RMI secure arguments

Are arguments passed to remote methods hashed in some way? Or do I need to manually secure the arguments I am passing to my remote methods.

Well, I kind of agree with you. Anything is nonsense until you understand it. By the way, landing on the moon was a very stupid idea...
I have personally completed the development of RMI over JXTA and it is running on my machines everyday. That means RMI can run over any known network infrastructure that can transport bits and bytes reasonably fast, thanks to the network independent design goal of JXTA.
It is true the current implementation of Jini is built on RMI. It sounds silly that you would run RMI over Jini over RMI. But it does not do any harm to keep that technical option open. Suppose you want to run your existing RMI applications on somebody's existing secured Jini infrastructure without major modifications of your applications.
Use your imagination, dude, otherwise programming would be a very boring job.

Similar Messages

  • How to run the rmi security manager

    how to run the rmi security manager

    You need to make a special class, where you give all permissions or socket permissions, then in promt you just call this class with following:
    java -Djava.security.all=all then package name, then Class name. All is the name og permission class.
    Good luck!

  • RMI security with client authentication

    Hy,
    I'm trying to set a secure RMI application using JSSE and SSL.
    I have succeeded in writing an application with client and server authentication using both an RMISSLServerSocketFactory and RMISSLClientSocketFactory and passing those factories to the server while exporting the remote object.
    The problem is I had to set both server public and private keys and client public and private keys in the custom Socket Factories. This implies that those keys are on the server disk which is problematic for the client private key.
    Is there a way of giving the client private key only when the Client want to contact the server and not when exporting the remote object?
    (I tried to do that using -Djava.net.ssl.keyStore and -Djava.net.ssl.trustStore properties but it doesn't seem to work).
    Thank you for your help

    Even when I haven't wrote RMI over SSL code, I've done that using standard SSL client authentication between a client and a server.
    In that context, I got the SSLSocketFactory by using a SSLContext initialized with the proper TrustManager and KeyManager classes.
    But I guess you can start by specifying from the command line the system properties related to keystores and truststores:
    -Djavax.net.ssl.keyStore=<your keystore pathname>
    -Djavax.net.ssl.keyStorePassword=<your keystore password>
    -Djavax.net.ssl.trustStore=<your truststore pathname>
    -Djavax.net.ssl.trustStorePassword=<your truststore password>
    You can also see the RMISSLClientSocketFactory and RMISSLServerSocketFactory provided in the /samples/rmi folder of the JSSE 1.0.3_01 distribution.
    The client factory version uses the default socket factory provided by JSSE, so it can be configured from the properties above.
    Hope this helps.

  • RMI Security Exception

    Hi I have followed the sun java RMI trail (tutorial).
    However my server side application is giving me a security exception. I think it s because of the grant code sections:
    grant {
        permission java.net.SocketPermission "*:1024-65535",
            "connect,accept";
        permission java.net.SocketPermission "*:80", "connect";
    };My problem is that I can't understand were to put this code segment, and I read the same page over and over again, and could not find were is says were to put it!!
    As I said I think it is from this, but maybe it is from other parts! not sure! ... Maybe you need to run the server side from a web server??
    The links of the tutorial I am following is the following (from sun java website itself):
    http://java.sun.com/docs/books/tutorial/rmi/
    and the following link is were there is the grant permission code:
    http://java.sun.com/docs/books/tutorial/rmi/running.html
    Thanks for any sugestions!

    I still have the exception:
    ComputeEngine exception: access denied (java.net.SocketPermission host resolve)
    java.security.AccessControlException: access denied (java.net.SocketPermission host resolve)I followed the tutorial step by step, reading and writing the provided code so far. So this is what I have now at the moment:
    I create a permision file and I called it java.policy. In this file I have the following code:
    grant {
        permission java.net.SocketPermission "*:1024-65535",
            "connect,accept";
        permission java.net.SocketPermission "*:80", "connect";
    };Then I have the following code sugested by WirajR in the engine class, which is the server side application:
    static{
        System.setProperty("security.policy", "java.policy");
    }I compiled everything, and no errors are given. But when i run just the server side, I still recieve the above error. When I debuged the application it stops on the following line:
    Naming.rebind(name, engine);Were name is a string containing the following text :
    "//host/Compute"and engine is the class to be exposed over RMI.
    I am betting my problem is with name!! ... maybe
    or else my permission file has invalid data.
    Also wanted to add that security seems to have been taken care of in that tutorial by the following lines of code:
    if (System.getSecurityManager() == null) {
       System.setSecurityManager(new RMISecurityManager());
    }Aren't these to set the security policy?

