Solved

Running RMI out of the Localhost

Posted on 2002-07-10
24
428 Views
Last Modified: 2013-12-29
Hello, everybody
I have an application that runs ok under the localhost using RMI.

I also have Apache HTTP server and I am trying to make RMI to run out of just my computer.

Although it sounds trivial I face some security exceptions and I cannot find the problem.

I will tell you all the informations:
The policy file of the server is:
grant
{
    permission java.io.FilePermission "C:\\2k\\Program Files\\apa\\webapps\\ROOT\\WEB-INF\\classes\\game/-", "read";
     permission java.net.SocketPermission "http://<ip_address>:8080", "connect,accept";
     permission java.net.SocketPermission "http://<ip_address>:8080/WEB-INF/classes/game/server/", "connect,accept,resolve";
     permission java.net.SocketPermission "http://127.0.0.1:8080/WEB-INF/classes/game/server/", "connect,accept,resolve";    
     
    permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve";
    permission java.net.SocketPermission "*:80", "connect,accept,resolve";      
         
};

I know that I do not need all these but I type them there during my adventure to solve the problem.

I placed the package at the following directory:
C:\2k\Program Files\apa\webapps\ROOT\WEB-INF\classes\game\server

The batch file that starts the server is that:
set classpath=C:\2k\Program Files\apa\webapps\ROOT\WEB-INF\classes\game\server;
java -Djava.rmi.server.codebase=http://<ip_address>:8080/WEB-INF/classes/game/server/ -Djava.rmi.server.hostname=<ip_address>:8080 -Djava.security.policy=%CATALINA_HOME%/webapps/ROOT/WEB-INF/classes/game/java.policy StartServer player1Name black.gif human Giorgos red.gif human fevga

And finaly the StartServer.java has the following code which raises the error:

          if (System.getSecurityManager() == null)
          {
              System.setSecurityManager(new RMISecurityManager());
          }
     
          String name = "//<ip_address>:8080/WEB-INF/classes/game/server//123";
          try
          {              
               Game gameInstance = new Game(args[0], args[1], args[2], args[3], args[4], args[5], args[6]);
              Naming.rebind(name, gameInstance);
              System.out.println("GameInstance bound");
               Thread gameThread = new Thread( gameInstance );
               gameThread.start();
               System.out.println("Thread started");
          }
          catch( AccessControlException ace )
          {
               System.out.println("GetPermission gives --> " + ace.getPermission());
               ace.printStackTrace();
          }

Although I used to write
String name = "http://<ip_address>:8080/WEB-INF/classes/game/server//123";

instead of the one that I have there it doesn't make any difference.

The error is raised at the StartServer.java file and the error is:
AccessControlException
The GetPermission of the AccessControlException is: (java.net.SocketPermission <ip_address>:8080 connect, resolve

java.security.AccessControlException: access denied.......

Please could you help me to find where is the problem ?

I think the problem is that it cannot read the policy file that is why it cannot grant the access.

Thus the problem should be around the batch file.


0
Comment
Question by:pouli
  • 16
  • 8
24 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 7144473
 Well your policy file looks fine and since you set the system property with the -D option and the full path of your policy file there should really be no problem.

  Could you post the full stack trace of the exception you get?
0
 

Author Comment

by:pouli
ID: 7144503
I will try to write some of it.
I tried to redirect it with Syste.setErr(...

But I took another SecurityException :) that I couldn't write to the requested file.

So I had to write it by hand
1 minute
0
 

Author Comment

by:pouli
ID: 7144535
java.security.AccessControlException: access denied ( java.net.SocketPermission <ip_address>:8080 connect, resolve)
at java.security.AccessControlContext.checkPermission(AccessControllerContext.java:270)
at java.security.AccessController.checkPermission(AcessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.Securitymanager.checkConnect(SecurityManager.java:1044)
at java.net.Socket.connect(Socket.java:419)
at java.net.Socket.connect(Socket.java:375)
at java.net.Socket.<init>(Socket.java290)
at java.net.Socket.<init>(Socket.java118)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
at sun.rmi.transport............
at java.rmi.Naming.rebind(Naming.java:159)
at StartServer<init>(StartServer.java:23)
at StartServer.main(StartServer.java:48)

Ouff That's all :)
Hope that will help
0
 
LVL 35

Expert Comment

by:girionis
ID: 7145459
 Hmmm... wierd because the stack tarce indicates that the error is exactly there. In the permission stuff. What I would suggest to do is:

  Grant all permission (I know this is dangerous and not recommended but do it just for testing purposes), make sure that there are not two policy files with the same name and another one is used instead of the one we want (apache might have it's own policy file - I know tomcat does) and make sure when you specify the policy file using the system property (the -Djava.security.policy) you give the full path (like c:\myplace\etc\...\policyfile on Windows or /home/whatever/.../policyfile).

