You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2013/05/24 16:50:10 UTC
[Bug 55017] New: Ability to configure RMI bind address
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
Bug ID: 55017
Summary: Ability to configure RMI bind address
Product: Tomcat 7
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: alexey.noskov@gmail.com
Created attachment 30319
--> https://issues.apache.org/bugzilla/attachment.cgi?id=30319&action=edit
Patch to provider bind rmi bind address setup ability
There is a patch which adds rmiBindAddress property to
JmxRemoteLifecycleListener, which allows to bind RMI server to specific
interface instead of 0.0.0.0.
It may useful for binding RMI to localhost and avoiding firewall configuration
(and then monitoring through SSH tunnel).
Unfortunatly using of rmiBindAddress incompatible with rmiSSL, but i think it's
not an issue because of rarely intersecting use cases.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #12 from Mark Thomas <ma...@apache.org> ---
Overall patch looks OK.
One questions: Why are SSL and rmiBindAddress mutually exclusive?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #1 from Christopher Schultz <ch...@christopherschultz.net> ---
I think the code starting at line 217 should probably be an "else" of this if
clause:
if (rmiSSL) {
csf = new SslRMIClientSocketFactory();
ssf = new SslRMIServerSocketFactory(ciphers, protocols,
clientAuth);
}
Otherwise, if rmiSSL and rmiBindAddress are both set, rmiBindAddress will take
precedence and a) we'll create and discard objects for no reason and b)
potentially open a security vulnerability because the user might think they can
have both SSL and a specific address.
We might even want to detect the current incompatibility (I also don't see a
way to specify an interface when creating an SslRMIServerSocketFactory) and
throw an error.
Can you adjust your patch?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #14 from Mark Thomas <ma...@apache.org> ---
I see what you mean. Fair enough.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #8 from Christopher Schultz <ch...@christopherschultz.net> ---
(In reply to Mark Thomas from comment #7)
> The patch needs to include the associated documentation changes. It would
> also be nice if it used StringManager for i18n.
Alexey, if you'd care to make those documentation patches and include them, it
would be great. If not, someone else will do them but the patch will take
longer to accept. Let us know if you need any instructions for how to do that:
it's not hard, but just in case you needed some encouragement.
Look at other classes in the same package for uses of StringManager: it's
fairly simple. Basically, anything that is going to end up in a log file, shown
to the user, etc. should be localized. Providing an English translation is
usually sufficient, though it would be nice to provide Spanish and Japanese if
you happen to be multilingual.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
Alexey Noskov <al...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #30320|0 |1
is obsolete| |
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #5 from Christopher Schultz <ch...@christopherschultz.net> ---
Hmm... I thought sure that LifecycleListeners could throw checked exceptions,
but it seems they can't. I'm still not happy with this not failing-fast.
What happens if you throw an IllegalStateException... will Tomcat fail to
start? If it doesn't, we might have to re-think things.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #4 from Alexey Noskov <al...@gmail.com> ---
Well. But then which exception should be thrown here? Or there is other
preferred way to fail configuring the connector?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #15 from Mark Thomas <ma...@apache.org> ---
Thanks for the patch.
It has been applied to trunk and 7.0.x and will be included in 7.0.42 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #9 from Alexey Noskov <al...@gmail.com> ---
Yes, I already found how it's used.
I'll make documentation and i18n changes in nearest days.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #7 from Mark Thomas <ma...@apache.org> ---
The patch needs to include the associated documentation changes. It would also
be nice if it used StringManager for i18n.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #2 from Alexey Noskov <al...@gmail.com> ---
Created attachment 30320
--> https://issues.apache.org/bugzilla/attachment.cgi?id=30320&action=edit
Patch to provider bind rmi bind address setup ability (updated)
Just adjusted patch: added else clause + warning if both options are set
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
Alexey Noskov <al...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #30319|0 |1
is obsolete| |
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #13 from Alexey Noskov <al...@gmail.com> ---
It's because I found no way to specify bind address when using
SslRMIServerSocketFactory.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
Alexey Noskov <al...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |alexey.noskov@gmail.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
Alexey Noskov <al...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #30321|0 |1
is obsolete| |
--- Comment #10 from Alexey Noskov <al...@gmail.com> ---
Created attachment 30398
--> https://issues.apache.org/bugzilla/attachment.cgi?id=30398&action=edit
Patch to provider bind rmi bind address setup ability (updated, 3)
Just added i18n and documentation changes.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #6 from Alexey Noskov <al...@gmail.com> ---
Created attachment 30321
--> https://issues.apache.org/bugzilla/attachment.cgi?id=30321&action=edit
Patch to provider bind rmi bind address setup ability (updated, 2)
Yes, with IllegalStateException Tomcat fails to start.
Updated patch with it.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #11 from Alexey Noskov <al...@gmail.com> ---
Are there other areas in which this patch should be improved?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55017] Ability to configure RMI bind address
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #3 from Christopher Schultz <ch...@christopherschultz.net> ---
I think conflicting settings should actually fail to configure the connector,
rather than playing favorites.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org