Firewall [SOLVED]: How can I restrict Java RMI to a specific interface?

Firewall [SOLVED]: How can I restrict Java RMI to a specific interface?

Home Forums Firewall Firewall [SOLVED]: How can I restrict Java RMI to a specific interface?

Tagged: , ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #32028

    Anonymous

    QuestionQuestion

    We have two interfaces on our product one that is customer facing and an internal interface. Is it possible to have the rmi only operate on a particular interface such as the loopback or do we need to use firewall rules to prevent access?

    Is there a way to have the server bind only to request from a specified interface? I found this property that can be set on the server, does this prevent external request?

    -Djava.rmi.server.hostname=127.0.0.1

    Is there a way to have the rmiregistry select the interface it listens on like mysql’s bind option?

    This question seems related but I’m hoping for a simpler answer:
    Java RMI: How can I restrict RMI method to only be called internally by the client object

    #32029

    Anonymous

    Accepted AnswerAnswer

    I found this property that can be set on the server, does this prevent external request?

    -Djava.rmi.server.hostname=127.0.0.1
    

    That property controls what IP address is placed into the stubs of remove objects exported from this JVM. If you want to restrict those to clients of ‘localhost’ setting this would actually work, but it isn’t a great solution.

    You would have to export the remote object with an RMIServerSocketFactory that creates ServerSockets bound to the specific IP address you want.

    Is there a way to have the rmiregistry select the interface it listens on like mysql’s bind option?

    Same answer. You would have to export the Registry yourself, via LocateRegistry.createRegistry(int port, RMIServerSocketFactory ssf, RMIClientSocketFactory csf). csf can be null of course.

    Make sure your RMIServerSocketFactory has a sensible implemenation of equals() if you use more than one instance of it in your exporting JVM, e.g. that as long as the bind IP address is the same they are equal.

    This question seems related

    It isn’t.

    Source: https://stackoverflow.com/questions/46988818/how-can-i-restrict-java-rmi-to-a-specific-interface
    Author: EJP
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.