  Hope it helps.
0
 
LVL 35

Expert Comment

by:girionis
ID: 7145469
 I see you are using Tomcat-Catalina (%CATALINA_HOME%). Make sure that the file you are using (and the one you are granting permissions in) is indeed the java.policy and not the tomcat.policy. And in Windows try to use the "\" instead of the "/" to indicate the path to your policy file.

  Hope it helps.
0
 

Author Comment

by:pouli
ID: 7148871
I made the server to run but the client cannot find the object. It raises another access denined exception. It cannot connect to the server and possibly find the policy file.


I followed the http://java.sun.com/j2se/1.3/docs/guide/rmi/getstart.doc.html#5228

getting started with RMI tutorial. I followed it step by step (at least this is what I think) and I take the same problem access denied. For the server this time.

I think I miss something small but basic.
0
 

Author Comment

by:pouli
ID: 7148920
I am setting to the batch file as a codebase the http://(ip_address):8080.web_inf....

and at the HelloImpl I set the Naming.rebind to the
Naming.rebind("//(ip_address)/nameObject", obj );

so I use the defualt port 1099.

I start the rmiregistry to the default port 1099

and the web server listens to the 8080.

Are these correct ?
Or do I need to set them to something else
0
 

Author Comment

by:pouli
ID: 7148921
I set the claspath to point to the policy file in case we need this. But no luck.
0
 
LVL 35

Expert Comment

by:girionis
ID: 7149041
 Ok so at least the server is working now and it is the client that throws the errors. What was the server's problem? Can this give you some clues on what's wrong on the client side as well? Make sure that the policy file on the client side is properly set up with permissions as well. What is the exact exception you are getting? Can you post the stack trace? and can you post some of your client's code as well?


>Naming.rebind("//(ip_address)/nameObject", obj );
>so I use the defualt port 1099.

  Yes you use the default port (and the server's default port is 8080) although you can chaneg both RMI's and web serve's ports if you want to. What I want you to make sure is that when you do a lookup on the client *make sure* you put the trailing slash at the end of the name when you do a lookup. Try it for both rebind and lookup methods as this is known to cause problems.

> I set the claspath to point to the policy file in case we need this. But no luck.

  The classpath should not have anything to do with the policy file as the policy file shoudl be a PATH issue and not a CLASSPATH one.
0
 

Author Comment

by:pouli
ID: 7149081
>Naming.rebind("//(ip_address)/nameObject", obj );
>so I use the defualt port 1099.

> Yes you use the default port (and the server's default >port is 8080) although you can chaneg both RMI's and web >serve's ports if you want to. What I want you to make >sure is that when you do a lookup on the client *make >sure* you put the trailing slash at the end of the name >when you do a lookup. Try it for both rebind and lookup >methods as this is known to cause problems

Nop it tries to open the port 1099 no the 8080
===

To be honest I am not sure what I done and it seems that it worked the server,

I will check it though and tell you again.
Here is the stacktrac for the client
Interface exception: access denied (java.net.SocketPermission 130.88.175.4:8080 connect,resolve)
java.security.AccessControlException: access denied (java.net.SocketPermission 130.88.175.4:8080 connect,resolve)
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
     at java.security.AccessController.checkPermission(AccessController.java:401)
     at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
     at java.lang.SecurityManager.checkConnect(SecurityManager.java:1044)
     at java.net.Socket.connect(Socket.java:419)
     at java.net.Socket.connect(Socket.java:375)
     at java.net.Socket.<init>(Socket.java:290)
     at java.net.Socket.<init>(Socket.java:118)
     at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
     at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:122)
     at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:562)
     at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
     at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
     at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
     at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
     at java.rmi.Naming.lookup(Naming.java:83)
     at com.TavliGame.Interface.Interface.<init>(Interface.java:218)
     at StartClient.<init>(StartClient.java:10)
     at StartClient.main(StartClient.java:31)


0
 
LVL 35

Expert Comment

by:girionis
ID: 7149420
 Sorry, I meant you use the rmi's default port (1099) and that the web server's default port is 8080 not that the rmi application is trying to open the port 8080.

