Search code examples
javarmipolicy

RMI How to add libs (and grant them socket permissions)

For a school project I have to create a distributed system from a standalone application. We're using RMI for the communication, but we ran into some problems.

The server I created starts just fine, but the client (which uses some swing libraries etc.) was giving me a classNotFound exception. To fix this I added the libraries my project uses to "C:\Program Files\Java\jre6\lib\ext". I prefer to place to libs at the client (like I did with the builds).

Can someone tell me if this is possible and ifso, how?

The problems don't end here, if I start my client now I get an java.security.AccessControlException. I use a policy file, it looks like this: 

grant
{  permission java.net.SocketPermission 
    "*:1024-65535", "connect,accept";
};

I also tried to add all the libs but this didn't help either:

grant codebase "file:${java.home}/../lib/ext/appframework-1.0.3.jar" {
   permission java.security.AllPermission;
};
grant codebase "file:${java.home}/../lib/ext/beansbinding-1.2.1.jar" {
   permission java.security.AllPermission;
};
grant codebase "file:${java.home}/../lib/ext/jcalendar-1.3.3.jar" {
   permission java.security.AllPermission;
};
grant codebase "file:${java.home}/../lib/ext/looks-2.0.1.jar" {
   permission java.security.AllPermission;
};
grant codebase "file:${java.home}/../lib/ext/swing-worker-1.1.jar" {
   permission java.security.AllPermission;
};
grant codebase "file:${java.home}/../lib/ext/swingx-1.6.1.jar" {
   permission java.security.AllPermission;
};
grant codebase "file:${java.home}/../lib/ext/swingx-bean.jar" {
   permission java.security.AllPermission;
};
grant codebase "file:${java.home}/../lib/ext/swingx-ws-2011_01_16.jar" {
   permission java.security.AllPermission;
};

grant
{  permission java.net.SocketPermission 
    "*:1024-65535", "connect,accept";
};

I hope that anyone can help me.

-Rob

Solution

  • Debugging java 2 security exceptions is a tedious trial and error process. I guess you are starting the client with a JVM switch to add tell it to use a security manager - add the following

    -Djava.security.debug=access,failure

    You'll get masses of debug information, but searcing it for "access denied" will show you what permissions need to be granted against which code base. It's not a scientific process - you just have to keep trying until you think you've fixed all the security problems.