  • RMI security issue

    Hi, there!
    This is cross-post from "NetWeaver AS, Java" forum.
    I have a security issue when I try to run RMI client code in the web application on the Web AS 2004s. There is
    lookup statement in JSP or servlet code:
    Naming.lookup("//server/RemoteClass")
    which throws
    java.io.AccessControlException: access denied (java.io.FilePermission
    D:\usr\sap\AS1\JC00\j2ee\cluster\server0\apps\sap.com\MyEntApp\servlet_jsp\MyWebApp\work\com\mycompany\packagename\RemoteClassImpl_Stub.class read)
    I have investigated where "java.security.policy" parameter is setup, there has value "./java.policy". This file is
    regenerated each time when web AS is started, thus I created another policy file, granted file permission for
    above path and set it as -Djava.security.policy in server start parameter. It doesn't resolve problem, I have
    investigated this parameter doesn't correlate with real application run-time permissions. Has anybody ideas?
    Thanks
    P.S. This code works fine as a standalone application.

    File Name : policy.txt
    grant     {
         permission java.security.AllPermission;
    };Run ur program as follows:
    java -Djava.security.policy=policy.txt <Java Client >

  • RMI Security Managing Problem

    I am trying to connect to my RMI Server and am having a problem. My code looks like this:
    if( System.getSecurityManager() == null ) {
                    SecurityManager security=new SecurityManager();
                    security.checkAccept(serverAddress, serverPort);
                  System.setSecurityManager( security );
    registry=LocateRegistry.getRegistry(serverAddress, (new Integer(serverPort)).intValue());
                    // look up the remote object
                    rmiServer= (PRFromDatabaseInterface)(registry.lookup("prFromDBServer"));
                    // call the remote method
                    System.out.println("Connecting to rmiServr");
                    return rmiServer.attemptLogin(email, password);The error I am getting looks like this:
    Exception in thread "AWT-EventQueue-0" java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.2.201:3500 accept,resolve)
         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
         at java.security.AccessController.checkPermission(AccessController.java:427)
         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
         at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
         at us.mylan.pr.main.FromDatabase.<init>(FromDatabase.java:84)Does anyone have any ideas what is wrong?

    I Just realized the port wasn't specified. When I do specifity it, I get this error:
    sending Sample Text to 192.168.4.204:4000
    java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
         java.io.EOFExceptionAnd then the server throws a different error:
    Exception in thread "RMI TCP Connection(idle)" java.security.AccessControlException: access denied(java.net.SocketPermission 192.167.4.6:54458 accept, resolve)Which I do not understand why it is port 54458. The client code looks like:
    public class RmiClient {
        static public void main(String args[])
        PRFromDatabaseInterface rmiServer;
           Registry registry;
           String serverAddress="192.168.4.204";
           String serverPort="4000";
           String text="Sample Text";
           System.out.println("sending "+text+" to "+serverAddress+":"+serverPort);
           try{
               // get the “registry”
               registry=LocateRegistry.getRegistry(serverAddress, (new Integer(serverPort)).intValue());
               // look up the remote object
               rmiServer= (PRFromDatabaseInterface)(registry.lookup("prFromDBServer"));
               // call the remote method
               rmiServer.attemptLogin("[email protected]", "password");
           catch(RemoteException e){
               e.printStackTrace();
           catch(NotBoundException e){
               e.printStackTrace();
    }Edited by: BDJ2K on Jan 10, 2009 6:38 AM

