Discussions

News: RMI Proxy: Secure RMI through Firewalls

  1. RMI Proxy: Secure RMI through Firewalls (2 messages)

    RMI Proxy is an application firewall, which allows RMI Clients to penetrate firewalls, RMI servers to be placed behind firewalls, fine-grained access control, and firewall enforcement of the RMI protocol. It improves over RMI/HTTP in many ways.

    Check out http://www.rmiproxy.com/

    Press Release
    ------------------------
    Secure RMI proxying through firewalls. RMI over the Internet is now a practical proposition with RMI Proxy 1.1.

    eliminates HTTP tunnelling, CGI scripts, and servlets
    implements full access control based on the Java 2 Security Model
    provides firewall event logging NOW CONFIGURABLE
    supports RMI servers behind firewalls
    supports callbacks through firewalls
    supports client- and server-side NAT
    supports multiple client- and server-side firewall enclaves
    supports JDK 1.1, 1.2 and 1.3.x
    supports JDK 1.1 skeletons
    supports Activation
    uses a minimal client & server API
    works through Raptor/Eagle firewalls

    Check it out at http://www.rmiproxy.com
  2. This is an interesting alternative to re-writing existing code, considering firewalls are usually a stumbling point for RMI.
  3. I have never been able to use RMI for major developments for this same reason: customers' firewall. And this is the only reason I think web services might be successful.

    My company develops services that customers access through an API. In fact, our customers implement applications that use a JAR file that we provide, which is basically a set of proxy objects that connect to the back end that we host and maintain in our facilities.

    In theory this is just what RMI was made for. The only problem is that we don't control how our customers set up their firewall or how they configure their proxy servers, so it's impossible to make our code work with all kinds of firewalls by using RMI. What we do now is that each time the client does an operation that requires the use of the back end, the proxy object makes an HTTP request directly to the back-end. The back-end performs the logic and returns the answer as the HTTP response. Very primitive, but it works with all kind of firewalls.

    If I had to reimplement it again I guess I will go with Web Services. For me, Web Services is just that, I nice tunneling standard.

    angel