javasocketssslrmi

RMI over SSL with single port on server

CASE 1 - WITHOUT SSL
When I a need a simple RMI connection (without SSL) I use the following code on server

Registry registry = LocateRegistry.createRegistry(2004,rmiClientSocketFactory,rmiServerSocketFactory);
stub=UnicastRemoteObject.exportObject(someObj, 2004, rmiClientSocketFactory,rmiServerSocketFactory);

Please, pay attention that I use port number both when create registry and when exporting object. The code works as expected - no any problems.

CASE 2 - WITH SSL
I use the same code as in case 1 only both factories are SSL factories. Result - on server side one socket is created on port 2004 but my client can't connect to it - it throws 

java.rmi.ConnectIOException: non-JRMP server at remote endpoint
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:248)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
    at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:342)
    at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
    at rmi.DateClient.perform(DateClient.java:48)
    at rmi.DateClient.main(DateClient.java:38)
Exception occured: java.rmi.ConnectIOException: non-JRMP server at remote endpoint

To make it work I need to modify my code on server to 

Registry registry = LocateRegistry.createRegistry(2004);
stub = UnicastRemoteObject.exportObject(someObj, 0, rmiClientSocketFactory, rmiServerSocketFactory);

This code works but on server side two sockets are created one on port 2004 and one on some variable port (for example 45329). But I don't want to have two sockets. How to explain and fix it?

Solution

  • To make it work I need to modify my code on server to

    Registry registry = LocateRegistry.createRegistry(2004);

    No. That's a backwards step: you're removing SSL from the Registry. You need to modify your client to use SSL when looking up the Registry. That means you have to use the Registry class instead of Naming:

    Registry registry = LocateRegistry.getRegistry(host, 2004, rmiClientSocketFactory);
MyRemoteInterface mri = (MyRemoteInterface)registry.lookup(...);

    In any case you can't have plaintext and SSL remote objects on the same port.