Jeffrey,
Using CORBA through the firewalls is the right approach, as no attempt
has been made to develop RMI proxies. You need to evaluate the
feasibility of accessing Weblogic EJBs using IIOP, which is implemented
using Visibroker. Visi provides an IIOP proxy today, which is going to
implement the OMG Firewall spec in its forthcoming release. Once this
plumbing is in place, you can have a rich, stateful client.
Implementation of CORBA Firewall spec, full support of IIOP in the EJB
products and implementation of rich authentication and authroizatoin in
EJB servers should mature over the next year.
You can access my JavAus99 presentation "Enhancing Enterprise Firewall
for Java, CORBA and EJBs" from my web page http://talk.to/rajeev.
Rajeev
Jeffrey Vagg wrote:
>
> Hi,
>
> I am not sure if this is the best alias for this. Although it is based
> around accessing EJB through a DMZ.
>
> I am working on an application that has a DMZ configuration between the
> intranet and the Internet. I am currently implementing an intranet EJB
> solution using Weblogic that has no issues with firewalls because it
> doesn't go through them. However, there is another application that I
> am starting to gather requirements for. The client from this
> application will be located on the other side of the outer DMZ firewall,
> the Internet. I am not sure if the client will be HTML or Java. The
> outer firewall only has port 80 open while the inner firewall has one or
> two ports open for this application. In the DMZ I currently have
> Netscape Enterprise Web Server.
>
> If I want to reuse some of the EJB services that I created previously,
> what would be the suggested config? Is it possible to have a Java
> client and use JNDI/EJB through a DMZ? I assume that callbacks would
> not be permitted which would disallow the use of such things as JMS. Is
> this correct? Does anyone know if Weblogic has a solution for this? I
> know that Sun's JDK does HTTP tunneling. Does Weblogic's RMI do the
> same thing and how does this apply to EJB?
>
> I am leaning towards an HTML client and use servlets/JSP. It sounds as
> if there is too many problems with RMI through the firewall. Although I
> would like a more stateful client for my customers. Also I am not sure
> if the JNDI lookup would work because the Weblogic URL is t3://....
> which does not have the http protocol in it. The web server / servlet
> engine in the DMZ can either process the request or act as a proxy
> through the inner firewall.
>
> Any comments or suggestions would be appreciated.
>
> Thanks
> Jeff Vagg
begin:vcard
n:Arora;Rajeev
x-mozilla-html:FALSE
org:Systemsmiths (www.systemsmiths.com.au)
version:2.1
email;internet:[EMAIL PROTECTED]
title:Principal
tel;fax:+61 3 9803-2133
tel;work:+61 3 9803-2133
adr;quoted-printable:;;3 Clarinda Court=0D=0AVermont South;Melbourne;Victoria;3133;Australia
x-mozilla-cpt:;0
fn:Rajeev Arora
end:vcard
S/MIME Cryptographic Signature
