Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.1
    • Fix Version/s: future release
    • Component/s: orb
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

      Description

      In my domain.xml I have defined 2 additional unencrypted orb listeners on ports
      3701 and 3702 on different IP addresses. But when I start glassfish, my settings
      are ignored, and iiop service works only on 10.20.32.51 (on ports 3700, 3701,
      3702 - I didn't want that!) even though I selected other IP addresses for other
      listeners. Server has multiple network cards, 2 of them in bond. It has
      10.20.32.51 (bond), 10.10.32.151 and 127.0.0.1. I need the iiop to work on all
      IP addresses, but on different ports. Using 0.0.0.0 doesn't have the required
      effect, since then I can't jndi from remote machine on 10.10.32.151.

      <iiop-service client-authentication-required="false">
      <orb max-connections="1024" message-fragment-size="1024"
      use-thread-pool-ids="thread-pool-1"/>
      <iiop-listener address="0.0.0.0" enabled="true" id="orb-listener-1"
      port="3700" security-enabled="false"/>
      <iiop-listener address="10.10.32.151" enabled="true" id="orb-listener-2"
      port="3701" security-enabled="false"/>
      <iiop-listener address="10.20.32.51" enabled="true" id="orb-listener-3"
      port="3702" security-enabled="false"/>
      <iiop-listener address="0.0.0.0" enabled="true" id="SSL" port="3820"
      security-enabled="true">
      <ssl cert-nickname="s1as" client-auth-enabled="false"
      ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true"
      tls-rollback-enabled="true"/>
      </iiop-listener>
      <iiop-listener address="0.0.0.0" enabled="true" id="SSL_MUTUALAUTH"
      port="3920" security-enabled="true">
      <ssl cert-nickname="s1as" client-auth-enabled="true"
      ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true"
      tls-rollback-enabled="true"/>
      </iiop-listener>
      </iiop-service>

      This bug is present in both Glassfish V2ur2 and Glassfish V2ur1.

        Activity

        Hide
        harpreet added a comment -

        Please scrub issue and see if it is critical to v2.1.

        Show
        harpreet added a comment - Please scrub issue and see if it is critical to v2.1.
        Hide
        Ken Cavanaugh added a comment -

        The current ORBManager code uses the old LISTEN_SOCKET_PROPERTY to initialize
        the acceptor list, and the old API does not support a hostname, so we do not
        really support multiple network interfaces very well. The ORB actually supports
        the needed functionality internally, and we simple need to add a new
        transport SPI in TransportDefault, which can be used to create an appropriate instance
        of SocketOrChannelAcceptorImpl. This can then be registered with the TransportManager
        during ORB initialization using the GlassFish ORB configurator.

        As this is not critical for GFv2.1, I am moving it to V3.

        Show
        Ken Cavanaugh added a comment - The current ORBManager code uses the old LISTEN_SOCKET_PROPERTY to initialize the acceptor list, and the old API does not support a hostname, so we do not really support multiple network interfaces very well. The ORB actually supports the needed functionality internally, and we simple need to add a new transport SPI in TransportDefault, which can be used to create an appropriate instance of SocketOrChannelAcceptorImpl. This can then be registered with the TransportManager during ORB initialization using the GlassFish ORB configurator. As this is not critical for GFv2.1, I am moving it to V3.
        Hide
        Ken Cavanaugh added a comment -

        Moving to V3 (missed the target milestone update).

        Show
        Ken Cavanaugh added a comment - Moving to V3 (missed the target milestone update).
        Hide
        Ken Cavanaugh added a comment -

        Still trying to remove from 9.1.1.

        Show
        Ken Cavanaugh added a comment - Still trying to remove from 9.1.1.
        Hide
        Ken Cavanaugh added a comment -

        Moving to v3.1, although the new approach of creating acceptors
        directly should support this much more easily than the old
        properties-based approach.

        Show
        Ken Cavanaugh added a comment - Moving to v3.1, although the new approach of creating acceptors directly should support this much more easily than the old properties-based approach.
        Hide
        Ken Cavanaugh added a comment -

        Needs v3_exclude in status whiteboard to exclude from v3.

        Show
        Ken Cavanaugh added a comment - Needs v3_exclude in status whiteboard to exclude from v3.
        Hide
        Ken Cavanaugh added a comment -

        Moved to v3.1.

        Show
        Ken Cavanaugh added a comment - Moved to v3.1.
        Hide
        chaoslayer added a comment -

        This has been initially reported as GLASSFISH-16, back in 2005. So almost 6 years (!!!) and no solution for this problem?

        So, GlassFish (including the upcoming 3.1 release) MUST secured externally. And still a risk is still there.

        Please, guys, fix it.

        Show
        chaoslayer added a comment - This has been initially reported as GLASSFISH-16 , back in 2005. So almost 6 years (!!!) and no solution for this problem? So, GlassFish (including the upcoming 3.1 release) MUST secured externally. And still a risk is still there. Please, guys, fix it.
        Hide
        chaoslayer added a comment -

        Also I've noted, that the one that is initialized lazy actually IS bound to a specific interface:

        tcp6 0 0 ::1:3700 :::* LISTEN 1000 28061662 5202/java

        Show
        chaoslayer added a comment - Also I've noted, that the one that is initialized lazy actually IS bound to a specific interface: tcp6 0 0 ::1:3700 :::* LISTEN 1000 28061662 5202/java

          People

          • Assignee:
            Harshad Vilekar
            Reporter:
            jarol1
          • Votes:
            5 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated: