aspose file tools*
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes SecurityManager confusion  - RMI Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Bookmark "SecurityManager confusion  - RMI" Watch "SecurityManager confusion  - RMI" New topic
Author

SecurityManager confusion - RMI

Suchak Jani
Ranch Hand

Joined: Jan 24, 2002
Posts: 68
Team,
I have the default RMISecurityManager for the server.
I am wondering wether i need to put in a SecurityManager for the client(with the policy file) .
I did look at the previous posts and i am really not clear on this point.
I would greatly appreciate any input on this.
Thanks in advance
Suchak Jani
Sai Prasad
Ranch Hand

Joined: Feb 25, 2002
Posts: 560
I have the code below in my client factory and the remote server:
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
You do not need a SecurityManager on either client or server if you simply package the RMI stubs in the client jar.
The server does not need an RMISecurityManager, full stop. AFAIK the RMISecurityManager is only relevant for applications that need to download RMI stubs. If you want to impose security -- not a bad idea on server software -- you can use the ordinary SecurityManager.
On the client side of things, you must use RMISecurityManager if you want stub downloading. Otherwise a security manager is largely unnecessary unless you regard the application as untrusted code.
- Peter
Suchak Jani
Ranch Hand

Joined: Jan 24, 2002
Posts: 68
Peter,
This means that i can avoid the security manager altogether.
I do have stubs in the client.jar.
Regards
Suchak Jani
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
You can omit them, if you want, although I personally have a preference for including a server security policy. A client-side policy is usually strictly optional.
I would certainly discuss such decisions in your design documentation.
At the time (> 2 years ago) I did not properly understand security & RMI so I used an RMISecurityManager on both ends. Just to make sure that I am not talking nonsense I dusted off the source today, removed the security manager from both ends and ran the application. It worked just fine. I then ran them using an ordinary SecurityManager instead of a RMISecurityManager. Fine again (unsurprisingly, knowing what I know now).
- Peter
[ April 15, 2002: Message edited by: Peter den Haan ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SecurityManager confusion - RMI