Redirect all outgoing connections to localhost.

This is useful for running UAPI clients locally, while forwarding HTTP and CORBA connections to the servers through an SSH tunnel. A typical SSH invocation that allows the use of this socket factory would look like this, forwarding all ports of the Content Management Server and the Workflow Server:

ssh -L 40180:SERVER:40180 -L 40183:SERVER:40183 -L 40380:SERVER:40380 -L 40383:SERVER:40383 HOST

When using this option, you should also activate com.coremedia.corba.server.setNoSocket(boolean) in order to reduce the attack surface of the JVM.

Redirect IIOP invocations to other addresses.

Useful in tunnelling scenarios: imagine a server X on port P running in a network you cannot reach; but you are able to create a tunnel that forwards your address Y:Q to X:P, e.g. you do user@Y % ssh -g -LQ:X:P

Then you can configure your clients by the com.coremedia.corba.client.redirect property group:

Redirect IIOP invocations to other addresses.

For details see com.coremedia.corba.client.redirect.originalHost.

Redirect IIOP invocations to other addresses.

For details see com.coremedia.corba.client.redirect.originalHost.

Redirect IIOP invocations to other addresses.

For details see com.coremedia.corba.client.redirect.originalHost.

The Corba clear text ports

Usually one, maybe two (comma separated) values for Content Server and Workflow Server. In case of multiple values, the order must correspond to the com.coremedia.corba.client.ssl.sslPorts.

The keystore for SSL encrypted communication

The passphrase for SSL encrypted communication

The Corba SSL text ports

Usually one, maybe two (comma separated) values for Content Server and Workflow Server. In case of multiple values, the order must correspond to the com.coremedia.corba.client.ssl.clearTextPorts.

The host of the ORB.

This hostname is exposed to the client via the IOR. Normally, you do not need to care about this, but in runtime environments with special DNS configurations it may be necessary to set a certain name that the client is able to resolve.

Disable ORB server sockets.

This is useful when no incoming requests are expected, so that the server socket would only pose a security risk.

The default is true, i.e. server sockets are disabled. This is appropriate for all client applications and must be set to false only for Content Server (CMS, MLS and RLS) and Workflow Servery applications.

The clear text port of the ORB.

Bind ORB sockets to this IP address.

Useful to keep control on multi-homed hosts.

Enforce SSL communication

By default, the ORB opens an SSL port additionally to the clear text port. With this flag you can suppress the clear text port and thus ensure that clients use SSL connections.

The keystore for SSL encrypted communication

The passphrase for SSL encrypted communication

The port of the ORB for SSL encrypted communication.

The orb will open the SSL socket in addition to the clear text port. There is no way to disable this.