Java Reference
In-Depth Information
must appear below the
classes
subdirectory, organized in package-named sub-
directories. This example assumes a Unix-like directory system. On a Windows
system, an analogous codebase specification would be
-Djava.rmi.server.codebase=file:///c/rmi-servers/example1/classes/
where the absolute path starts at the C: drive but we continue to use forward slash
characters as the separators.
If the needed class files are in a directory served by an HTTP server, then the
codebase might look like
-Djava.rmi.server.codebase
=
http://myserver/rmi/example1/classes/
If the downloadable classes are in a JAR file, then the specification might be
-Djava.rmi.server.codebase
=
http://myserver/rmi/example1.jar
If the needed classes are split across two jar files then the following might be
used:
-Djava.rmi.server.codebase
=
"
http://myserver/rmi/example1.jar http://myserver/rmi/more.jar
"
where we have split the single line into two lines. In practice, the entire quoted
and space-delimited string should be all on one line.
18.5.3 The policy file
Even with the codebase properly specified and a security manager in place, both
client and server must still navigate through the Java permission system to run
correctly. As discussed in Chapter 14, once a security manager is used in Java 2
the policy file is consulted each time certain potentially sensitive operations
are performed. The default policy file is quite restrictive, permitting little more
than the minimum permissions needed to run the JVM and load classes from
the local
CLASSPATH
. Therefore, it is vital that a custom policy file be spec-
ified for both client and server. This custom policy file is specified using the
java.security.policy
property.
For the simple example used here the server permission needed is
java.net.SocketPermission
,which controls access to network sockets.
The permission needed is a specification of the host to be used and a set of
“actions” that identify ways to access that host. For this example, as long as we're
running the client and server on the same machine, the server needs network
access to localhost, and the actions are
accept, connect
, and
resolve
. The need
for this permission may be determined by examining the source code along with
a knowledge of which Java API methods require various permissions. Unfortu-
nately, that body of knowledge is difficult to learn and remember. In addition,
often the method that requires some permission may not be called directly by
Search WWH ::
Custom Search