How do I ensure that RMI uses only a specific set of ports?
Asked Answered
L

4

10

In our application, we are using RMI for client-server communication in very different ways:

  1. Pushing data from the server to the client to be displayed.
  2. Sending control information from the client to the server.
  3. Callbacks from those control messages code paths that reach back from the server to the client (sidebar note - this is a side-effect of some legacy code and is not our long-term intent).

What we would like to do is ensure that all of our RMI-related code will use only a known specified inventory of ports. This includes the registry port (commonly expected to be 1099), the server port and any ports resulting from the callbacks.

Here is what we already know:

  1. LocateRegistry.getRegistry(1099) or Locate.createRegistry(1099) will ensure that the registry is listening in on 1099.
  2. Using the UnicastRemoteObject constructor / exportObject static method with a port argument will specify the server port.

These points are also covered in this Sun forum post.

What we don't know is: how do we ensure that the client connections back to the server resulting from the callbacks will only connect on a specified port rather than defaulting to an anonymous port?

EDIT: Added a longish answer summarizing my findings and how we solved the problem. Hopefully, this will help anyone else with similar issues.

SECOND EDIT: It turns out that in my application, there seems to be a race condition in my creation and modification of socket factories. I had wanted to allow the user to override my default settings in a Beanshell script. Sadly, it appears that my script is being run significantly after the first socket is created by the factory. As a result, I'm getting a mix of ports from the set of defaults and the user settings. More work will be required that's out of the scope of this question but I thought I would point it out as a point of interest for others who might have to tread these waters at some point....

Lampion answered 11/9, 2008 at 14:31 Comment(0)
A
4

You can do this with a custom RMI Socket Factory.

The socket factories create the sockets for RMI to use at both the client and server end so if you write your own you've got full control over the ports used. The client factories are created on the server, Serialized and then sent down to the client which is pretty neat.

Here's a guide at Sun telling you how to do it.

Allusive answered 11/9, 2008 at 14:36 Comment(5)
Yes, but then you need the class available on the client as well as the server. I know this is do'able, but its pretty annoying. Is there any way to avoid this ?Aldarcie
If I remember correctly - it's a number of years since I did this - you don't need the class on the client. The SocketFactory Interface is on the client which is all you need, the class is Serialised and sent down from the server which is what makes it so neat.Allusive
Link is broken, but here is a good example: netcluesoft.com/rmi-through-a-firewall.htmlUnkind
This looks like Oracle's equivalent of the old link: docs.oracle.com/javase/7/docs/technotes/guides/rmi/…Interruption
You can do it with an RMIServerSocketFactory, but this is taking a hammer to crack a nut. The port number can be specified when exporting.Shirlyshiroma
S
2

You don't need socket factories for this, or even multiple ports. If you're starting the Registry from your server JVM you can use port 1099 for everything, and indeed that is what will happen by default. If you're not starting the registry at all, as in a client callback object, you can provide port 1099 when exporting it.

The part of your question about 'the client connections back to the server resulting from callbacks' doesn't make sense. They are no different from the original client connections to the server, and they will use the same server port(s).

Shirlyshiroma answered 20/5, 2016 at 22:25 Comment(0)
L
1

Summary of the long answer below: to solve the problem that I had (restricting server and callback ports at either end of the RMI connection), I needed to create two pairs of client and server socket factories.

Longer answer ensues:

Our solution to the callback problem had essentially three parts. The first was the object wrapping which needed the ability to specify that it was being used for a client to server connection vs. being used for a server to client callback. Using an extension of UnicastRemoteObject gave us the ability to specify the client and server socket factories that we wanted to use. However, the best place to lock down the socket factories is in the constructor of the remote object.

public class RemoteObjectWrapped extends UnicastRemoteObject {
// ....
private RemoteObjectWrapped(final boolean callback) throws RemoteException {
  super((callback ? RemoteConnectionParameters.getCallbackPort() : RemoteConnectionParameters.getServerSidePort()),
        (callback ? CALLBACK_CLIENT_SOCKET_FACTORY : CLIENT_SOCKET_FACTORY),
        (callback ? CALLBACK_SERVER_SOCKET_FACTORY : SERVER_SOCKET_FACTORY));
}
// ....
}

So, the first argument specifies the part on which the object is expecting requests, whereas the second and third specify the socket factories that will be used at either end of the connection driving this remote object.

