• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 979
  • Last Modified:

RMI running on Local host got access exception?

Hi ,
I am trying to run RMI client, RMI registry and server all on the same PC. However got access Exception error, when trying to run the server prog.

The server prog is as follow:
import java.rmi.*;
import java.rmi.server.*;
import java.util.*;
import java.io.* ;
import java.net.* ;


public class RemoteServerManager extends UnicastRemoteObject
                                implements RemoteServer
{
    public RemoteServerManager() throws RemoteException
    {
    }

    public void closeConnection(int id) throws RemoteException
    {
    }
   
    public static void main(String[] args)
    {
        System.out.println("Starting Server...") ;
       
        System.setSecurityManager(new RMISecurityManager()) ;
       
        try
        {
            RemoteServerManager RServerManager = new                                                  RemoteServerManager() ;
            //String serverObjectName = "//localhost/TempServer" ;
            String serverObjectName = "TempServer" ;

            Naming.rebind(serverObjectName, RServerManager) ;
        }
        catch(Exception e)
        {
            System.out.println("RemoteServerManager.main: an exception occured:" + e.getMessage()) ;
           e.printStackTrace() ;
                      
        }
    }              
}

After running the rmiregistry task, when trying to bind an rmi server object to the rmi registry using the Naming.rebind() function.  
I get the following exception:  

            "Uncaught exception: java.security.AccessControlException:
                access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:195) at java.security.AccessController.checkPermission(AccessController.java: java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
                    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1021)
                    at java.net.Socket.<init>(Socket.java:258)
                    at java.net.Socket.<init>(Socket.java:98)
                    at
                sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:29)
                    at
                sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:124)
                    at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:497)
                    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:194)
                    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:178)
                    at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
                    at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
                    at java.rmi.Naming.rebind(Naming.java:165)
                    at RemoteServerManager.main(RemoteServerManager.java:67)          

I tried to run with and without the network on. With the network, the above happen. Without the network, the PC will ask for one.

Could any good friend please give suggestion? Thank you very much.

regards Jo
0
HuangJo
Asked:
HuangJo
  • 4
  • 4
  • 4
1 Solution
 
sgomsCommented:
'cos of security restrictions in java uve got this error. what u need to do is specify a policy file & override ur current policy file with this file.

grant {
    permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve";
    permission java.net.SocketPermission "*:80", "connect";
    permission java.awt.AWTPermission "accessEventQueue";
    permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
  permission java.util.PropertyPermission "user.home", "read";
  permission java.io.FilePermission "${user.home}/text.txt", "write";
  permission java.io.FilePermission "${user.home}/text2.txt", "read";

};

save the above as java.policy

Run ur server using this policy file,
java -Djava.rmi.server.codebase=file:c:\home\monicap\public_html\classes  -Djava.rmi.server.hostname=kq6py.eng.sun.com
-Djava.security.policy=java.policy RemoteServer

Run ur client using the policy,
java -Djava.rmi.server.codebase=file:c:\home\monicap\classes\
-Djava.security.policy=java.policy RMIClient1 kq6py.eng.sun.com

modify other info according to ur class file name.

-sgoms



0
 
Ravindra76Commented:

Hi HuangJo,

Other wise You can do one thing.
for no future headaches.

grant {
      // Allow everything for now
      permission java.security.AllPermission;
};

Write the above text in java.policy file present in the following directory

c:\jdkhome\jre\lib\security.
c:\program files\javasoft\jre\1.2\lib\security

And you can run your programs normally
without any specifications.


Best of luck
0
 
Ravindra76Commented:
Hi  HuangJo,


jdkhome is yours java installation directory.

Otherwise use find tool where java.policy presented in the system.
Replaca all java.policy with the above

 
grant {
// Allow everything for now
permission java.security.AllPermission;
};

Best of luck
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
HuangJoAuthor Commented:
Hi my helpful friends...thank you very much for the suggestions.
I have tried the method from ravindra76, and it work well, no more exception error. As for the method from sgoms, which is more precise, however I still got some problem, might be due to something that I have done wrong, will try again.  

