the outside world. Very clever, and rather obvious in retrospect.
I still think an AF_UNIX solution would be cool, though :).
tom
--
It's odd to discover your quips in other people's .sig files. --
Benjamin Rosenbaum
Thanks all for your help!
I tried to implement custom socket factory and failed to bind the
object.
Is there any special thing I need to do in custom factory
implementation?
The factory code (it failed even when I just created the socket
without binding):
private static class LocalhostRMISocketFactory extends
RMISocketFactory {
@Override
public ServerSocket createServerSocket(int port) throws IOException {
InetAddress addr = InetAddress.getByName("127.0.0.1");
ServerSocket socket = new ServerSocket(port, 0, addr);
return socket;
}
@Override
public Socket createSocket(String host, int port) throws IOException
{
return new Socket(host, port);
}
}
The exporting code:
MyRmiInterface stubObj = (MyRmiInterface)
UnicastRemoteObject.exportObject
(this, 0, RMISocketFactory.getDefaultSocketFactory(),
new LocalhostRMISocketFactory());
The registry.rebind call failed with:
java.rmi.MarshalException: error marshalling arguments; nested
exception is:
java.io.NotSerializableException:
sun.rmi.transport.proxy.RMIMasterSocketFactory
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at project.rmi.RmiImpl.init(RmiImpl.java:134)
at project.core.Core.init(Core.java:465)
at project.core.Core.main(Core.java:247)
Caused by: java.io.NotSerializableException:
sun.rmi.transport.proxy.RMIMasterSocketFactory
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:
1156)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:
326)
at sun.rmi.transport.tcp.TCPEndpoint.write(TCPEndpoint.java:511)
at sun.rmi.transport.LiveRef.write(LiveRef.java:257)
at sun.rmi.server.UnicastRef2.writeExternal(UnicastRef2.java:48)
at java.rmi.server.RemoteObject.writeObject(RemoteObject.java:363)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp=
l.java:
25)
at java.lang.reflect.Method.invoke(Method.java:597)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:
945)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:
1461)
at
java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:
1392)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:
1150)
at
java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:
1509)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:
1474)
at
java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:
1392)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:
1150)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:
326)
... 5 more