Search code examples
javarmi

Java RMI - Accessing RMI Registry Objects on a Different Machine - AccessControlException?

I'm attempting to get a client on one machine to talk to a server on another machine through Java RMI. I deploy the server at host IP X on port Y. I then attempt to get the client to lookup the remote object on the server and I get the following exception:

Exception in thread "main" java.security.AccessControlException: access denied (java.net.SocketPermission <IP address>:<port> connect,resolve)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
    at java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
    at java.net.Socket.connect(Socket.java:524)
    at java.net.Socket.connect(Socket.java:478)
    at java.net.Socket.<init>(Socket.java:375)
    at java.net.Socket.<init>(Socket.java:189)
    at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
    at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:128)
    at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595)
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
    at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
    at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
    at nursestation.NurseStation.subscribeToPatients(NurseStation.java:65)
    at nursestation.NurseStation.<init>(NurseStation.java:42)
    at nursestation.perf.SimplePerfTest.main(SimplePerfTest.java:28)

Note that both the client and server are running with a policy file allowing all permissions. The RMI registry is running on the server as well. Any ideas as to why I'm getting this exception? What can I do to allow the client to talk to a server running on a different server?

Update:

Policy file

grant {
  permission java.security.AllPermission;
};

Client Startup - Using RMI plugin for Eclipse

  1. Start the RMI registry
  2. Executed "java BedsideMonitorMain patient1 vital1 vital2" with the specified policy file for java.security.policy shown above and java.rmi.server.codebase pointing to my project workspace code
  3. The patient1 object is binded to the RMI registry

Server Startup

  1. Executed "java NurseStationMain patient1" with the specified policy file for java.security.policy shown above and java.rmi.server.codebase pointing to my project workspace code
Solution

  • So I figured out the underlying problem. Apparently both machines had a different license key for the Eclipse RMI plugin, which did not allow both machines to communicate with each other. When I made the license key on both machines identical, then I was able to get the client and server to communicate with each other. For my purpose, this is sufficient, as I'm not using this system in a production environment (it's for a class project). I am curious though what the "best" solution would be to this problem.