[GLASSFISH-4779] iiop-listener ip address ignored Created: 16/Apr/08  Updated: 08/Feb/12

Status: Open
Project: glassfish
Component/s: orb
Affects Version/s: 3.1
Fix Version/s: future release

Type: Bug Priority: Major
Reporter: jarol1 Assignee: Harshad Vilekar
Resolution: Unresolved Votes: 5
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: All
Platform: All

Issuezilla Id: 4,779
Tags: 3_1-exclude


In my domain.xml I have defined 2 additional unencrypted orb listeners on ports
3701 and 3702 on different IP addresses. But when I start glassfish, my settings
are ignored, and iiop service works only on (on ports 3700, 3701,
3702 - I didn't want that!) even though I selected other IP addresses for other
listeners. Server has multiple network cards, 2 of them in bond. It has (bond), and I need the iiop to work on all
IP addresses, but on different ports. Using doesn't have the required
effect, since then I can't jndi from remote machine on

<iiop-service client-authentication-required="false">
<orb max-connections="1024" message-fragment-size="1024"
<iiop-listener address="" enabled="true" id="orb-listener-1"
port="3700" security-enabled="false"/>
<iiop-listener address="" enabled="true" id="orb-listener-2"
port="3701" security-enabled="false"/>
<iiop-listener address="" enabled="true" id="orb-listener-3"
port="3702" security-enabled="false"/>
<iiop-listener address="" enabled="true" id="SSL" port="3820"
<ssl cert-nickname="s1as" client-auth-enabled="false"
ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true"
<iiop-listener address="" enabled="true" id="SSL_MUTUALAUTH"
port="3920" security-enabled="true">
<ssl cert-nickname="s1as" client-auth-enabled="true"
ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true"

This bug is present in both Glassfish V2ur2 and Glassfish V2ur1.

Comment by harpreet [ 20/Oct/08 ]

Please scrub issue and see if it is critical to v2.1.

Comment by Ken Cavanaugh [ 28/Oct/08 ]

The current ORBManager code uses the old LISTEN_SOCKET_PROPERTY to initialize
the acceptor list, and the old API does not support a hostname, so we do not
really support multiple network interfaces very well. The ORB actually supports
the needed functionality internally, and we simple need to add a new
transport SPI in TransportDefault, which can be used to create an appropriate instance
of SocketOrChannelAcceptorImpl. This can then be registered with the TransportManager
during ORB initialization using the GlassFish ORB configurator.

As this is not critical for GFv2.1, I am moving it to V3.

Comment by Ken Cavanaugh [ 30/Oct/08 ]

Moving to V3 (missed the target milestone update).

Comment by Ken Cavanaugh [ 30/Oct/08 ]

Still trying to remove from 9.1.1.

Comment by Ken Cavanaugh [ 22/Sep/09 ]

Moving to v3.1, although the new approach of creating acceptors
directly should support this much more easily than the old
properties-based approach.

Comment by Ken Cavanaugh [ 06/Oct/09 ]

Needs v3_exclude in status whiteboard to exclude from v3.

Comment by Ken Cavanaugh [ 23/Mar/10 ]

Moved to v3.1.

Comment by chaoslayer [ 18/Feb/11 ]

This has been initially reported as GLASSFISH-16, back in 2005. So almost 6 years (!!!) and no solution for this problem?

So, GlassFish (including the upcoming 3.1 release) MUST secured externally. And still a risk is still there.

Please, guys, fix it.

Comment by chaoslayer [ 18/Feb/11 ]

Also I've noted, that the one that is initialized lazy actually IS bound to a specific interface:

tcp6 0 0 ::1:3700 :::* LISTEN 1000 28061662 5202/java

Generated at Mon Apr 24 05:03:32 UTC 2017 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.