Message-Id: <199704161059.TAA06335@reala.lm.fujitsu.co.jp>
To: java-security@web2.javasoft.com
Subject: A question about RMI security policy
Date: Wed, 16 Apr 1997 19:59:20 +0900
From: Hiroya INAKOSHI <inakoshi@lm.fujitsu.co.jp>
Hi!
I'm very interested in the RMI and trying to use the "bootstrapping
the client" strategy, which is introduced in the RMI specification
document. I found this way very useful to control the version of
client programs, because users can download client programs every time
they are served. An administrator can save a lot of time to
distribute client programs.
But I have a trouble about the RMI's security policy. Referencing
the source code in the RMI specification document, I wrote the
following programs:
------ LoadClient.java(START) -----
import java.rmi.*;
import java.rmi.server.RMIClassLoader;
public class LoadClient {
/**
* Invoked by the following command:
* java -Djava.rmi.server.codebase=http://myhost/codebase/ \
* LoadClient examples.hello.HelloApp
*/
public static void main(String argv[]) {
System.setSecurityManager(new RMISecurityManager());
try {
Class cl = RMIClassLoader.loadClass(argv[0]);
System.out.println("Loaded class: " + cl.toString());
Runnable client = (Runnable)cl.newInstance();
client.run();
} catch (Exception e) {
System.out.println("### Caught Exception at LoadClient#main() ###");
System.out.println(e);
}
}
}
------ LoadClient.java(END) -----
------ HelloApp.java(START) -----
package examples.hello;
import java.rmi.*;
public class HelloApp implements Runnable {
private String message = "";
private Thread thread;
public void run() {
try {
Hello obj = (Hello)Naming.lookup("/HelloServer");
// !!RMISecurityException!!
message = obj.sayHello();
System.out.println("Received message: " + message);
} catch (Exception e) {
System.out.println("### Caught Exception at HelloApp#run() ###");
System.out.println(e);
}
}
}
------ HelloApp.java(END) -----
Of cause, I wrote ether the HelloImpl class and the Hello interface.
Because they seem easy to imagine for you, I omitted them. I wrote
the applet version of HelloApp class and it works as I expected.
At line 13 in HelloApp.java, an RMISecurityException is thrown and
the process is terminated with the following message:
----- Error log (START) ------
% java -Djava.rmi.server.codebase=http://reala.lm.fujitsu.co.jp/~inakoshi/codebase/ LoadClient examples.hello.HelloApp
Loaded class: class examples.hello.HelloApp
*** Security Exception: threadgroup ***
java.rmi.RMISecurityException: security.threadgroup
at java.rmi.RMISecurityManager.checkAccess(RMISecurityManager.java:91)
at java.lang.ThreadGroup.checkAccess(ThreadGroup.java)
at java.lang.ThreadGroup.<init>(ThreadGroup.java)
at sun.rmi.transport.RMIThread.currThreadGroup(RMIThread.java:71)
at sun.rmi.transport.RMIThread.newThread(RMIThread.java:43)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:141)
at sun.rmi.transport.tcp.TCPChannel.openSocket(TCPChannel.java:236)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:125)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:73)
at sun.rmi.registry.RegistryImpl_Stub.lookup(RegistryImpl_Stub.java:86)
at java.rmi.Naming.lookup(Naming.java:60)
at examples.hello.HelloApp.run(HelloApp.java:13)
at LoadClient.main(LoadClient.java:18)
Unable to create persistent RMI ThreadGroup.
*** Security Exception: threadgroup ***
java.rmi.RMISecurityException: security.threadgroup
at java.rmi.RMISecurityManager.checkAccess(RMISecurityManager.java:91)
at java.lang.ThreadGroup.checkAccess(ThreadGroup.java)
at java.lang.ThreadGroup.<init>(ThreadGroup.java)
at java.lang.ThreadGroup.<init>(ThreadGroup.java)
at sun.rmi.transport.RMIThread.currThreadGroup(RMIThread.java:80)
at sun.rmi.transport.RMIThread.newThread(RMIThread.java:43)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:141)
at sun.rmi.transport.tcp.TCPChannel.openSocket(TCPChannel.java:236)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:125)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:73)
at sun.rmi.registry.RegistryImpl_Stub.lookup(RegistryImpl_Stub.java:86)
at java.rmi.Naming.lookup(Naming.java:60)
at examples.hello.HelloApp.run(HelloApp.java:13)
at LoadClient.main(LoadClient.java:18)
### Caught Exception at HelloApp#run() ###
java.rmi.RMISecurityException: security.threadgroup
---- Error log (END) -----
I investigated and found that the RMI's security policy prevent me
from changing the thread's or thread group's arguments, which I can't
understand their meaning. Anyway, how can I achive my goal that users
can download client programs using RMI and start them? Or am I
mistaken the usage of "bootstrapping the client"?
I'd be happy if I could receive any hints...
Regards.
Hiroya INAKOSHI(inakoshi@lm.fujitsu.co.jp)
Fujitsu Ltd. Lifemedia Development Dept.