• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Devaka Cooray
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Martijn Verburg
  • Frits Walraven
  • Himai Minh

why security manager doesn't work?

 
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm practising the code of book <Java RMI>(O'reilly).
when I doesn't use the security manager, I can run my RMI application.
Here is the command:


But when I add the security manager, It throws exception.
Here is the command:


Here is the exception:

java.security.AccessControlException: access denied (java.net.SocketPermission 1
27.0.0.1:1099 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at java.rmi.Naming.rebind(Unknown Source)
at com.ora.rmibook.chapter9.applications.ImplLauncher.launchServer(ImplL
auncher.java:26)
at com.ora.rmibook.chapter9.applications.ImplLauncher.main(ImplLauncher.
java:18)

There should be no problem with the policy file. Book says this policy file works for all RMI codes of the book.Here is the policy file.

grant codeBase "file://E:/Programs/temp/JavaRMI/classes" {
permission java.awt.AWTPermission "accessClipboard";
permission java.awt.AWTPermission "accessEventQueue";
permission java.awt.AWTPermission "listenToAllAWTEvents";
permission java.awt.AWTPermission
"showWindowWithoutWarningBanner";
permission java.awt.AWTPermission "readDisplayPixels";
permission java.net.SocketPermission ":1024-",
"accept, connect, listen, resolve";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.io.FilePermission "<<ALL FILES>>", "delete";
permission java.util.PropertyPermission "*", "read, write";
};


So, I want to know what's wrong with the "rebind", why I can't use the security manager.

Any help or advice will be appreciated
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you sure about the format of that path? My policy files look like
grant codeBase "file:c:/Servers... /classes/-"
not file://c:.... ./classes


Why don't you try
permission java.security.AllPermission;
- if that works you can back off to more specific permissions, if it doesn't then you need to look at the way the codeBase is stated.
Bill
 
Jimmy Chen
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you William, You are right! I don't know why the author writes in that way.


Besides, I find difficulty in understanding a sentence in this book, which says: "You don't have to use a security manager with your RMI application. The only basic feature of RMI that won't work is dynamic classloading. However, both the RMI registry and the activation daemon do use security policies".

Although RMI registry uses the security policies why "You don't have to use a security manager with your RMI application"? It seems inconsistent.

Actually, I can run rmiregistry and RMI application without the security manager.

So, who can help me to resolve this apparent conflict?

Many, many, many, many thanks!!!
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic