This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
Team, I have the default RMISecurityManager for the server. I am wondering wether i need to put in a SecurityManager for the client(with the policy file) . I did look at the previous posts and i am really not clear on this point. I would greatly appreciate any input on this. Thanks in advance Suchak Jani
You do not need a SecurityManager on either client or server if you simply package the RMI stubs in the client jar. The server does not need an RMISecurityManager, full stop. AFAIK the RMISecurityManager is only relevant for applications that need to download RMI stubs. If you want to impose security -- not a bad idea on server software -- you can use the ordinary SecurityManager. On the client side of things, you must use RMISecurityManager if you want stub downloading. Otherwise a security manager is largely unnecessary unless you regard the application as untrusted code. - Peter
Joined: Jan 24, 2002
Peter, This means that i can avoid the security manager altogether. I do have stubs in the client.jar. Regards Suchak Jani
Peter den Haan
Joined: Apr 20, 2000
You can omit them, if you want, although I personally have a preference for including a server security policy. A client-side policy is usually strictly optional. I would certainly discuss such decisions in your design documentation. At the time (> 2 years ago) I did not properly understand security & RMI so I used an RMISecurityManager on both ends. Just to make sure that I am not talking nonsense I dusted off the source today, removed the security manager from both ends and ran the application. It worked just fine. I then ran them using an ordinary SecurityManager instead of a RMISecurityManager. Fine again (unsurprisingly, knowing what I know now). - Peter [ April 15, 2002: Message edited by: Peter den Haan ]