  • WebLogic RMI security

    Hello,
    I'm planning to create some client-server applications using the WebLogic
    RMI implementation but I'm a little bit worried about the security issues
    that can be raised.
    Basically, I don't know whether or not WebLogic provides dynamic class
    loading (RMIClassLoader). If so, how to prevent this to happen, since I want
    to make it sure that no hostile client will be able to hack my application
    in that it will download some classes that will mess with my data.
    Anybody has any comments on that?
    Thanks in advance for any help.
    Andre Mendonca
    [email protected]

    Just to make things clearer, this is the RMI specification from Javasoft
    (very interesting, by the way):
    "When parameters and return values for a remote method invocation are
    unmarshalled to become live objects in the receiving JVM, class definitions
    are required for all of the types of objects in the stream. The
    unmarshalling process first attempts to resolve classes by name in its local
    class loading context (the context class loader of the current thread). RMI
    also provides a facility for dynamically loading the class definitions for
    the actual types of objects passed as parameters and return values for
    remote method invocations from network locations specified by the
    transmitting endpoint. This includes the dynamic downloading of remote stub
    classes corresponding to particular remote object implementation classes
    (and used to contain remote references) as well as any other type that is
    passed by value in RMI calls, such as the subclass of a declared parameter
    type, that is not already available in the class loading context of the
    unmarshalling side."
    My question is: If a client invokes a method in the object residing in the
    weblogic server, passing as a parameter an object that the server doesn't
    know, will weblogic try to download the class from the client location?
    Continuing: later in the specification, one can read:
    "For every class descriptor read from an RMI marshal stream, the
    resolveClass method reads a single object from the stream. If the object is
    a String (and the value of the java.rmi.server.useCodebaseOnly property is
    not true), then resolveClass returns the result of calling
    RMIClassLoader.loadClass with the annotated String object as the first
    parameter and the name of the desired class in the class descriptor as the
    second parameter. Otherwise, resolveClass returns the result of calling
    RMIClassLoader.loadClass with the name of the desired class as the only
    parameter."
    So, can I set this property to false in the StartWebLogic.cmd file and
    expect weblogic not to download any unknown code? Will weblogic classloader
    understand it? What's the default behavior of weblogic server?
    By the way, I'm using WLS 4.5.1, in a windows NT environment.
    Thanks in advance.
    Andre Mendonca
    [email protected]
    "Andre Mendonca" <[email protected]> wrote in message
    news:[email protected]...
    Hello,
    I'm planning to create some client-server applications using the WebLogic
    RMI implementation but I'm a little bit worried about the security issues
    that can be raised.
    Basically, I don't know whether or not WebLogic provides dynamic class
    loading (RMIClassLoader). If so, how to prevent this to happen, since Iwant
    to make it sure that no hostile client will be able to hack my application
    in that it will download some classes that will mess with my data.
    Anybody has any comments on that?
    Thanks in advance for any help.
    Andre Mendonca
    [email protected]

  • RMI Security

    Hi all,
    I am fairly new to the whole RMI world, but my problem is this. I am currently developing an intranet site which has applets within it. To allow communication to the server I am currently developing an RMI server application. Th problem I have is with the Policy File. Does the client need to have the policy file? And how can I go about starting the RMIRegistry from within my application? as the server will be compiled down into a jar file for ease of use i.e. NO DOS PROMPT. A quick response would be greatfully appreciated,
    Cheers,
    Osh

    Another question I have, is now that I have managed to get the policy file to work within my JBuilder, but the problem I have is that when I create my jar file, it doesnt include the appropriate parameters for my VM. How do I go about adding this to my jar file, or am I just trying to do something that is completely stupid?

  • Question about argument marshalling with RMI.

    Hello guys,
    I recently started an RMI-related project and successfully implemented this technology, but at some point I created this interface on the server
    package xyz;
    import somePackage.SomeClass ;
    public interface A extends Remote{
    public void methodA( SomeClass x ) throws RemoteEx; //SomeClass is implementing interface A
    and exported it to the RemoteReg folowing standard RMI procedure.
    The problem came when i tried to pass a instance of SomeClass to methodA from the corresponding object retrived from the registry, got myself a nice
    java.rmi.MarshalException: error marshalling arguments; nested exception is:
         java.io.NotSerializableException: somePackage.SomeClass
    The question is: can't RMI pass arguments as shown previously or it's my implementation faulty?
    //ofc i could send the vars needed and create the SomeClass instance on the server but maybe it can be done this way too.

