I'm practising the code of book <Java RMI>(O'reilly). when I doesn't use the security manager, I can run my RMI application. Here is the command:
But when I add the security manager, It throws exception. Here is the command:
Here is the exception:
java.security.AccessControlException: access denied (java.net.SocketPermission 1 22.214.171.124:1099 connect,resolve) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkConnect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.<init>(Unknown Source) at java.net.Socket.<init>(Unknown Source) at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S ource) at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S ource) at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source) at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source) at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source) at sun.rmi.server.UnicastRef.newCall(Unknown Source) at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source) at java.rmi.Naming.rebind(Unknown Source) at com.ora.rmibook.chapter9.applications.ImplLauncher.launchServer(ImplL auncher.java:26) at com.ora.rmibook.chapter9.applications.ImplLauncher.main(ImplLauncher. java:18)
There should be no problem with the policy file. Book says this policy file works for all RMI codes of the book.Here is the policy file.
Are you sure about the format of that path? My policy files look like grant codeBase "file:c:/Servers... /classes/-" not file://c:.... ./classes
Why don't you try permission java.security.AllPermission; - if that works you can back off to more specific permissions, if it doesn't then you need to look at the way the codeBase is stated. Bill
Joined: Apr 11, 2005
Thank you William, You are right! I don't know why the author writes in that way.
Besides, I find difficulty in understanding a sentence in this book, which says: "You don't have to use a security manager with your RMI application. The only basic feature of RMI that won't work is dynamic classloading. However, both the RMI registry and the activation daemon do use security policies".
Although RMI registry uses the security policies why "You don't have to use a security manager with your RMI application"? It seems inconsistent.
Actually, I can run rmiregistry and RMI application without the security manager.
So, who can help me to resolve this apparent conflict?