However may I ask, theoretically can I just insert the statement

permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve";

into the java.policy file only? If yes, I have tried this method, but not working, do you know why? Thank you very much.

regards Jo
0
 
Ravindra76Commented:

Hi HuangJo,

 Enjoy with this URL.

 IT will solve all your doubts about persmissons.

http://www.eurocom.od.ua/~sasha/books/java/JavaUnleashed_1.2/ch03/ch03.htm


 Best of luck
0
 
Ravindra76Commented:
HI HuanqJo,


Try with this.

permission java.net.SocketPermission "localhost:1024-", "connect,accept,resolve";

It fails, try to substite ip address in place of localhost.

Best of luck
0
 
sgomsCommented:
HuanqJo,

Yes you need to specify these permissions in the java.policy file & run ur server & client using this permission file,

when u say -J-Djava.security.policy=java.policy ( u can name ur policy file as mypolicy too..)
basically what u r doing is adding java.policy specifications in addition to the policy alreday specified for the java run timr environment. you can chk out this file at,
...\jdk1.2.1\jre\lib\security\

When u use == like,
-J-Djava.security.policy==java.policy then ur specifying the runtime environment to use java.policy file ONLY. Only the permissions set in java.policy file will be effceted.

generally u use =

you need to single out the exceptions being thrown by ur app & fine tune ur permisions. all permission will solve ur problem 7 for a beginner that's ok. but later chk out the exceptions & try to figure out the respect permission that needs to be given.

all the best.
-sgoms


0
 
HuangJoAuthor Commented:
Thank you ravindra76 and sgoms.

I have tried adding

permission java.net.SocketPermission "localhost:1024-", "connect,accept,resolve";

in the main java.policy file both in jdkhome and javasoft.

Found that I need to connect to the network, in order for it to work. As for the "all permisson" method, I do not need to do so. Strange...

I agreed with sgoms, that I need to single out the exception, for security and learning. But I am still a beginner, therefore might need to learn more on the all kind of permissions 1st.
Thank you ravindra76 for giving me the site.

regards Jo
0
 
HuangJoAuthor Commented:
Hi sgoms

Actually I do not understand the below statment:
java Djava.rmi.server.codebase=file:c:\home\monicap\public_html\classes  -Djava.rmi.server.hostname=kq6py.eng.sun.com

Why we need to specify
Djava.rmi.server.codebase=file:c:\home\monicap\public_html\classes

and

-Djava.rmi.server.hostname=kq6py.eng.sun.com ???

Must I always run with this option to run the RMI application?

regards Jo
0
 
sgomsCommented:
the -Djava.rmi.server.codebase specifies where your code is located. i.e where your server code is located.

-Djava.rmi.server.hostname specifies your host.
you have to equate it to YOUR directory & YOUR host.
That was just a example i picked up.

When you start the server, you need to specify, using the java.rmi.server.codebase property, where the server's classes will be made available.

The java.rmi.server.codebase property specifies the location, a code base URL, of classes originating from this server so that class information for objects sent to other virtual machines will include the location of the class so that a receiver can load it. If the code base specifies a directory (as opposed to a JAR file), you must include the trailing slash in the code base URL.


The java.rmi.server.hostname property indicates the fully qualified host name of your server. In some networked environments a fully qualified host name is not obtainable by using the Java APIs. RMI makes a best-effort attempt to obtain the fully qualified host name. If one cannot be determined, it will fall back and use the IP address. To ensure that RMI will use a host name that is usable from potential clients, you may want to set the java.rmi.server.hostname property as a safety measure.
             
The java.security.policy property is used to specify the policy file that contains the permissions you intend to grant specific code bases.

-sgoms
0
 
HuangJoAuthor Commented:
Thank you sgoms,

however may I know that how do I know the host name of my PC? Could I just put it as "localhost"? Since my Server and Client will both on the same PC? Also must I always connect to the network, when testing the prog? Sorry for my ignorance. Thank you very much.

regards Jo
0
 
sgomsCommented:
You can get the localhost using, InetAddress.getLocalHost().getHostName()

what do u mean by connect to network? you can have a standalone machine & work with rmi by making the same pc as server/client. Still u have to specify the permissions 'cos sockets will be opened on the local host(which will most propably be named as "127.0.0.1" or "127.0.0.0")

-sgoms
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now