Movatterモバイル変換

Java Remote Method Invocation

3.5 RMI Through Firewalls ViaProxies

The RMI transport layernormally attempts to open direct sockets to hosts on the Internet.Many intranets, however, have firewalls that do not allow this. Thedefault RMI transport, therefore, provides two alternate HTTP-basedmechanisms which enable a client behind a firewall to invoke amethod on a remote object which resides outside the firewall.

As described in thissection, the HTTP-based mechanism that the RMI transport layer usesfor RMI calls only applies to firewalls with HTTP proxyservers.

3.5.1 How an RMI Call is Packaged within the HTTPProtocol

To get outside a firewall, the transport layer embeds an RMI callwithin the firewall-trusted HTTP protocol. The RMI call data issent outside as the body of an HTTP POST request, and the returninformation is sent back in the body of the HTTP response. Thetransport layer will formulate the POST request in one of two ways:

If the firewall proxy will forward an HTTP request directed toan arbitrary port on the host machine, then it is forwardeddirectly to the port on which the RMI server is listening. Thedefault RMI transport layer on the target machine is listening witha server socket that is capable of understanding and decoding RMIcalls inside POST requests.
If the firewall proxy will only forward HTTP requests directedto certain well-known HTTP ports, then the call is forwarded to theHTTP server listening on port 80 of the host machine, and a CGIscript is executed to forward the call to the target RMI serverport on the same machine.

3.5.2 The Default Socket Factory

The RMI transport implementation includes an extension of the classjava.rmi.server.RMISocketFactory, which is the defaultresource-provider for client and server sockets used to send andreceive RMI calls; this default socket factory can be obtained viathejava.rmi.server.RMISocketFactory.getDefaultSocketFactorymethod. This default socket factory creates sockets thattransparently provide the firewall tunnelling mechanism as follows:

Client sockets first attempt a direct socket connection. Clientsockets automatically attempt HTTP connections to hosts that cannotbe contacted with a direct socket if that direct socket connectionresults in either ajava.net.NoRouteToHostException orajava.net.UnknownHostException being thrown. If adirect socket connection results in any otherjava.io.IOException being thrown, such as ajava.net.ConnectException, the implementation mayattempt an HTTP connection.
Server sockets automatically detect if a newly-acceptedconnection is an HTTP POST request, and if so, return a socket thatwill expose only the body of the request to the transport andformat its output as an HTTP response.

Client-side sockets, with this default behavior, are provided bythe factory'sjava.rmi.server.RMISocketFactory.createSocket method.Server-side sockets with this default behavior are provided by thefactory'sjava.rmi.server.RMISocketFactory.createServerSocketmethod.

3.5.3 Configuring the Client

A client can disable the packaging of RMI calls as HTTP requests bysetting thejava.rmi.server.disableHttp property toequal the boolean valuetrue.

3.5.4 Configuring the Server

Note - The host name shouldnot be specified as the host's IP address, because some firewallproxies will not forward to such a host name.

In order for a client outside the server host's domain to beable to invoke methods on a server's remote objects, the clientmust be able to find the server. To do this, the remote referencesthat the server exports must contain the fully-qualified name ofthe server host.
Depending on the server's platform and network environment, thisinformation may or may not be available to the Java virtual machineon which the server is running. If it is not available, the host'sfully qualified name must be specified with the propertyjava.rmi.server.hostname when starting the server.
For example, use this command to start the RMI server classServerImpl on the machine chatsubo.example.com:
```
   java -Djava.rmi.server.hostname=chatsubo.example.com ServerImpl
```
If the server will not support RMI clients behind firewallsthat can forward to arbitrary ports, use this configuration:
1. An HTTP server is listening on port 80.
2. A CGI script is located at the aliased URL path
```
    /cgi-bin/java-rmi.cgi
```
  This script:
  - Invokes the local interpreter for the Java programming languageto execute a class internal to the transport layer which forwardsthe request to the appropriate RMI server port.
  - Defines properties in the Java virtual machine with the samenames and values as the CGI 1.0 defined environment variables.

An example script issupplied in the RMI distribution for the Solaris and Windows 32operating systems. Note that the script must specify the completepath to the interpreter for the Java programming language on theserver machine.

3.5.5 Performance Issues and Limitations

Calls transmitted via HTTP requests are at least an order ofmagnitude slower that those sent through direct sockets, withouttaking proxy forwarding delays into consideration.

Because HTTP requests can only be initiated in one directionthrough a firewall, a client cannot export its own remote objectsoutside the firewall, because a host outside the firewall cannotinitiate a method invocation back on the client.

CONTENTS |PREV |NEXT

[8]ページ先頭