aspose file tools*
The moose likes Distributed Java and the fly likes RMI Client authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Distributed Java
Bookmark "RMI Client authentication" Watch "RMI Client authentication" New topic
Author

RMI Client authentication

Dayashankar Dubey
Greenhorn

Joined: Apr 10, 2006
Posts: 6
I am working on client/server architecture wherein I am using RMI to remotely access the server object. Here I call method(set and get method) on the object which will do database update or insert . Presently RMI does not provide authentication of client so any client who is able to get the stub can call the gettter and setter method. Therefore any client can modify my database.
Can any one tell me how can I avoid this?
Is there any way out to authenticate the client and ensure that only authenticated client calls the RMI Objects.
Nathan Pruett
Bartender

Joined: Oct 18, 2000
Posts: 4121

RMI over SSL? Require clients to "register" with a name and password before calling methods - check in other methods if the client has registered yet or not (using UnicastRemoteObject.getClientHost() to couple a client with a username/password...)?


-Nate
Write once, run anywhere, because there's nowhere to hide! - /. A.C.
Dayashankar Dubey
Greenhorn

Joined: Apr 10, 2006
Posts: 6
Originally posted by Nathan Pruett:
RMI over SSL? Require clients to "register" with a name and password before calling methods - check in other methods if the client has registered yet or not (using UnicastRemoteObject.getClientHost() to couple a client with a username/password...)?


Suppose i have my client software running on the client machine, and as the stub is downloaded on the cient from server, I can run another software which can even access the stub classes without though having RMI over SSL....Can you tell me how it can be prevented? Since once stub is available on the client machine, any other software can use it to ake a remote method call
Nathan Pruett
Bartender

Joined: Oct 18, 2000
Posts: 4121

Sorry - I couldn't understand some of your question...

How can "another software access stub classes"? It sounds like you are dynamically downloading stubs from the server - how is this "other" getting the stub classes?

"without though having RMI over SSL" does this mean that you aren't using RMI over SSL? Or that RMI over SSL isn't preventing "invalid" clients from making calls on the stubs?

"Since once stub is available on the client machine, any other software can use it to ake a remote method call" If you are dynamically downloading stubs from the server, the stub "class" should only exist inside the running JVM of the client that downloaded it - it shouldn't create an actual class file on the client or anything.
Sergey Ponomarev
Greenhorn

Joined: May 29, 2011
Posts: 1
I tried to find some RMI authentification code with no success. So i made small library that allows to perform login/password authentification for rmi connections. It implemets a socket factory which sends and checks login and password on socket creation.

https://code.google.com/p/rmiauth/

I post here beacause it is the 3rd link in google search for "rmi authentification" keywords and i think this could be usefult for other people. Please don't blame me for posting to dead thread.
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11460
    
  94

We actually welcome posts to older threads when they add value, so no problems there. Thanks for letting us know about the library.


The Sun Certified Java Developer Exam with J2SE 5: paper version from Amazon, PDF from Apress, Online reference: Books 24x7 Personal blog
 
Don't get me started about those stupid light bulbs.
 
subject: RMI Client authentication