    Well the .class on the client implemented Serialize, while the .class from the server didn't(this being the only difference).So in other words 'yes, I had different versions of the .class file at the server and the client'.
    So in theory they might get different serialVersionsUID due to this discrepancyNo, in theory one of them isn't Serializable, so either the sender or the receiver is going to throw an exception of some kind.
    You have to deploy the same .class file at both ends (until you get into Versioning), and they certainly both have to implement Serializable. They also both have to have the same serialVersionUID, which you should hard-code into the class now.

  • Argument Passing In RMI

    In case of RMI, are arguments passed by Value or passed by reference?
    Please elaborate and explain as I am completely confused.

    Arguments to or return values from remote methods can be of almost any type, including local objects, remote objects, and primitive types. More precisely, any entity of any type can be passed to or from a remote method as long as the entity is an instance of a type that is a primitive data type, a remote object, or a serializable object, which means that it implements the interface java.io.Serializable.
    A few object types do not meet any of these criteria and thus cannot be passed to or returned from a remote method. Most of these objects, such as a file descriptor, encapsulate information that makes sense only within a single address space. Many of the core classes, including those in the packages java.lang and java.util, implement the Serializable interface.
    The rules governing how arguments and return values are passed are as follows.
    Remote objects are essentially passed by reference. A remote object reference is a stub, which is a client-side proxy that implements the complete set of remote interfaces that the remote object implements.
    Local objects are passed by copy, using object serialization. By default all fields are copied, except those that are marked static or transient. Default serialization behavior can be overridden on a class-by-class basis.
    Passing an object by reference (as is done with remote objects) means that any changes made to the state of the object by remote method calls are reflected in the original remote object. When passing a remote object, only those interfaces that are remote interfaces are available to the receiver; any methods defined in the implementation class or defined in nonremote interfaces implemented by the class are not available to that receiver.

  • Differences in setting a security manager

    Hello,
    what is the difference between installing a security manager using a system property like this:
    -Djava.security.manager=java.rmi.RMISecurityManagerand by executing the following at the beginning of the main method:
    if (System.getSecurityManager() == null) {
         System.setSecurityManager(new RMISecurityManager());
    }To my understanding of the various reference documentations for java security, they should be equivalent in the obtained result. In my case, however, the system property one doesn't work, that is classes are not downloaded dynamically; everything works fine with the java code solution.
    Many thanks,
    valerio

    Works for me.
    -Djava.security.manager=java.rmi.RMISecurityManagerThis argument needs to appear first on the command line, before any other -D and -jar arguments.
    NB the RMISecurityManager is obsolete, you can use java.lang.SecurityManager. See the Javadoc. You can just specify:
    -Djava.security.manager=defaultor just:
    -Djava.security.manager

  • Error: while generating SQL.java.rmi.ServerException:

