473,320 Members | 2,024 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

[HELP] RMI & Java security (too secure!)

[cross-posted on comp.lang.java]
[cross-posted on comp.lang.java.security]

hi you all,
first of all apologies for having cross-posted this message but really
i did not know where to post it. please let me know what ng you
consider the most suitable for the described issue.

i wrote a program made by a client and a server that communicate via
RMI

premise 1) everything has been developed and executed on WinXP
Professional and the following jre

java version "1.4.2_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_02-b03)
Java HotSpot(TM) Client VM (build 1.4.2_02-b03, mixed mode)
premise 2) the registration on the RMI registry is all inside the
program (ie: i don't use rmiregistry app)
here are the two main problems i can't handle:

1 (server unaffected by local server.policy file) - i launch the
server with the following command:

java my.path.server server.properties

problem: wether i specify a proper server.policy with
-Djava.security.policy or i launch only the command above what happens
is that the server FAILS TO REGISTER ON THE RMI REGISTRY IF I DON'T
ADD THE FOLLOWING TWO LINES IN THE /lib/security/java.policy of the
jre.

grant {
permission java.net.SocketPermission "*:1024-65535", "connect,
accept, resolve";
permission java.net.SocketPermission "localhost:1024-65535",
"connect, accept, resolve";
};

question: is it correct or should it work only passing onto it the
ad-hoc server.policy containing the above two lines? what's going on?

anyway, once the server has been correctly registered modifying the
jre java.policy, i start the client

java my.path.client client.properties
-Djava.security.policy=client.policy

and everything works perfectly (on XP professional).
2 (problems with win2k server and win2003 server) - the exact same
thing brought onto the two server machines does not work.

in any case, whatever the security configuration, the client ALWAYS
FAILS TO CONNECT TO THE SERVER with the following exception:

java.rmi.ConnectException: Connection refused to host: 10.0.0.66;
nested exception is: java.net.ConnectException: Connection refused:
connect

differently, if the server is launched on my XP and the client on one
of the two servers, it works.

to sum it up, if the server is on a win server machine in no way can i
connect to it (at least i could not manage to).

is there something to be set properly on those machines?
are the ports above the 1024 in some way locked? (on RMI i use the
4100)

i hope it is all more or less clear enough and (above all) that
someone would be able to help me.

i ran short of ideas.

ciao and have a nice day,
l
Jul 17 '05 #1
4 5406
there are two ways to solve this problem...

one is to find a quick fix somewhere off the Internet

the other is to take a day out and spend it with a good book on Java
Security (and then perhaps another on Java RMI)... there are so many
quality books out there, a simple search on amazon or a trip to your
local computer book store is well worth the effort

- perry

Lorenzo wrote:
[cross-posted on comp.lang.java]
[cross-posted on comp.lang.java.security]

hi you all,
first of all apologies for having cross-posted this message but really
i did not know where to post it. please let me know what ng you
consider the most suitable for the described issue.

i wrote a program made by a client and a server that communicate via
RMI

premise 1) everything has been developed and executed on WinXP
Professional and the following jre

java version "1.4.2_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_02-b03)
Java HotSpot(TM) Client VM (build 1.4.2_02-b03, mixed mode)
premise 2) the registration on the RMI registry is all inside the
program (ie: i don't use rmiregistry app)
here are the two main problems i can't handle:

1 (server unaffected by local server.policy file) - i launch the
server with the following command:

java my.path.server server.properties

problem: wether i specify a proper server.policy with
-Djava.security.policy or i launch only the command above what happens
is that the server FAILS TO REGISTER ON THE RMI REGISTRY IF I DON'T
ADD THE FOLLOWING TWO LINES IN THE /lib/security/java.policy of the
jre.

grant {
permission java.net.SocketPermission "*:1024-65535", "connect,
accept, resolve";
permission java.net.SocketPermission "localhost:1024-65535",
"connect, accept, resolve";
};

question: is it correct or should it work only passing onto it the
ad-hoc server.policy containing the above two lines? what's going on?

anyway, once the server has been correctly registered modifying the
jre java.policy, i start the client

java my.path.client client.properties
-Djava.security.policy=client.policy

and everything works perfectly (on XP professional).
2 (problems with win2k server and win2003 server) - the exact same
thing brought onto the two server machines does not work.

in any case, whatever the security configuration, the client ALWAYS
FAILS TO CONNECT TO THE SERVER with the following exception:

java.rmi.ConnectException: Connection refused to host: 10.0.0.66;
nested exception is: java.net.ConnectException: Connection refused:
connect

differently, if the server is launched on my XP and the client on one
of the two servers, it works.

to sum it up, if the server is on a win server machine in no way can i
connect to it (at least i could not manage to).

is there something to be set properly on those machines?
are the ports above the 1024 in some way locked? (on RMI i use the
4100)

i hope it is all more or less clear enough and (above all) that
someone would be able to help me.

i ran short of ideas.

