PLEASE HELP - RMI Security Policy Example
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Con_Lu
Posted On:   Tuesday, June 3, 2003 10:30 PM

I will firstly describe how my RMI example works fine WITHOUT a Security Manager. Then I will describe the problems when running WITH a Security Manager WITHOUT A SECURITY MANAGER The following files are included in directory C:ABC ank on machine C1 BankInterface.class ASBBank.class (Remote object implementing BankInterface.class) ASBBank_Skel.class ASBBank_Stub.class ATMServer.class The following files are included in directory C:DEF ank on machine C2 BankInterface.class ASBBank_Skel.class ASBBank_Stub.class ATMClient.class Steps when run successfully without a security manager    More>>

I will firstly describe how my RMI example works fine WITHOUT a Security Manager. Then I will describe the problems when running WITH a Security Manager



WITHOUT A SECURITY MANAGER

The following files are included in directory C:ABC ank on machine C1

BankInterface.class

ASBBank.class (Remote object implementing BankInterface.class)

ASBBank_Skel.class

ASBBank_Stub.class

ATMServer.class



The following files are included in directory C:DEF ank on machine C2

BankInterface.class

ASBBank_Skel.class

ASBBank_Stub.class

ATMClient.class



Steps when run successfully without a security manager

On C1

1) Set classpath to c:ABC

2) Go to c:ABC

3) Type command: start rmiregistry 2010

4) Start server by: java bank.ATMServer C1:2010



On C2

1) Set classpath to c:DEF

2) Go to c:DEF

3) Type command: java bank.ATMClient C1:2010



Program works!!!



WITH A SECURITY MANAGER

When using a security policy file the following changes are made:-



On C1

1) ATMServer main method is changed to include following code:-

			
if(System.getSecurityManager() == null)
System.setSecurityManager(new RMISecurityManager());


2) Create security policy file c:securityjava.policy as follows:-


			
grant {
permission java.net.SocketPermission "*:1024-65535", "connect,accept";
};


Steps when run unsuccessfully

On C1

1) Go to c:ABC

2) Type command: start rmiregistry 2010

3) Start server by: java
-Djava.security.policy=c:securityjava.policy bank.ATMServer C1:2010

4) Result:Error - java.security.AccessControlException: access denied (java.net.SocketPermission C1 resolve)



QUERIES:

1)What am I doing wrong – how can I get the application to work?


2)Even if I got the server to work on C1, is it necessary to create a separate security policy for C2, as well as set a Security Manager in ATMClient similar to in ATMServer?


3)Could it be that other security policies (some also named java.policy) for other applications (such as WebLogic etc) on my machine are overriding my specific security policy file?


Any help would be very much appreciated, as I am getting very frustrated !

   <<Less

Re: PLEASE HELP - RMI Security Policy Example

Posted By:   Jouko_Johansson  
Posted On:   Wednesday, June 4, 2003 12:35 AM

Try to modify the policy line like this
permission java.net.SocketPermission "*:1024-65535", "connect,accept, resolve";
};

You should also concider that is it ok to allow connect anywhere to upper ports. Maybe little bit restricted be better.

- Jouko
About | Sitemap | Contact