RMI access problems with WebSphere 5.0

Trying to connect to a remote server using RMI. I have run rmic, I have copied the stub files to my local drive, and I have started the server with what I think are the correct -Djava.rmi.codebase and -Djava.security.policy arguments. However, when I get to this point in my Client Code, an IBM proprietary class (src/classes/sov/java/util/Timer.java) kills the Thread. I am using WSAD 5.0, and here is the code in question:

if (System.getSecurityManager() == null)
{
System.out.println("Setting SecurityManager...");
System.setSecurityManager(new RMISecurityManager());
} else {
System.out.println("Security Policy is Set");
}

I added this to the java.policy file:

grant codeBase "file:///C:/ccm_wa/ProjectName/WEB-INF/lib/AutoTestStubs/*"{
permission java.security.AllPermission;
}

Then I am getting this access error.

[5/10/05 10:52:17:656 EDT] 52881425 SystemErr R Client exception: java.security.AccessControlException: access denied (java.net.SocketPermission hyperion resolve)
[ May 10, 2005: Message edited by: Rebecca Hopper ]

To eliminate the WebSphere problem, I have moved the package out of the J2EE project it was in and am running it as a separate Java Application. I am now getting the same stupid SocketPermissions error that everyone else gets when setting this up.

These are the commands I use to start up my server (on UNIX)

rmiregistry &

java -Djava.rmi.server.codebase=file:///v2k_users/hopperr/java -Djava.security.policy=file:///v2k_users/hopperr/java/com/lmig/pm/workflowadmin/remote/security.policy
com.lmig.pm.workflowadmin.remote.AutotestServerImpl

These are the VM arguments I use to start up my client (on Win2K): -Djava.security.policy="C:\\wsadWorkspaces\\AutoTest\\AutoTest\\security.policy -Djava.rmi.server.codebase="C:\\wsadWorkspaces\\AutoTest\\AutoTest\\stubs

This is my security.policy on the client:

//security.policy for AutotestServerImpl
grant codeBase "file:///C:/wsadWorkspaces/AutoTest/AutoTest/*"{
permission java.security.AllPermission;
//WSAD Console says "RMI Connector available at port 2809"
permission java.net.SocketPermission "localhost:2809", "accept, connect, listen, resolve";
permission java.net.SocketPermission "{servername}:1099", "accept, connect, listen, resolve";
}

This is the error I am getting:

Client exception: java.security.AccessControlException: access denied (java.net.SocketPermission {servername} resolve)
java.security.AccessControlException: access denied (java.net.SocketPermission {servername} resolve)

On the IBM Website, it says that the security file for a WAS application has to be named was.policy and it has to be in the EAR/META-INF dir. Also, you are supposed to use their "policy tool" to create it. I did this, and it didn't help. But, for those interested, here is the URL to the info: http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_javapolicy.html

It also has some info on security.policy files in general. It is so hard to find things on their website, I was trying to find this yesterday but didn't until I did a google search on "java.util.PropertyPermission", go figure!

What is the packaging structure of your application?

I'm asking because of that "stubs" directory under C:/wsadWorkspaces/AutoTest/AutoTest/ in your example. If it's just a subdirectory, change the URL in your security policy to

Looks weird, but I came across this in the Sun documentation on policy file implementation. The trailing "-" includes all class files, JAR files in that directory and recursively in all subdirectories, whereas "*" only matches class files and JAR files in that specific directory.

On the other hand, if "stubs" is a package then your java.rmi.server.codebase property needs to be changed