  Have you set up the permissions in the client side policy file as well?
0
 

Author Comment

by:pouli
ID: 7149689
I use rmi's default 1099
and server's default 8080
The application is doing
Naimg.rebind( "//<ipaddress>/obj", "obj" );

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:pouli
ID: 7149723
I think the problem with the server was:

file://C:\2k\progra~1\apa

I placed instead of progra~1 --> Program Files
so it wasn't able to find it :(
0
 

Author Comment

by:pouli
ID: 7149792
My web.xml file inside the classes folder is
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
</web-app>


Do I need to make any change to that ?
0
 

Author Comment

by:pouli
ID: 7149794
The web.xml file inside the web-inf folder I mean
0
 

Author Comment

by:pouli
ID: 7149801
I placed a simple html file inside the classes folder where I have the package.

then I tried to access this html file and I couldn't access it through the web browser. I think the problem we have now is that we cannot access the files.

How I set the classpath of the server ?
0
 

Author Comment

by:pouli
ID: 7149827
0
 
LVL 35

Expert Comment

by:girionis
ID: 7149968
 Whoah... One thing at a time :-)

>http://swjscmail1.java.sun.com/cgi-bin/wa?A2=ind9807&L=rmi-users&P=R19102
>
>Does this sounds familiar ?

  Hmmm... I never had any problems with the RMI system but I always use the latest versions of JDK. I started working with RMI from the jdk1.3 so I guess by then the bug (if there was any) was already fixed.

>I placed a simple html file inside the classes folder where I have the package.
>
>then I tried to access this html file and I couldn't access it through the web browser. I think the problem we have now is that we cannot access the files.
>
>How I set the classpath of the server ?

  Do not put the HTML file inside the classes folder, put it under your web app instead. For instance if you have a web app that is called pouli under the webapps folder then put the html in there (so the path sould look webapps/pouli/<myhtmlfile>.html and try to access it and see what happens.

  You do not need to set the classpath for the HTML files. The classpath (as the name suggests) only applies to classes (jar and zip files included), so all that is not-classes do not need a classpath in order to run.

  Do the above and see if it's running. Then try a jsp file (or a servlet) as well and see what happens. I am not sure how Catalina works (last time I used Tomcat was still on its 3.1 version I think) but I guess it works more or less the same. I think though that you need to add your webapp (lets say "pouli") in the sever.xml file and not in the web.xml file using the Context tag. Look at the documentation for more information of how to set up your web application.

>Naimg.rebind( "//<ipaddress>/obj", "obj" );

  Well I uess the "obj" parameter here is not the actual "obj" but a variable of type <someting>Impl (the one that extends the UnicastRemoteObject and implements the interface). You could also do //<ipaddress>:1099 just to be 100% sure it uses the right port.

  I am not sure if you have gone through this but maybe Sun's tutorial might come in handy:
http://java.sun.com/docs/books/tutorial/rmi/index.html

0
 

Author Comment

by:pouli
ID: 7150017
0
 
LVL 35

Accepted Solution

by:
girionis earned 100 total points
ID: 7150890
 Did you try it? Is it working?
0
 

Author Comment

by:pouli
ID: 7151248
How do you set a policy file to the rmiregistry ?

I tried

rmiregistry -Jjava.security.policy=file://policy/

and I placed the policy file in the user home directory that I think is the (under win2k)
documents and settings/default user/policy
0
 

Author Comment

by:pouli
ID: 7151255
0
 

Author Comment

by:pouli
ID: 7151551
Finally,

problem sorted :)

I couldn't find the problem althoguh I am sure that something was going on with Apache.

I passed through a stage where the server couldn't start either. So I went a step back.

After 1 time that the server worked fine I tried to run it again with no changes and it didn't.

From that point I thought that the problem must be the server.

I used the Sun's RMIserver (ClassFileServer)
ftp.javasoft.com/pub/jdk1.1/rmi/class-server.zip
and I found my health again :)

I am still wondering though what I made wrong with Apache or what is wrong with Apache.


thank you for your help girionis

0
 
LVL 35

Expert Comment

by:girionis
ID: 7153670
 Finally! You can never be sure with computers, that's certain. I am glad you solved it at the end :-)
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now