Some Java books show RMI code in which the security manager is set to RMISecurityManager on the server side of an RMI application. Is there any reason to invoke RMISecurityManager on the server side of an RMI application?
Created May 4, 2012
Avi Kak There really is no reason to set the security manager to
RMISecurityManager if an RMI program has a purely server role on all its
communication links. RMISecurityManager (and user-defined security
managers obtained by extending RMISecurityManager) are for subjecting
the dynamically loaded classes by a client application to security
control. If a client does not need to dynamically load any classes from
a server (or any other remote source), there is no reason to use
RMISecurityManager on the client side either.