Due to various RMI exploits out there and the fact that I don't use it anyway, I'd like to disable RMI on my JBoss server at least externally, but I'm not sure how to do this without breaking things.
I've tried disabling the JRMP invoker, which seems to work but the problem is that I'm unable to then start and stop my server because the command:
sudo -u $JBOSS_USER $JBOSS_HOME/bin/shutdown.sh -S
returns the error:
Exception in thread "main" javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NameNotFoundException: invoker not bound]
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1215)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:758)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:627)
at javax.naming.InitialContext.lookup(InitialContext.java:351)
at org.jboss.Shutdown.main(Shutdown.java:214)
Caused by: javax.naming.NameNotFoundException: invoker not bound
at org.jnp.server.NamingServer.getBinding(NamingServer.java:529)
at org.jnp.server.NamingServer.getBinding(NamingServer.java:537)
at org.jnp.server.NamingServer.getObject(NamingServer.java:543)
at org.jnp.server.NamingServer.lookup(NamingServer.java:267)
at org.jnp.server.NamingServer.lookup(NamingServer.java:270)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:592)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
at sun.rmi.transport.Transport$1.run(Transport.java:153)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
at java.lang.Thread.run(Thread.java:613)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:126)
at org.jnp.server.NamingServer_Stub.lookup(Unknown Source)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:667)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:627)
at javax.naming.InitialContext.lookup(InitialContext.java:351)
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1209)
... 4 more
I don't see the invoker being referenced anywhere else in /path/to/jboss/server/default/conf/jboss-service.xml so I'm not sure what other references I would need to remove.
Any ideas on what I'm doing wrong or am I just asking for functionality that's mutually exclusive?
In JBoss 4, there are several references to the RMI invokers in:
conf/standardjboss.xml
A lot of functions in JBoss make use of RMI, even if your app doesn't. The easiest solution would be to bind JBoss to an address that isn't available remotely:
-b 127.0.0.1
Update
If you only want RMI to be bound locally, edit the BindAddress and RmiBindAddress attributes in the jboss-service.xml file:
<mbean code="org.jboss.naming.NamingService" name="jboss:service=Naming">
<attribute name="Port">1099</attribute>
<attribute name="BindAddress">127.0.0.1</attribute>
<attribute name="RmiPort">1098</attribute>
<attribute name="RmiBindAddress">127.0.0.1</attribute>
</mbean>