Since we wanted to restrict the ports used by the connection, we needed to extend the RMI socket factories and lock down the ports. Here are some sketches of our server and client factories:

public class SpecifiedServerSocketFactory implements RMIServerSocketFactory {
/** Always use this port when specified. */
private int serverPort;
/**
 * @param ignoredPort This port is ignored.  
 * @return a {@link ServerSocket} if we managed to create one on the correct port.
 * @throws java.io.IOException
 */
@Override
public ServerSocket createServerSocket(final int ignoredPort) throws IOException {
    try {
        final ServerSocket serverSocket = new ServerSocket(this.serverPort);
        return serverSocket;
    } catch (IOException ioe) {
        throw new IOException("Failed to open server socket on port " + serverPort, ioe);
    }
}
// ....
}

Note that the server socket factory above ensures that only the port that you previously specified will ever be used by this factory. The client socket factory has to be paired with the appropriate socket factory (or you'll never connect).

public class SpecifiedClientSocketFactory implements RMIClientSocketFactory, Serializable {
/** Serialization hint */
public static final long serialVersionUID = 1L;
/** This is the remote port to which we will always connect. */
private int remotePort;
/** Storing the host just for reference. */
private String remoteHost = "HOST NOT YET SET";
// ....
/**
 * @param host The host to which we are trying to connect
 * @param ignoredPort This port is ignored.  
 * @return A new Socket if we managed to create one to the host.
 * @throws java.io.IOException
 */
@Override
public Socket createSocket(final String host, final int ignoredPort) throws IOException {
    try {
        final Socket socket = new Socket(host, remotePort);
        this.remoteHost = host;
        return socket;
    } catch (IOException ioe) {
        throw new IOException("Failed to open a socket back to host " + host + " on port " + remotePort, ioe);
    }
}
// ....
}

So, the only thing remaining to force your two way connection to stay on the same set of ports is some logic to recognize that you are calling back to the client-side. In that situation, just make sure that your factory method for the remote object calls the RemoteObjectWrapper constructor up top with the callback parameter set to true.

Lampion answered 19/11, 2008 at 19:39 Comment(1)
You don't need the server socket factory. Just specify the port when exporting the object.Shirlyshiroma
C
0

I've been having various problems implementing an RMI Server/Client architecture, with Client Callbacks. My scenario is that both Server and Client are behind Firewall/NAT. In the end I got a fully working implementation. Here are the main things that I did:

Server Side , Local IP: 192.168.1.10. Public (Internet) IP 80.80.80.10

On the Firewall/Router/Local Server PC open port 6620. On the Firewall/Router/Local Server PC open port 1099. On the Router/NAT redirect incoming connections on port 6620 to 192.168.1.10:6620 On the Router/NAT redirect incoming connections on port 1099 to 192.168.1.10:1099

In the actual program:

System.getProperties().put("java.rmi.server.hostname", IP 80.80.80.10);
MyService rmiserver = new MyService();
MyService stub = (MyService) UnicastRemoteObject.exportObject(rmiserver, 6620);
LocateRegistry.createRegistry(1099);
Registry registry = LocateRegistry.getRegistry();
registry.rebind("FAManagerService", stub);

Client Side, Local IP: 10.0.1.123 Public (Internet) IP 70.70.70.20

On the Firewall/Router/Local Server PC open port 1999. On the Router/NAT redirect incoming connections on port 1999 to 10.0.1.123:1999

In the actual program:

System.getProperties().put("java.rmi.server.hostname", 70.70.70.20);
UnicastRemoteObject.exportObject(this, 1999);
MyService server = (MyService) Naming.lookup("rmi://" + serverIP + "/MyService ");

Hope this helps. Iraklis

Consanguineous answered 16/3, 2010 at 14:25 Comment(3)
You could have used port 1099 for everything. You should delete your other answer. Code here doesn't compile.Shirlyshiroma
@EJP Are you sure 1099 can be used for both RMI Registry lookup and actual RMI Remote Service calls also? Thanks.Evulsion
@sv. Yes, because this answer's tRegistry is running in the same JVM as all the remote objects: not otherwise.Shirlyshiroma

© 2022 - 2024 — McMap. All rights reserved.