Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

why security manager doesn't work?

 
Jimmy Chen
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm practising the code of book <Java RMI>(O'reilly).
when I doesn't use the security manager, I can run my RMI application.
Here is the command:


But when I add the security manager, It throws exception.
Here is the command:


Here is the exception:

java.security.AccessControlException: access denied (java.net.SocketPermission 1
27.0.0.1:1099 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at java.rmi.Naming.rebind(Unknown Source)
at com.ora.rmibook.chapter9.applications.ImplLauncher.launchServer(ImplL
auncher.java:26)
at com.ora.rmibook.chapter9.applications.ImplLauncher.main(ImplLauncher.
java:18)

There should be no problem with the policy file. Book says this policy file works for all RMI codes of the book.Here is the policy file.

grant codeBase "file://E:/Programs/temp/JavaRMI/classes" {
permission java.awt.AWTPermission "accessClipboard";
permission java.awt.AWTPermission "accessEventQueue";
permission java.awt.AWTPermission "listenToAllAWTEvents";
permission java.awt.AWTPermission
"showWindowWithoutWarningBanner";
permission java.awt.AWTPermission "readDisplayPixels";
permission java.net.SocketPermission ":1024-",
"accept, connect, listen, resolve";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.io.FilePermission "<<ALL FILES>>", "delete";
permission java.util.PropertyPermission "*", "read, write";
};


So, I want to know what's wrong with the "rebind", why I can't use the security manager.

Any help or advice will be appreciated
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13061
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you sure about the format of that path? My policy files look like
grant codeBase "file:c:/Servers... /classes/-"
not file://c:.... ./classes


Why don't you try
permission java.security.AllPermission;
- if that works you can back off to more specific permissions, if it doesn't then you need to look at the way the codeBase is stated.
Bill
 
Jimmy Chen
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you William, You are right! I don't know why the author writes in that way.


Besides, I find difficulty in understanding a sentence in this book, which says: "You don't have to use a security manager with your RMI application. The only basic feature of RMI that won't work is dynamic classloading. However, both the RMI registry and the activation daemon do use security policies".

Although RMI registry uses the security policies why "You don't have to use a security manager with your RMI application"? It seems inconsistent.

Actually, I can run rmiregistry and RMI application without the security manager.

So, who can help me to resolve this apparent conflict?

Many, many, many, many thanks!!!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic