Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Restrict the other IP addresses call to our main server

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Report post to moderator
Hi,

I have EJB deployed in one server and othes are acessing the EJB using our machine name and bootstrap port.

so we cannot identify the client using RMI and planning to add the following in java.policy file to restrict the other invalid clients calls to our EJB Server.

permission java.net.SocketPermission "167.23.122.222:1024-", "accept, connect, listen, resolve";

But even restart the our WebSpher server and its not working. Please help me to resolve.

Thanks
Jothi
 
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Report post to moderator
Moving this to our Websphere forum.

The Java EE Spec does not cover this.

Mark
 
Marshal
Posts: 28263
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Report post to moderator
It isn't specific to Websphere either, it's just a general question about Java security. So I will try an answer and move it to Java Advanced:

As I read the API documentation for the java.net.SocketPermission class, the "167.23.122.222" identifies a host computer. I don't see any place where it mentions it might be the name of a client computer, so I conclude that you can't use SocketPermission to restrict clients from connecting. Although that's kind of weak reasoning.

While googling this I found a document about Java security in Tomcat. In the example it gave, there was this line:Clearly this cannot mean that Tomcat can only accept connections from localhost, that would be nonsensical. So I think my conclusion is correct.

And since it isn't working the way you expected, maybe I'm right.

You might be able to use a firewall to do that, but that's a question about networking and not about Java.
 
Ranch Hand
Posts: 1170
Hibernate Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Report post to moderator
My RMI program and my database both only accept connections from localhost. The only port open on my server is the port assigned to ssh. Its not non-sensical.

However, I suspect its likely this is an indication of the 'interface' java will accept connections on. In case you have multiple network cards installed. I don't recall off hand.
[ March 13, 2007: Message edited by: Mr. C Lamont Gilbert ]
    Bookmark Topic Watch Topic
  • New Topic