How do I setup a Servlet as an RMI client (and not get an RMI Security exception in the process)?

Dieter Wimberger

I think this depends a lot on the JDK you are using to run your Servlet Engine.

  • Platform 2 (JDK 1.2, 1.3): take a look at the security policy. Refer to the documentation for setting correct java.net.SocketPermission entries, plus maybe File Access Permissions and in some cases ClassLoader permissions.
  • Platform 1 (JDK 1.1.x): The only real way I found to circumvent my problems was to implement my own RMI SecurityManager. Therefore simply extend the java.rmi.RMISecurityManager class and implement your own policy overriding specific permission check methods. Most likely those will be: checkConnect, checkRead, checkWrite. But I suggest to examine the API doc of the RMISecurityManger to find out more.

To set that SecurityManager you have to add following line to your Servlet init() method:

//set RMI Security Manager<br> System.setSecurityManager(new WebSpaceSecurityManager());