Is it possible for the RMI server to access it's version of db.db (or any file or directory on the same system) without granting it permission in java.policy? I don't know that much about RMI and this seems to be the only method I could find to do it. I'm trying to keep command line parameters and configuration to a minimum. Any advice will be appreciated. Thanks.
I have successfully implmented my RMI server so that it accesses db.db without granting it permission in java.policy (unless this is happening in the background without me knowin it, but I don't think so). There is a GREAT example of how to do RMI in O'Reilly's Java Network Programming. It makes it quite simple. With Respect, Matt
I figured out the problem to be RMISecurityManager. As an alternative to editing java.policy, you can make your own security manager by extending RMISecurityManager and overriding the appropriate checkXXX methods to implement your own policy programatically. This security manager can then be used to set the rmi server security manager.
That's interesting. According to Sun's tutorial ... "All programs using RMI must install a security manager, or RMI will not download classes (other than from the local class path) for objects received as parameters, return values, or exceptions in remote method calls. This restriction ensures that the operations performed by downloaded code go through a set of security checks." Are you running your server on a separate machine? I guess it makes sense that you could get by without the security manager if you aren't downloading any code - I'm not in my design. However, it never hurts to have security implemented.
Vin--I'll have to look into this. You have me concerned now. I ran in two separate VMs and thought that all was well, but now I'll have to make certain. Thans for the info. I still think all is well, but it is definately something for me to check. With Respect, Matt DeLacey
Matt in the Oreilly;s book example did you use the RMI fibonacci example in the 2nd edition book or did you use the first edition. I can't get my server to run I get an error Object already exported. I understand this to mean another JVM is running on port 1099. Any help greatly appreciated. Thanks Ray
vin/Matt, I am not using RMI Security manager and i tested it running the server in different machine.it is working fine.But i have a feeling i am doing some thing wrong. To implement netwrok mode in rmi, i have created 1)a interface which extends Remote 2)a class which extends UnicastRemoteObject and implements the interface 3)a class to start which binds and starts the server. 4)client class to connect to the server. I am constructing the Data class object in the implementation class(2).and i am giving the path as "c:\bla\bla\db\db.db".
can you tell me i am doing anything wrong? with respect joey
I don't think you are doing anything wrong - especially since it is working. However, you chose to not implement security. Sun's tutorial seems to stress the importance of security and Oreilly's book doesn't. I am just learning rmi with this project and am not sure how important or practical rmi server security is, but since sun is grading the exam I think I'll stick with their opinion and direction. Anyone else have any insight on this? Also according to the tutorial, you need to change java.policy to allow the remote rmi connection. I think by implementing your own security manager, you could do this in code and eliminate the need to reference java.policy in your project or mention it in the documentation.
Hey Vin, I just learned RMI, too. That's why I was uncertain of myself when you brought the subject up. I still am, but I'm thinking that mine works fine without defining any security stuff. I WAS basing my work on the example in the O'reilly book (the Fibonacci example), and I BELIEVE it's version 2, but the book is at work. I will confirm tomorrow. Anyway, I THINK it's running fine, but one more test tomorrow is required to totally convince myself. Anyway, it's good you brought this up because we should all be aware of it, even if it is no longer valid (which is up for debate right now as far as I am concerned). Thanks for bringing about the awareness.
Just to clarify. I did get my project up and running on two different computers (in different parts of the city, no less!), and it worked fine without setting any security settings or permissions or anything of the sort. Perhaps you only need to do the security stuff if you are using a class loader. I'm not sure, but I THINK that is the case. With Respect, Matt DeLacey
Hi, you'll only need a security file if you compile the whole thing and then distribute only a subset of the .class files to the client or the server. Only then will the classloader try to load over the network the definitions of those classes that it doesn't have locally. If both client and server have all the .class files then there shouldn't be a problem. Hope this helps, Dave