• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SecurityManager confusion - RMI

 
Suchak Jani
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Team,
I have the default RMISecurityManager for the server.
I am wondering wether i need to put in a SecurityManager for the client(with the policy file) .
I did look at the previous posts and i am really not clear on this point.
I would greatly appreciate any input on this.
Thanks in advance
Suchak Jani
 
Sai Prasad
Ranch Hand
Posts: 560
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have the code below in my client factory and the remote server:
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You do not need a SecurityManager on either client or server if you simply package the RMI stubs in the client jar.
The server does not need an RMISecurityManager, full stop. AFAIK the RMISecurityManager is only relevant for applications that need to download RMI stubs. If you want to impose security -- not a bad idea on server software -- you can use the ordinary SecurityManager.
On the client side of things, you must use RMISecurityManager if you want stub downloading. Otherwise a security manager is largely unnecessary unless you regard the application as untrusted code.
- Peter
 
Suchak Jani
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Peter,
This means that i can avoid the security manager altogether.
I do have stubs in the client.jar.
Regards
Suchak Jani
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can omit them, if you want, although I personally have a preference for including a server security policy. A client-side policy is usually strictly optional.
I would certainly discuss such decisions in your design documentation.
At the time (> 2 years ago) I did not properly understand security & RMI so I used an RMISecurityManager on both ends. Just to make sure that I am not talking nonsense I dusted off the source today, removed the security manager from both ends and ran the application. It worked just fine. I then ran them using an ordinary SecurityManager instead of a RMISecurityManager. Fine again (unsurprisingly, knowing what I know now).
- Peter
[ April 15, 2002: Message edited by: Peter den Haan ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic