Bookmark Topic Watch Topic
  • New Topic

Restrict the other IP addresses call to our main server  RSS feed

 
balac subramanian
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Report post to moderator
Hi,

I have EJB deployed in one server and othes are acessing the EJB using our machine name and bootstrap port.

so we cannot identify the client using RMI and planning to add the following in java.policy file to restrict the other invalid clients calls to our EJB Server.

permission java.net.SocketPermission "167.23.122.222:1024-", "accept, connect, listen, resolve";

But even restart the our WebSpher server and its not working. Please help me to resolve.

Thanks
Jothi
 
Mark Spritzler
ranger
Sheriff
Posts: 17309
11
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Report post to moderator
Moving this to our Websphere forum.

The Java EE Spec does not cover this.

Mark
 
Paul Clapham
Sheriff
Posts: 22819
43
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Report post to moderator
It isn't specific to Websphere either, it's just a general question about Java security. So I will try an answer and move it to Java Advanced:

As I read the API documentation for the java.net.SocketPermission class, the "167.23.122.222" identifies a host computer. I don't see any place where it mentions it might be the name of a client computer, so I conclude that you can't use SocketPermission to restrict clients from connecting. Although that's kind of weak reasoning.

While googling this I found a document about Java security in Tomcat. In the example it gave, there was this line:Clearly this cannot mean that Tomcat can only accept connections from localhost, that would be nonsensical. So I think my conclusion is correct.

And since it isn't working the way you expected, maybe I'm right.

You might be able to use a firewall to do that, but that's a question about networking and not about Java.
 
Mr. C Lamont Gilbert
Ranch Hand
Posts: 1170
Eclipse IDE Hibernate Ubuntu
  • Mark post as helpful
  • send pies
  • Report post to moderator
My RMI program and my database both only accept connections from localhost. The only port open on my server is the port assigned to ssh. Its not non-sensical.

However, I suspect its likely this is an indication of the 'interface' java will accept connections on. In case you have multiple network cards installed. I don't recall off hand.
[ March 13, 2007: Message edited by: Mr. C Lamont Gilbert ]
 
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!