Running RMI out of the Localhost

Hello, everybody
I have an application that runs ok under the localhost using RMI.

I also have Apache HTTP server and I am trying to make RMI to run out of just my computer.

Although it sounds trivial I face some security exceptions and I cannot find the problem.

I will tell you all the informations:
The policy file of the server is:
grant
{
    permission java.io.FilePermission "C:\\2k\\Program Files\\apa\\webapps\\ROOT\\WEB-INF\\classes\\game/-", "read";
     permission java.net.SocketPermission "http://<ip_address>:8080", "connect,accept";
     permission java.net.SocketPermission "http://<ip_address>:8080/WEB-INF/classes/game/server/", "connect,accept,resolve";
     permission java.net.SocketPermission "http://127.0.0.1:8080/WEB-INF/classes/game/server/", "connect,accept,resolve";    
     
    permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve";
    permission java.net.SocketPermission "*:80", "connect,accept,resolve";      
         
};

I know that I do not need all these but I type them there during my adventure to solve the problem.

I placed the package at the following directory:
C:\2k\Program Files\apa\webapps\ROOT\WEB-INF\classes\game\server

The batch file that starts the server is that:
set classpath=C:\2k\Program Files\apa\webapps\ROOT\WEB-INF\classes\game\server;
java -Djava.rmi.server.codebase=http://<ip_address>:8080/WEB-INF/classes/game/server/ -Djava.rmi.server.hostname=<ip_address>:8080 -Djava.security.policy=%CATALINA_HOME%/webapps/ROOT/WEB-INF/classes/game/java.policy StartServer player1Name black.gif human Giorgos red.gif human fevga

And finaly the StartServer.java has the following code which raises the error:

          if (System.getSecurityManager() == null)
          {
              System.setSecurityManager(new RMISecurityManager());
          }
     
          String name = "//<ip_address>:8080/WEB-INF/classes/game/server//123";
          try
          {              
               Game gameInstance = new Game(args[0], args[1], args[2], args[3], args[4], args[5], args[6]);
              Naming.rebind(name, gameInstance);
              System.out.println("GameInstance bound");
               Thread gameThread = new Thread( gameInstance );
               gameThread.start();
               System.out.println("Thread started");
          }
          catch( AccessControlException ace )
          {
               System.out.println("GetPermission gives --> " + ace.getPermission());
               ace.printStackTrace();
          }

Although I used to write
String name = "http://<ip_address>:8080/WEB-INF/classes/game/server//123";

instead of the one that I have there it doesn't make any difference.

The error is raised at the StartServer.java file and the error is:
AccessControlException
The GetPermission of the AccessControlException is: (java.net.SocketPermission <ip_address>:8080 connect, resolve

java.security.AccessControlException: access denied.......

Please could you help me to find where is the problem ?

I think the problem is that it cannot read the policy file that is why it cannot grant the access.

Thus the problem should be around the batch file.


pouliAsked:
Who is Participating?
 
girionisConnect With a Mentor Commented:
 Did you try it? Is it working?
0
 
girionisCommented:
 Well your policy file looks fine and since you set the system property with the -D option and the full path of your policy file there should really be no problem.

  Could you post the full stack trace of the exception you get?
0
 
pouliAuthor Commented:
I will try to write some of it.
I tried to redirect it with Syste.setErr(...

But I took another SecurityException :) that I couldn't write to the requested file.

So I had to write it by hand
1 minute
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
pouliAuthor Commented:
java.security.AccessControlException: access denied ( java.net.SocketPermission <ip_address>:8080 connect, resolve)
at java.security.AccessControlContext.checkPermission(AccessControllerContext.java:270)
at java.security.AccessController.checkPermission(AcessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.Securitymanager.checkConnect(SecurityManager.java:1044)
at java.net.Socket.connect(Socket.java:419)
at java.net.Socket.connect(Socket.java:375)
at java.net.Socket.<init>(Socket.java290)
at java.net.Socket.<init>(Socket.java118)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
at sun.rmi.transport............
at java.rmi.Naming.rebind(Naming.java:159)
at StartServer<init>(StartServer.java:23)
at StartServer.main(StartServer.java:48)

Ouff That's all :)
Hope that will help
0
 
girionisCommented:
 Hmmm... wierd because the stack tarce indicates that the error is exactly there. In the permission stuff. What I would suggest to do is:

  Grant all permission (I know this is dangerous and not recommended but do it just for testing purposes), make sure that there are not two policy files with the same name and another one is used instead of the one we want (apache might have it's own policy file - I know tomcat does) and make sure when you specify the policy file using the system property (the -Djava.security.policy) you give the full path (like c:\myplace\etc\...\policyfile on Windows or /home/whatever/.../policyfile).

