aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Accessing web service and rmi from internal network of dmz Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Accessing web service and rmi from internal network of dmz" Watch "Accessing web service and rmi from internal network of dmz" New topic
Author

Accessing web service and rmi from internal network of dmz

katty Leung
Greenhorn

Joined: Jun 04, 2010
Posts: 4
Hi everyone,

sorry for my ignorance.

I am accessing web service and rmi (across internet) by my EJB (from internal network), it is behind 2 firewalls.
internal network > firewall > dmz > firewall > internet

I just know a web proxy will help for internal user to access the internet, how about rmi, will it still work with the proxy?


another question about deployment diagram. should we include external server like (credit card authorization server) in the deployment diagram and showing the communication protocol with it ?

please help. much appreciated

-katty
Kuppusamy Venkatasubramanian
Ranch Hand

Joined: Dec 30, 2004
Posts: 91
Hi,

Firewalls are always opened for HTTP port(80), RMI will be on a different port and cannot be accessed from inside a firewall. Sys admins will never open port other than 80. Web services on SOAP over HTTP is the solution. In web service, Java behind the screen uses RPC.

Cheers,
Kuppusamy.V.,


SCJP1.4, SCBCD 1.3, SCWCD 1.4, SCEA 5, JLPT-N3
My Blog
Drago Z Kamenov
Greenhorn

Joined: Oct 17, 2009
Posts: 12
Is your RMI server on the open Internet? It would normally be behind another firewall, which you would have to traverse, this time from the outside in.

RMI supports tunneling over HTTP out of the box, but not without significant performance penalty. Take a look at this http://java.sun.com/developer/onlineTraining/rmi/RMI.html (scroll down to "Firewall Issues")
This begs the question, if you are going to tunnel RMI over HTTP or HTTPS, why not just use a web service? The only reason would be if you have to talk to an existing service you do not have control over (like a different company).

External server and protocol should be depicted on deployment diagram.

Hope this makes sense.

Drago


SCJP 2, SCEA/OCMJEA 5
katty Leung
Greenhorn

Joined: Jun 04, 2010
Posts: 4
thanks Kuppusamy.V. and Drago for the replies. they are useful. much appreciated
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Accessing web service and rmi from internal network of dmz