News: RMI Proxy: Secure RMI through Firewalls
RMI Proxy is an application firewall, which allows RMI Clients to penetrate firewalls, RMI servers to be placed behind firewalls, fine-grained access control, and firewall enforcement of the RMI protocol. It improves over RMI/HTTP in many ways.
- Posted by: Dion Almaer
- Posted on: April 02 2002 19:40 EST
Check out http://www.rmiproxy.com/
Secure RMI proxying through firewalls. RMI over the Internet is now a practical proposition with RMI Proxy 1.1.
eliminates HTTP tunnelling, CGI scripts, and servlets
implements full access control based on the Java 2 Security Model
provides firewall event logging NOW CONFIGURABLE
supports RMI servers behind firewalls
supports callbacks through firewalls
supports client- and server-side NAT
supports multiple client- and server-side firewall enclaves
supports JDK 1.1, 1.2 and 1.3.x
supports JDK 1.1 skeletons
uses a minimal client & server API
works through Raptor/Eagle firewalls
Check it out at http://www.rmiproxy.com
This is an interesting alternative to re-writing existing code, considering firewalls are usually a stumbling point for RMI.
I have never been able to use RMI for major developments for this same reason: customers' firewall. And this is the only reason I think web services might be successful.
My company develops services that customers access through an API. In fact, our customers implement applications that use a JAR file that we provide, which is basically a set of proxy objects that connect to the back end that we host and maintain in our facilities.
In theory this is just what RMI was made for. The only problem is that we don't control how our customers set up their firewall or how they configure their proxy servers, so it's impossible to make our code work with all kinds of firewalls by using RMI. What we do now is that each time the client does an operation that requires the use of the back end, the proxy object makes an HTTP request directly to the back-end. The back-end performs the logic and returns the answer as the HTTP response. Very primitive, but it works with all kind of firewalls.
If I had to reimplement it again I guess I will go with Web Services. For me, Web Services is just that, I nice tunneling standard.