By default, both HTTP port and the CORBA port are bound to all network interfaces. For example your server might be accessible through two network cards using the IP addresses 10.1.3.253 and 10.1.3.254. For security reasons, you might want to grant access to the servers only through one of the interfaces.
Binding the HTTP port to only one single interface can be achieved by adding an address
attribute
to the Tomcat's Connector
element (see
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html ).
For limiting the access through CORBA, too, some properties must be set. By setting
com.sun.CORBA.ORBServerHost
to the correct IP address, you ensure that external
clients contact the server through the correct interface. In order to bind only the correct
interface, you must configure a custom CoreMedia socket factory, which is configured using a
system property. Set the following system properties when starting the
Content Management Server and the
Workflow Server:
Property Type | Property Name | Property Value |
---|---|---|
ORB | com.sun.CORBA.ORBServerHost | <IpAddress> |
ORB | com.sun.CORBA.legacy.connection.ORBSocketFactoryClass | com.coremedia.corba.SingleIpSocketFactory50 |
System | com.coremedia.corba.SingleIpSocketFactory.ip | <IpAddress> |
Table 4.2. Properties for Single IP configuration
Replace <IpAddress> by the IP address of the network interface to bind, for example 10.1.3.253. If you want to secure this connection via SSL, you have to use different factories, see Section 4.2.4, “Encrypting CORBA with SSL and bind to a Single Network Interface” for details.