    Hi:
    I tried the JGuru's "MusicStore" example. HOwever at Task 6 and 7 I am getting the following error:
    Error: while generating SQL.java.rmi.ServerException:
    RemoteException occured in server thread; nested exception is:
    * java.rmi.RemoteException: Error connecting to database;
    nested exception is:
    * SQL Exception: Failed to start database 'MusicStoreDB', see
    the next exception for details.
    Please make sure the database name/user/password is valid
    and the J2ee server and database are running.
    However when i check my database it is running perfectly:
    E:\>%j2ee_home%\bin\cloudscape -start
    Sun Feb 16 12:48:11 PST 2003: [RmiJdbc] Starting Cloudscape RmiJdbc Server Version
    Sun Feb 16 12:48:14 PST 2003: [RmiJdbc] COM.cloudscape.core.JDBCDriver registered i
    Sun Feb 16 12:48:14 PST 2003: [RmiJdbc] Binding RmiJdbcServer...
    Sun Feb 16 12:48:14 PST 2003: [RmiJdbc] No installation of RMI Security Manager...
    Sun Feb 16 12:48:14 PST 2003: [RmiJdbc] RmiJdbcServer bound in rmi registry
    Server:
    J2EE server listen port: 1050
    Naming service started:1050
    Binding DataSource, name = jdbc/DB2, url = jdbc:cloudscape:rmi:CloudscapeDB;crea
    te=true
    Binding DataSource, name = jdbc/Cloudscape, url = jdbc:cloudscape:rmi:Cloudscape
    DB;create=true
    Binding DataSource, name = jdbc/InventoryDB, url = jdbc:cloudscape:rmi:Cloudscap
    eDB;create=true
    Binding DataSource, name = jdbc/DB1, url = jdbc:cloudscape:rmi:CloudscapeDB;crea
    te=true
    Binding DataSource, name = jdbc/MusicStore, url = jdbc:cloudscape:rmi:MusicStore
    DB;create=false
    Binding DataSource, name = jdbc/XACloudscape, url = jdbc/XACloudscape__xa
    Binding DataSource, name = jdbc/XACloudscape__xa, dataSource = COM.cloudscape.co
    re.RemoteXaDataSource@1d88db7
    Starting JMS service...
    Initialization complete - waiting for client requests
    Binding: < JMS Destination : jms/Topic , javax.jms.Topic >
    Binding: < JMS Destination : jms/Queue , javax.jms.Queue >
    Binding: < JMS Cnx Factory : TopicConnectionFactory , Topic , No properties >
    Binding: < JMS Cnx Factory : QueueConnectionFactory , Queue , No properties >
    Binding: < JMS Cnx Factory : jms/QueueConnectionFactory , Queue , No properties
    >
    Binding: < JMS Cnx Factory : jms/TopicConnectionFactory , Topic , No properties
    >
    Starting web service at port: 8000
    Starting secure web service at port: 7000
    J2EE SDK/1.3.1
    Starting web service at port: 9191
    J2EE SDK/1.3.1
    J2EE server startup complete.
    Can anyone suggest me a way out..plz

    what type of persistent u r using also post ur query if bmp and check with another example with cmp.

  • GF 3.1.1 - java.security.AccessControlException: access denied - server.log

    I am upgrading an old NB4.1 produced JSP system that runs on Netscape iplanet to NB7.0.1 built JSP system running on Glassfish 3.1.1. I have four main files: login.html, login.jsp, ApplicationRmiConnection, and MenuManager.jsp . Three of four are working. The login.html is only a startup means to be sent to the login.jsp. The ApplicationRmiConnection is a servlet called by the login.jsp. It reads a properties file, establishes connection with the RMI and database (currently on the OLD system (Netscape iplanet)) which it does quite well. After the ApplicationRmiConnection is established and working the MenuManager.jsp . The first output from the MenuManager.jsp is a series of application.log calls for verification of data passed in from the successful ApplicationRmiConnection database read.
    How does GF 3.1.1 loose AccessControl permissions to the server.log to which it is writing? All I am using is application.log statements and it coughs, chokes, and quits.
    My output stacktrace is:
    INFO: PWC1412: WebModule[null] ServletContext.log():ApplicationRmiConnect: getRealPath("/") = [C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\applications\MyApplication\]
    INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: sParms - RMI Connect = com.company.rmi.ServerAppClientAdapter@19ca6bc
    INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: caught an Exception
    WARNING: StandardWrapperValve[jsp]: PWC1406: Servlet.service() for servlet jsp threw exception
    java.security.AccessControlException: access denied (java.io.FilePermission C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\logs\server.log read)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
    at java.io.File.exists(File.java:731)
    at com.sun.enterprise.server.logging.GFFileHandler.publish(GFFileHandler.java:676)
    at java.util.logging.Logger.log(Logger.java:481)
    at com.sun.logging.LogDomains$1.log(LogDomains.java:354)
    at java.util.logging.Logger.doLog(Logger.java:503)
    at java.util.logging.Logger.logp(Logger.java:619)
    at com.sun.enterprise.web.logger.IASLogger.write(IASLogger.java:127)
    at com.sun.enterprise.web.logger.LoggerBase.log(LoggerBase.java:190)
    at com.sun.enterprise.web.logger.IASLogger.log(IASLogger.java:57)
    at org.apache.catalina.core.StandardContext.log(StandardContext.java:6828)
    at org.apache.catalina.core.ApplicationContext.log(ApplicationContext.java:449)
    at org.apache.catalina.core.ApplicationContextFacade.log(ApplicationContextFacade.java:359)
    at org.apache.jsp.MenuMgr_jsp._jspService(MenuMgr_jsp.java from :533)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
    at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
    at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
    at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
    at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
    at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
    at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
    at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
    at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
    at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
    at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
    at java.lang.Thread.run(Thread.java:662)