  Hope it helps.
0
 
girionisCommented:
 I see you are using Tomcat-Catalina (%CATALINA_HOME%). Make sure that the file you are using (and the one you are granting permissions in) is indeed the java.policy and not the tomcat.policy. And in Windows try to use the "\" instead of the "/" to indicate the path to your policy file.

  Hope it helps.
0
 
pouliAuthor Commented:
I made the server to run but the client cannot find the object. It raises another access denined exception. It cannot connect to the server and possibly find the policy file.


I followed the http://java.sun.com/j2se/1.3/docs/guide/rmi/getstart.doc.html#5228

getting started with RMI tutorial. I followed it step by step (at least this is what I think) and I take the same problem access denied. For the server this time.

I think I miss something small but basic.
0
 
pouliAuthor Commented:
I am setting to the batch file as a codebase the http://(ip_address):8080.web_inf....

and at the HelloImpl I set the Naming.rebind to the
Naming.rebind("//(ip_address)/nameObject", obj );

so I use the defualt port 1099.

I start the rmiregistry to the default port 1099

and the web server listens to the 8080.

Are these correct ?
Or do I need to set them to something else
0
 
pouliAuthor Commented:
I set the claspath to point to the policy file in case we need this. But no luck.
0
 
girionisCommented:
 Ok so at least the server is working now and it is the client that throws the errors. What was the server's problem? Can this give you some clues on what's wrong on the client side as well? Make sure that the policy file on the client side is properly set up with permissions as well. What is the exact exception you are getting? Can you post the stack trace? and can you post some of your client's code as well?


>Naming.rebind("//(ip_address)/nameObject", obj );
>so I use the defualt port 1099.

  Yes you use the default port (and the server's default port is 8080) although you can chaneg both RMI's and web serve's ports if you want to. What I want you to make sure is that when you do a lookup on the client *make sure* you put the trailing slash at the end of the name when you do a lookup. Try it for both rebind and lookup methods as this is known to cause problems.

> I set the claspath to point to the policy file in case we need this. But no luck.

  The classpath should not have anything to do with the policy file as the policy file shoudl be a PATH issue and not a CLASSPATH one.
0
 
pouliAuthor Commented:
>Naming.rebind("//(ip_address)/nameObject", obj );
>so I use the defualt port 1099.

> Yes you use the default port (and the server's default >port is 8080) although you can chaneg both RMI's and web >serve's ports if you want to. What I want you to make >sure is that when you do a lookup on the client *make >sure* you put the trailing slash at the end of the name >when you do a lookup. Try it for both rebind and lookup >methods as this is known to cause problems

Nop it tries to open the port 1099 no the 8080
===

To be honest I am not sure what I done and it seems that it worked the server,

I will check it though and tell you again.
Here is the stacktrac for the client
Interface exception: access denied (java.net.SocketPermission 130.88.175.4:8080 connect,resolve)
java.security.AccessControlException: access denied (java.net.SocketPermission 130.88.175.4:8080 connect,resolve)
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
     at java.security.AccessController.checkPermission(AccessController.java:401)
     at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
     at java.lang.SecurityManager.checkConnect(SecurityManager.java:1044)
     at java.net.Socket.connect(Socket.java:419)
     at java.net.Socket.connect(Socket.java:375)
     at java.net.Socket.<init>(Socket.java:290)
     at java.net.Socket.<init>(Socket.java:118)
     at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
     at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:122)
     at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:562)
     at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
     at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
     at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
     at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
     at java.rmi.Naming.lookup(Naming.java:83)
     at com.TavliGame.Interface.Interface.<init>(Interface.java:218)
     at StartClient.<init>(StartClient.java:10)
     at StartClient.main(StartClient.java:31)


0
 
girionisCommented:
 Sorry, I meant you use the rmi's default port (1099) and that the web server's default port is 8080 not that the rmi application is trying to open the port 8080.

