EJB design: Java client-to-EJB server communication: Java RMI-IIOP Q&A

  1. Hi there

    I am a bit of an EJB newbie, so feel free to let me know if I’m off in the wrong direction...

    I am part of a team considering implementing a client/server application as a standalone Java application (client) that talks to EJBs in a J2EE app server (server). Comments on this decision are welcomed, my more specific questions are below.

    From reading documentation, I believe that the Java client app would communicate with the EJB server via RMI-IIOP. I know, however, that we will have our firewall sitting between the Java client and the EJB Server. Here we go:

    (1) I am not sure of the network specifics of RMI-IIOP communication with the EJB server. Does RMI-IIOP (in some sense) just run on top of TCP/IP, handling things like marshalling and unmarshalling (and many others)?

    (2) I would think that the EJB app server listens for the RMI/IIOP requests on a specific port. Is this accurate?

    (3) If (1) and (2) are true, is it the case that I can just open that port in my firewall to allow the requests through to the EJB server from the Java client?

    (4) Is there any method for “securing” the RMI-IIOP communications between the Java client and the EJB server—i.e. something analogous to HTTPS for HTTP requests, only in the RMI-IIOP world?

    Thanks for any help you can provide-


  2. (1) yes
    (2) yes
    (3) yes
    (4) Not that I know of

  3. Re question (4):

    Yes, there's a protocol for IIOP over SSL (same idea as HTTPS).