You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@jackrabbit.apache.org by sbarriba <sb...@yahoo.co.uk> on 2007/11/22 13:24:35 UTC

Anonymous port used by JackRabbit RMI not-firewall friendly

Hi all,

We've noticed when trying to access JackRabbit over RMI that opening port
1098 is not sufficient.

As org.apache.jackrabbit.rmi.server.ServerObject uses the anonymous
constructor for UnicastRemoteObject
(http://java.sun.com/j2se/1.4.2/docs/api/java/rmi/server/UnicastRemoteObject
.html) the repository RMI object opens a 2nd port which changes continually
e.g. 54228 etc.

This means that JackRabbit RMI cannot be configured securely through a
firewall.

 

As a test we modified the constructor of ServerObject to use

 

protected ServerObject(RemoteAdapterFactory factory)

            throws RemoteException {

                              super(1198);

        this.factory = factory;

    }

 

This allowed us to open ports 1098 and 1198 only.

 

This would suggest that an additional configuration setting should be added
to a) avoid using anonymous ports and b) allow this port to be externally
configured.

 

Thoughts?

Regards,

Shaun

Re: Anonymous port used by JackRabbit RMI not-firewall friendly

Posted by Jukka Zitting <ju...@gmail.com>.

Hi,

On Nov 22, 2007 2:24 PM, sbarriba <sb...@yahoo.co.uk> wrote:
> This would suggest that an additional configuration setting should be added
> to a) avoid using anonymous ports and b) allow this port to be externally
> configured.

You're right, that would be a nice feature. In fact we already have a
related feature request in
https://issues.apache.org/jira/browse/JCR-781 and did some work
towards implementing it, but see the issue comments on some of the
complexities we encountered.

There's a suggested alternative that should solve the problems, but so
far I haven't had the time to keep working on the issue.

BR,

Jukka Zitting