Security Issues with Dynamic Loading

Hi,

I am trying to run a simple RMI example that uses dynamic class loading but I am hitting a problem I cannot get around - can anyone help?

The problem I am getting is that when I run my client program I get the exception listed at the bottom of my post.

I have the following in my server class called WarehouseServer:

I have the a server.policy file located in the same folder as my server class:

I run my server using the following command:

java -Djava.rmi.server.codebase=http://localhost:8080/ WarehouseServer

I have also tried running the server using this command:

java -Djava.rmi.server.codebase=http://localhost:8080/ -Djava.security.policy=server.policy WarehouseServer

But on both occasions I get the same exception when running my client program.

Any idea?

Cheers,

Sean.

=====================================================================

Exception in thread "main" java.rmi.UnmarshalException: error unmarshalling return; nested exception is: java.lang.ClassNotFoundException: Book (no security manager: RMI class loader disabled) at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:178) at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178) at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132) at $Proxy0.getProduct(Unknown Source) at WarehouseClient.main(WarehouseClient.java:32) Caused by: java.lang.ClassNotFoundException: Book (no security manager: RMI class loader disabled) at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:375) at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:165) at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:620) at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:247) at sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:197) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1731) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350) at sun.rmi.server.UnicastRef.unmarshalValue(UnicastRef.java:306) at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:155) ... 4 more

The fact that the class not found refers to "Book" without any package is what I would look into.

If the class you are trying to load is indeed not is a specified package, that may be your problem. The normal JVM class loader looks in the "current" directory if no package is specified.

Bill

Thanks for the reply William. I tracked down what the problem was - I only had the security manager and policy set up in the server; I didn't have it set up in the client. God these RMI errors can be obscure at times.

For anyone else that may come across it this. I was following an example from this chapter 10 of this book Core Java, Vol. 2: Advanced Features, 8th Edition. The example outlines setting up the security manager and policy in the server, but fails to mention that you also need to set this up in the client. When you download the code associated with the book from the website, you'll see that the client indeed has the security manager and policy set up.