I think you should ask for that
on a jacorb list....
having discovered corba support incidentaly in jboss,
with the FAQ saying IIOP is not supported
(true in the sens that EJB are not yet invokable through corba), having
patche jboss-iiop myself to make it
work lik I want, I know
that corba is not yet well known by jboss community.
jacorb community should be more aware of firewall subtleties,
as TAO community should also be...
note that jacorb can impose the listening port
of the object adapter (the server!).
you may also play with the socketfactory
in connectionmanager.java
a small patch may let you create a custom connectio manager
that could restrict the binding point to a port range
the constructor in ConnectionManager
could be changes to that (not tested yet):
public ConnectionManager( ORB orb )
{
this.orb = orb;
// AC: support custom socket factory...
// we should also provide a firewall oriented constrained socketfactory
// another idea could be to set it as default and allow it to be configured
if needed
if( Environment.isPropertyOn( "jacorb.net.socket_factory" ))
{
String s = Environment.getProperty( "jacorb.net.socket_factory"
);
if( s == null || s.length() == 0 )
{
throw new RuntimeException( "SSL support is on, but the
property \"jacorb.ssl.socket_factory\" is not set!" );
} try
{
Class sf = Class.forName( s );
Constructor constr = sf.getConstructor( new Class[]{
ORB.class });
socket_factory = (SocketFactory)
constr.newInstance( new Object[]{ orb });
}
catch (Exception e)
{
Debug.output( Debug.IMPORTANT | Debug.ORB_CONNECT,
e );
throw new RuntimeException( "SSL support is on, but the ssl
socket factory can't be instanciated (see trace)!" );
}
} else { //AC: the usual socket factory
// the bes way could be not to have such a default inner class socketfactory
// but to have a default value for jacorb.net.socket_factory if not set.
socket_factory = new SocketFactory(){
public Socket createSocket( String host,
int port )
throws IOException, UnknownHostException
{
return new Socket( host, port );
}
public boolean isSSL( Socket socket )
{
//this factory doesn't know about ssl
return false;
}
};
}
... continue...
you may set the folling in jacorb.properties
jacorb.net.socket_factory=org.jacorb.orb.factory.PortRangeSocketFactory
jacorb.net.socket_factory.port.min=7100
jacorb.net.socket_factory.port.max=7199
the PortRangeSocketFactory should return a new Socket(host,port, localPort)
with localPort beeing iterated through the range until
the new socket works...
the range should be obtained by reading jacorb env portmin and max
or with a smarter parser that could analyse complex range like:
jacorb.net.socket_factory.port.range=2048-2200,3000,4003-4008
package org.jacorb.orb.factory;
import java.io.*;
import java.net.*;
import java.util.*;
import java.lang.reflect.Constructor;
import org.jacorb.orb.*;
import org.jacorb.orb.factory.*;
import org.jacorb.util.*;
public class PortRangeSocketFactory implements SocketFactory {
ORB orb;
int portMin=0;
int portMax=0;
PortRangeSocketFactory(ORB anOrb) throws
RuntimeException {
this.orb=anOrb;
String sMin=Environment.getProperty(
"jacorb.net.socket_factory.port.min" ) ;
String sMax=Environment.getProperty(
"jacorb.net.socket_factory.port.max" );
if(sMin==null )
throw new RuntimeException( "PortRangeSocketFactory
: jacorb.net.socket_factory.port.min propery not set" );
else try {
portMin=(int)Integer.decode(sMin);
} catch(NumberFormatException ex) {
throw new RuntimeException(
"jacorb.net.socket_factory.port.min invalid number '"+sMin+"':"+ex );
}
if(portMin<0) portMin+=65536;
if(portMin<=0 || portMin>65535)
throw new RuntimeException(
"jacorb.net.socket_factory.port.min invalid port number '"+portMin+"'" );
if(sMax==null )
portMax=65535;
else try {
portMax=(int)Integer.decode(sMax);
} catch(NumberFormatException ex) {
throw new RuntimeException(
"jacorb.net.socket_factory.port.max invalid number '"+sMax+"':"+ex );
}
if(portMaw<0) portMax+=65536;
if(portMax<=0 || portMax>65535)
throw new RuntimeException(
"jacorb.net.socket_factory.port.max invalid port number '"+portMax+"'" );
}
public Socket createSocket( String host,
int port )
throws IOException, UnknownHostException
{
if(portMin==0) // ac: case where there is no range... in
fact
{
return new Socket( host, port );
}
for(int
localport=portMin;localport<=portMax;localport++)
{
try {
Socket socket=new Socket( host, port,localport );
return socket;
} catch (BindException ex) { // ignore and continue
}
}
throw new BindException("PortRangeSocketFactory : no
free port between "+portMin+" and "+portMax);
}
public boolean isSSL( Socket socket )
{
//this factory doesn't know about ssl
return false;
}
}
if it get to work (might not compile since I've not tested)
could you send me the working code
or transmit it directly to jacorb support as a proposed patch...
> -----Message d'origine-----
> De: Johnson, Lance [mailto:[EMAIL PROTECTED]]
> Date: vendredi 11 janvier 2002 00:16
> �: [EMAIL PROTECTED]
> Objet: [JBoss-user] Firewall options
> Importance: Haute
>
>
> I have some questions about strategies for avoiding firewall
> issues with
> CORBA. I understand that there is several techniques
> included with JacORB
> that allow for firewall transversal such as the HTTP tunneling and the
> Appligator but they don't seem like they fit our needs. The
> issues we have
> with firewalls in our application has to do with blocked ports. I
> understand HTTP tunneling is good for this, but it is only
> compatible with
> other JacORB objects. This is not going to work for us
> because we us TAO on
> our server. I also noticed in the documentation that the
> Appligator creates
> a proxy type object that will filter requests through a given
> port. This
> sounds like what we need, but I am not sure how interoperable
> it is between
> ORBs. Does JacOrb have the smarts built into it so that when
> it is using
> the Appligator it will create IORs and requests that can be
> sent to TAO
> objects and vice versa?
>
> We ideally would like to use BiDirectional IIOP, but the OCI
> version of TAO
> we are currently using does not support this. In our OCI
> version of TAO
> (Hopefully this will be in subsequent releases of TAO from
> the DOC group)
> there is an option for restricting the ORB to use a given
> port range for
> connections. Is there any way to perform something similar to this in
> JacORB? Having both TAO and JacORB configured in this manner
> would allow us
> to open just a range of ports in the firewall that all ORB
> communication
> would travel. Anyone have any ideas on how to get TAO and
> JacORB to work
> when firewalls are in the mix?
>
> Lance Johnson
> [EMAIL PROTECTED]
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
