I am a bit of an EJB newbie, so feel free to let me know if I’m off in the wrong direction...
I am part of a team considering implementing a client/server application as a standalone Java application (client) that talks to EJBs in a J2EE app server (server). Comments on this decision are welcomed, my more specific questions are below.
From reading documentation, I believe that the Java client app would communicate with the EJB server via RMI-IIOP. I know, however, that we will have our firewall sitting between the Java client and the EJB Server. Here we go:
(1) I am not sure of the network specifics of RMI-IIOP communication with the EJB server. Does RMI-IIOP (in some sense) just run on top of TCP/IP, handling things like marshalling and unmarshalling (and many others)?
(2) I would think that the EJB app server listens for the RMI/IIOP requests on a specific port. Is this accurate?
(3) If (1) and (2) are true, is it the case that I can just open that port in my firewall to allow the requests through to the EJB server from the Java client?
(4) Is there any method for “securing” the RMI-IIOP communications between the Java client and the EJB server—i.e. something analogous to HTTPS for HTTP requests, only in the RMI-IIOP world?
Thanks for any help you can provide-