Previous Table of Contents Next


15.8 Bi-Directional GIOP

   The specification of GIOP connection management, in GIOP minor versions 1.0 and 1.1, states that connections are not symmetrical. For example, only clients that initialize connections can send requests, and only servers that accept connections can receive them.

   This GIOP 1.0 and 1.1 restriction gives rise to significant difficulties when operating across firewalls. It is common for firewalls not to allow incoming connections, except to certain well-known and carefully configured hosts, such as dedicated HTTP or FTP servers. For most CORBA-over-the-internet applications it is not practicable to require that all potential client firewalls install GIOP proxies to allow incoming connections, or that any entities receiving callbacks will require prior configuration of the firewall proxy.

   An applet, for example, downloaded to a host inside such a firewall will be restricted in that it cannot receive requests from outside the firewall on any object it creates, as no host outside the firewall will be able to connect to the applet through the client's firewall, even though the applet in question would typically only expect callbacks from the server it initially registered with.

   In order to circumvent this unnecessary restriction, GIOP minor protocol version 1.2 or

   1.3 specifies that the asymmetry stipulation above be relaxed in cases where the client and the server agree on it. In these cases, the client (the applet in the above case) would still initiate the connection to the server, but any requests from the server on any objects.

   The client creates an object for exporting to a server, and arranges that the server receive an IOR for the object. The most common use case would be for the client to pass the IOR as a parameter in a GIOP request, but other mechanisms are possible, such as the use of a Name Service. If the client ORB policy permits bi-directional use of a connection, a Request message should contain an IOP::ServiceContext structure in its Request header, which indicates that this GIOP connection is bidirectional. The service context may provide additional information that the server may need to invoke the callback object. To determine whether an ORB may support bi directional GIOP new policies has been defined (Section 15.9, “Bi-directional GIOP policy,? on page 15-60).

   Each mapping of GIOP to a particular transport should define a transport-specific bidirectional service context, and have an IOP::ServiceId allocated by the OMG. It is recommended that names for this service context follows the pattern BiDir<protocolname>, where <protocol name> identifies a mapping of GIOP to a transport protocol (e.g., for IIOP the name is BiDirIIOP). The service context for bi directional IIOP is defined in Section 15.8.1, “Bi-Directional IIOP,? on page 15-58.

   The server receives the Request, which contains a bi-directional IOP::ServiceContext. If the server supports bi-directional connections for that protocol, it may now send invocations along the same connection to any object that supports the particular protocol and matches the particular location information found in the bi-directional service context. If the server does not support bi-directional connections for that protocol, the service context can be ignored.

   The data encapsulated in the BiDirIIOPServiceContext structure (see below), which is identified by the ServiceId BI_DIR_IIOP as defined in Section 13.7, “Service Context,? on page 13-28, allows the ORB to determine whether it needs to open a new connection in order to invoke on an object. If a host and port pair in a listen_point list matches a host and port of an object to which it does not yet have a connection (a callback object newly received, for instance), rather than open a new connection, the server may re-use any of the connections on which the listen_point data was received.

   A server talking to a client on a bi-directional GIOP connection can use any message type traditionally used by clients only, so it can use Request, LocateRequest, CancelRequest, MessageError, and Fragment (for a Request or LocateRequest). Similarly the client can use message types traditionally used only by servers: Reply, LocateReply, MessageError, CloseConnection, and Fragment (for a Reply or LocateReply).

   CloseConnection messages are a special case however. Either ORB may send a CloseConnection message, but the conditions in Section 15.5.1, “Connection Management,? on page 15-47 apply.

   Bi-directional GIOP connections modify the behavior of Request IDs. In the GIOP specification, Section 15.5.1, “Connection Management,? on page 15-47, it is noted that “Request IDs must unambiguously associate replies with requests within the scope and lifetime of a connection.? This property of unambiguous association of requests and replies must be preserved while permitting each end to generate Request Ids for new requests independently. To ensure this, on a connection that is used bidirectionally in GIOP 1.2, and 1.3, the connection originator shall assign only even valued Request IDs and the other side of the connection shall assign only odd valued Request IDs. This requirement applies to the full lifetime of the connection, even before a BiDirIIOPServiceContext is transmitted. A connection on which this regime of Request ID assignment is not used, shall never be used to transmit bidirectional GIOP 1.2, or 1.3 messages.

   It should be noted that a single-threaded ORB needs to perform event checking on the connection, in case a Request from the other endpoint arrives in the window between it sending its own Request and receiving the corresponding reply; otherwise a client and server could send Requests simultaneously, resulting in deadlock. If the client cannot support event checking, it must not indicate that bi-directionality is supported. If the server cannot support event checking, it must not make callbacks along the same connection even if the connection indicates it is supported.

   A server making a callback to a client cannot specify its own bi-directional service context – only the client can announce the connection's bi-directionality.

   An important security issue should be observed in the use of bi-directional GIOP. In the absence of other security mechanisms, a malicious client may claim that its connection is Bi-Directional for use with any host and port it chooses. In particular it may specify the host and port of security sensitive objects not even resident on its host. All the client has to do is pass the host and port in the listen data service context and the server may then invoke a masquerading object instead. In general, and in the absence of other security mechanisms, a server that has accepted an incoming connection has no way to discover the identity or verify the integrity of the client that initiated the connection. If the server has doubts in the integrity of the client, it is recommended that bi-directional GIOP is not used.