RMI and open ports. How to prevent ports opening on server host.
tariq hasnain
box.
It is expilicitly desired that the box does not open and start
listening
on any port from outside. However disabling the security seems to
automatically
open port 10xx and starts listening. I have looked at the java policy
files
but they all mentioned how to enable the box to use ports above 1023.
How
can I specify the java.policy that keeps the box from opening a port.
If
it all, the box should open a port on the localhost 127.0.0.1 and not
for the outside clients. To play around this idea I compiled a small
java
program from sun.java.com at this url:::
http://java.sun.com/docs/books/tutorial/rmi/running.html
In order to see what affect I get with no security, I had the
following
entry in my java.security file:
grant {
// Allow everything for now
permission java.security.AllPermission;
};
TO begine with, I was getting errors like this:
ComputeEngine exception: access denied (java.net.SocketPermission host
resolve)
java.security.AccessControlException: access denied
(java.net.SocketPermission host resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1042)
at java.net.InetAddress.getAllByName0(InetAddress.java:559)
at java.net.InetAddress.getAllByName0(InetAddress.java:540)
at java.net.InetAddress.getByName(InetAddress.java:449)
at java.net.Socket.<init>(Socket.java:100)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:25)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:120)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:499)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:190)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:174)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:318)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:160)
at engine.ComputeEngine.main(ComputeEngine.java:25)
***************************************************************
I changed the host setting as follows:
***************************************************************
public static void main(String[] args) {
if (System.getSecurityManager() == null) {
System.setSecurityManager(new RMISecurityManager());
}
// *** changed ***
// from String name = "//host/Compute";
//************ to **************
String name = "//localhost/Compute";
try {
Compute engine = new ComputeEngine();
Naming.rebind(name, engine);
System.out.println("ComputeEngine bound");
} catch (Exception e) {
System.err.println("ComputeEngine exception: " +
e.getMessage());
e.printStackTrace();
}
I hope this would open a port on the local host but now I am getting
exceptions like this:
compute.jar -Djava.security.policy=/home/ann/.java.policy
engine.ComputeEngines/c
ComputeEngine exception: RemoteException occurred in server thread;
nested exception is:
java.rmi.UnmarshalException: error unmarshalling arguments;
nested exception is:
java.lang.ClassNotFoundException: engine.ComputeEngine_Stub
java.rmi.ServerException: RemoteException occurred in server thread;
nested exception is:
java.rmi.UnmarshalException: error unmarshalling arguments;
nested exception is:
java.lang.ClassNotFoundException: engine.ComputeEngine_Stub
java.rmi.UnmarshalException: error unmarshalling arguments; nested
exception is:
java.lang.ClassNotFoundException: engine.ComputeEngine_Stub
java.lang.ClassNotFoundException: engine.ComputeEngine_Stub
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:245)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:220)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:354)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:160)
at engine.ComputeEngine.main(ComputeEngine.java:26)
Can someone tell me why I am getting these errors and how I
can get it to not open any port except on the localhosts.
Thanks,
Tariq Hasnain