java.rmi.server.hostname and JNLP in a secure sandbox
Hello
We have an java application that we now shall deploy via java web start in a secure sandbox, i.e. we shall not sign our jar files.
We use RMI two ways i.e. the client act as both a client and a server. In java web start running in a secure sandbox, reading and writing system properties is not allowed. We used to set this property in the client,
System.getProperties().setProperty( "java.rmi.server.hostname", lvClient.getResolvedClientIPAddress() );
where getResolvedClientIPAddress is a resolved IP-adress of the client. The reason for doing it this way is because we could have a conflict on the client if the client has several interfaces and then also several IP adresses. So the resolved IP adress will always be the right adress for communicating with the server.
The default value of java.rmi.server.hostname is the IP address of the local host, in "dotted-quad" format. But we do not now which one if we have several IP adresses...
But how can I bypass this when I am not allowed to set this property in JWS in a secure sandbox?
Best regard
Petter Larsen
[1125 byte] By [
plaplaa] at [2007-11-26 15:57:27]
# 2
I already have an ant build script that signs my jars, but our customer, Alcatel-Lucent, does not want to bother their customers with renewing the certificate, and self-signed certificate is not an option.
# 3
OK.. Now to bring me to something else I
was wonderring.
Does the application need to have that
system property set to an appropriate
value, in order to function correctly?
or
Is it simply that the client needs access to
information that is determined/set by the
server?
I do not believe the former can be achieved from
within an unsigned JWS application*, but the
PersistenceService (and probably some other
ways) can be used to achieve the latter.
* Unless you can call a signed installer,
to set it once at installation.
# 4
Say that the client has several IP-addresses. If we do not set the system property to the right IP address, it may pick a wrong IP-address from the system and tell the server to communicate back on that IP address. This is the case now.
ERROR[22.01.07 14:38:05 992] - Failed sending alarmInfo to client: java.rmi.ConnectException: Connection refused to host: 223.1.1.128; nested exception is:
java.net.ConnectException: Connection timed out
In this case I had a VPN-interface (which was not active) with a default address 223.1.1.128. But the interface that actually was active and which the server should talk to had the IP address, 10.37.39.69.
E.g. if we do not set the property, java.rmi.server.hostname to the right IP address, the RMI system just pick the best fit with the function,
java.net.InetAddress.getLocalHost.
http://java.sun.com/docs/books/tutorial/rmi/running.html
E.g. the application will not work correctly if, and only if, we have several IP addresses on the client. Today several IP addresses typically is used because many have wired net and WIFI net turned on at the same time...
# 5
In Java 6 there is a new option for javaws, i.e. -J.
E.g. start jws like this,
javaws -J-Djava.rmi.server.hostname=<IP-adress> http://host1/foo.jnlp
Then the java.rmi.server.hostname property will be set in the JVM before the java application starts(I think).
This solve our problem partly. We can then send this in as a parameter, but it is not done dynamics.
Another solution is under construction,
http://forum.java.sun.com/thread.jspa?threadID=5130534&tstart=0
Petter