  Have you set up the permissions in the client side policy file as well?
0
 
pouliAuthor Commented:
I use rmi's default 1099
and server's default 8080
The application is doing
Naimg.rebind( "//<ipaddress>/obj", "obj" );

0
 
pouliAuthor Commented:
I think the problem with the server was:

file://C:\2k\progra~1\apa

I placed instead of progra~1 --> Program Files
so it wasn't able to find it :(
0
 
pouliAuthor Commented:
My web.xml file inside the classes folder is
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
</web-app>


Do I need to make any change to that ?
0
 
pouliAuthor Commented:
The web.xml file inside the web-inf folder I mean
0
 
pouliAuthor Commented:
I placed a simple html file inside the classes folder where I have the package.

then I tried to access this html file and I couldn't access it through the web browser. I think the problem we have now is that we cannot access the files.

How I set the classpath of the server ?
0
 
pouliAuthor Commented:
0
 
girionisCommented:
 Whoah... One thing at a time :-)

>http://swjscmail1.java.sun.com/cgi-bin/wa?A2=ind9807&L=rmi-users&P=R19102
>
>Does this sounds familiar ?

  Hmmm... I never had any problems with the RMI system but I always use the latest versions of JDK. I started working with RMI from the jdk1.3 so I guess by then the bug (if there was any) was already fixed.

>I placed a simple html file inside the classes folder where I have the package.
>
>then I tried to access this html file and I couldn't access it through the web browser. I think the problem we have now is that we cannot access the files.
>
>How I set the classpath of the server ?

  Do not put the HTML file inside the classes folder, put it under your web app instead. For instance if you have a web app that is called pouli under the webapps folder then put the html in there (so the path sould look webapps/pouli/<myhtmlfile>.html and try to access it and see what happens.

  You do not need to set the classpath for the HTML files. The classpath (as the name suggests) only applies to classes (jar and zip files included), so all that is not-classes do not need a classpath in order to run.

  Do the above and see if it's running. Then try a jsp file (or a servlet) as well and see what happens. I am not sure how Catalina works (last time I used Tomcat was still on its 3.1 version I think) but I guess it works more or less the same. I think though that you need to add your webapp (lets say "pouli") in the sever.xml file and not in the web.xml file using the Context tag. Look at the documentation for more information of how to set up your web application.

>Naimg.rebind( "//<ipaddress>/obj", "obj" );

  Well I uess the "obj" parameter here is not the actual "obj" but a variable of type <someting>Impl (the one that extends the UnicastRemoteObject and implements the interface). You could also do //<ipaddress>:1099 just to be 100% sure it uses the right port.

  I am not sure if you have gone through this but maybe Sun's tutorial might come in handy:
http://java.sun.com/docs/books/tutorial/rmi/index.html

0
 
pouliAuthor Commented:
0
 
pouliAuthor Commented:
How do you set a policy file to the rmiregistry ?

I tried

rmiregistry -Jjava.security.policy=file://policy/

and I placed the policy file in the user home directory that I think is the (under win2k)
documents and settings/default user/policy
0
 
pouliAuthor Commented:
0
 
pouliAuthor Commented:
Finally,

problem sorted :)

I couldn't find the problem althoguh I am sure that something was going on with Apache.

I passed through a stage where the server couldn't start either. So I went a step back.

After 1 time that the server worked fine I tried to run it again with no changes and it didn't.

From that point I thought that the problem must be the server.

I used the Sun's RMIserver (ClassFileServer)
ftp.javasoft.com/pub/jdk1.1/rmi/class-server.zip
and I found my health again :)

I am still wondering though what I made wrong with Apache or what is wrong with Apache.


thank you for your help girionis

0
 
girionisCommented:
 Finally! You can never be sure with computers, that's certain. I am glad you solved it at the end :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.