tags:

views:

30

answers:

2
Q: 

Specifying remote codeBase for Java security policy

I have a client-side security policy, with a statement that grants permissions. I want to be able to specify it to grant the set of permissions for an RMI server only. For example this works:

grant{    
    //my permissions    
};

But I cant figure out how to link the set of permissions so that they apply to my codebase on the server. Actually anything, as long as its tied to the server would be fine. I have tried: 

grant codeBase "file://hostname/-"{    
    //my permissions   
};

With the hostname being the name or IP of the machine, both with and w/o the port number. But this does not work, neither does using http instead of file. If I understand what I read so far correctly the hyphen at the end should apply the permissions to anything located on the server. Anyone know what I need to do to get this to work?

Thanks.

Heres the codebase specified when running the server:

-Djava.rmi.server.codebase=file://home/me/PageServer/build/classes/  pageserver.LoginService pageserver.PlannerService
+1  A: 

Where is the local JVM getting the code that should be granted permissions?

If it's downloading the code from an HTTP codebase on the server, you can use a URL starting with "http:".

If it's local code, you can use a URL starting with "file:" and ending with a local path.

Disclaimer: I've written security files for Jini, which is built atop RMI, and it's been a few years. Apologies for anything I've missed.

Andy Thomas-Cramer  2010-09-15 13:09:56
Its getting it from a remote JVM. I tried http but it was not working for me. Perhaps it has something to do with the path? I don't know where the base path on my RMI server is would it just be the root file path, or does it start somewhere by default, say like /var/www would for apache.
DrDipshit  2010-09-15 13:29:53
Is the property java.rmi.server.codebase defined on your RMI server?
Andy Thomas-Cramer  2010-09-15 13:57:51
It should be, if I'm adding it correctly that is. I just updated my question to include the switch I added when running the server jar. Cheers.
DrDipshit  2010-09-15 15:13:19
@DrDipshit - If the client is always on the same machine as the server, you can use the same "file:" URL on both client and server; this will not have a hostname or port in it. Otherwise, you can set up an HTTP server and use the same "http:" URL on both server and client. You can test your HTTP server with a web browser. A very lightweight (one class) HTTP server is provided by Jini (pre-River); it can be run standalone or included in another application. If I recall correctly from reading its source years back, it doesn't depend on use of Jini.
Andy Thomas-Cramer  2010-09-16 12:54:52
Yeah, no I was not running an http server. I was wondering if RMI had some protocol that would handle the transfer, as the http part looked strange. Anyways I got it working now. Cheers.
DrDipshit  2010-09-16 14:16:36
A: 

Use a JAR for the codebase, and specify exactly the HTTP URL in the .policy file that you specified in -Djava.rmi.server.codebase.

EJP  2010-10-12 05:42:54

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java