    The problem area has been found. We need to know the best method to replace the two lines of code we commented out. Here is what we found.
    Glassfish 3.1.1 Security does not play well with old RMI security (JDK1.2 vintage). Furthermore, once the old RMI security has messed with the mind of GF3.1.1 security the GF security truly believes it has in some cases no permission to read its own server.log file.
    Here is the offending code commented out in the Server Client Adapter (client wrapper):
    Note: this is legacy rmi code. i.e. manually executed rmic on the appropriate classfiles as this was originally created for java 1.2.
    // if(System.getSecurityManager() == null)
    // System.setSecurityManager(new RMISecurityManager());
    remote = (com.davisco.rmi.ServerAppServantAdapter_Stub)Naming.lookup(stringbuffer.toString());
    A thank you goes out to www.velocityreviews.com/forums/t276590-access-denied-java-lang-runtimepermission-createsecuritymanager.html even if it is five years old.
    Again, this is using the original version of RMI. How do we re-implement the RMI Security Manager without offending GF 3.1.1 security?

  • Access denied security policy file

    All i a simple client which is trying to talk to a remote EJB. When i try and startup the client i get the following error.
    java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
         at java.security.AccessController.checkPermission(AccessController.java:427)
         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
         at java.lang.System.setProperty(System.java:699)
         at com.db.abmonitor.client.Client.example(Client.java:51)And i am calling it like
    System.setProperty("java.security.policy", "client.policy");
           if (System.getSecurityManager() == null)
           System.setSecurityManager(new RMISecurityManager());  And i have defined a client.policy file in the src directory of the project under eclipse, with the following entries
    grant {
         permission java.security.AllPermission;
    };Anyone got any ideas ?

    Ah RMI headaches...
    here is what i blogged for my own self when i was starting with the RMI security stuff:
    Since i havent figured out how to do SecurityManager stuff properly, i can override 2 checkPermission methods in SecurityManager with empty method bodies, thats a quick and dirty fix.
    - Alternativly, you can set your policy file located in /lib/security/java.policy to: http://java.sun.com/docs/books/tutorial/rmi/example-1dot2/java.policy
    - or pass the property to the policy location: -Djava.security.policy=./policy.all
    maybe that will help...
    i think that maybe your policy file isnt being found where it should be

  • RMI Client on Web browsers

    Hello All,
    I have a basic question about RMI. Usually we run RMI client like:
    java -dcodebase=http://mysite.com -djava.securit.policy=mypolicy.policy client
    Is it possible to run RMI client on web browsers, say, through Java servlet, Tomcat is installed?
    If possible, how to configure Tomcat and the client, may be servlet? I don't think RMI server need change.
    Thanks
    Chen

    Tomcat is for servers. Why would that change the
    client?Thanks for the reply. I want to put RMI client in Tomcat, the RMI client connect to RMI server (not in the Web server, some other place). The questionis :
    Every RMI client need start like this:
    java -Djava.rmi.security=my.policy myclient
    But in Tomcat, we only have classes. The servlet call the class(es) to finish the request and return response. In fact my question is how to provide security policy to these classes?
    Merry Xmas!
    CL

Maybe you are looking for