ciao and have a nice day,
l


Jul 17 '05 #2
Lorenzo wrote:
[cross-posted on comp.lang.java]
[cross-posted on comp.lang.java.security]

hi you all,
first of all apologies for having cross-posted this message but really
i did not know where to post it. please let me know what ng you
consider the most suitable for the described issue.

i wrote a program made by a client and a server that communicate via
RMI

premise 1) everything has been developed and executed on WinXP
Professional and the following jre

java version "1.4.2_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_02-b03)
Java HotSpot(TM) Client VM (build 1.4.2_02-b03, mixed mode)
premise 2) the registration on the RMI registry is all inside the
program (ie: i don't use rmiregistry app)
here are the two main problems i can't handle:

1 (server unaffected by local server.policy file) - i launch the
server with the following command:

java my.path.server server.properties

problem: wether i specify a proper server.policy with
-Djava.security.policy or i launch only the command above what happens
is that the server FAILS TO REGISTER ON THE RMI REGISTRY IF I DON'T
ADD THE FOLLOWING TWO LINES IN THE /lib/security/java.policy of the
jre.

grant {
permission java.net.SocketPermission "*:1024-65535", "connect,
accept, resolve";
permission java.net.SocketPermission "localhost:1024-65535",
"connect, accept, resolve";
};

question: is it correct or should it work only passing onto it the
ad-hoc server.policy containing the above two lines? what's going on?

anyway, once the server has been correctly registered modifying the
jre java.policy, i start the client

java my.path.client client.properties
-Djava.security.policy=client.policy

and everything works perfectly (on XP professional).
2 (problems with win2k server and win2003 server) - the exact same
thing brought onto the two server machines does not work.

in any case, whatever the security configuration, the client ALWAYS
FAILS TO CONNECT TO THE SERVER with the following exception:

java.rmi.ConnectException: Connection refused to host: 10.0.0.66;
nested exception is: java.net.ConnectException: Connection refused:
connect


I don't think that message has anything to do with Java security. I think
it's caused by TCP/IP failing to connect to the requested port. "Connection
refused" is normally generated when a client attempts to connect to a port
on a server and the server isn't listening on that port. Can you verify that
the RMI server is really up and listening on the port you think it is (I
don't know Windows well enough to suggest any diagnostic tools).

It might also be a firewall getting in the way. Do you have any sort of
firewall protecting the W2k/W3k servers which might be blocking the RMI
registry port?

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nm*@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
Jul 17 '05 #3
perry <pe***@unifiedobjects.com> wrote in message news:<lI********************@news20.bellglobal.com >...
there are two ways to solve this problem...

one is to find a quick fix somewhere off the Internet

the other is to take a day out and spend it with a good book on Java
Security (and then perhaps another on Java RMI)... there are so many
quality books out there, a simple search on amazon or a trip to your
local computer book store is well worth the effort


yes, i've done both things. then i used sysinternals tcpview to find
out it was a matter of domain resolving.

watch out for this.
i learnt that in the java policy file is much better to specify IP
addresses rather than names, they can be resolved differently than you
expect.
was it a known issue?

not it works, even if machines belong to different domains.
thanx for the answer,
l
Jul 17 '05 #4
Lorenzo wrote:
i used sysinternals tcpview to find
out it was a matter of domain resolving.

watch out for this.
i learnt that in the java policy file is much better to specify IP
addresses rather than names, they can be resolved differently than you
expect.
was it a known issue?


Name resolution is done by the OS, not Java. I would guess the problem is
Active Directory and dynamic DNS.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nm*@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
Jul 17 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Derek | last post by:
what usually causes a java.security.NoSuchAlgorithmException? i am getting this while trying to run WebTest with SSL. so, if there is anyone out there using SSL and webtest i would appreciate...
0
by: fabio | last post by:
Hi, I'm writing a program for PPC and I use IBM's Websphere Device Developper PPRO1.0 java VM. This vm is much smaller and simple than standard vm as it has to run on small devices as handhelds....
12
by: Rainer Rosenberger | last post by:
Hello, in an intranet we have the requirement to communicate between two browser windows, e.g. read hidden fields or execute functions in other window. This works fine as long as both windows come...
1
by: McKirahan | last post by:
What is "active content"? My ASP page just returns HTML.... I have a page with an .htm extension that has a form whose action is an ASP page which generates a report after updating a database...
3
by: Woody Splawn | last post by:
For reasons I have not yet identified my Help, Search and Help, Index has quit working. That is, in the VB IDE, from the Help menu, I can select Dynamic help or Contents and things work as...
6
by: kusuma chalasani | last post by:
hi.. i'm using msaccess database to retrive the data into an applet... during runtime i'm getting an error like java.security.AccessControlException:access denied(java.lang...
1
by: Smoothj | last post by:
Hello all, when connecting to an IRC server with my java applet some of my members get this error code. java.security.AccessControlException : access denied (java.net.SocketPermission...
0
by: mr man | last post by:
I try to play runescape and this came up......this comes up with all java java.security.PrivilegedActionException: java.io.FileNotFoundException: C:\Documents and Settings\HP_Owner\Application...
4
by: nano2 | last post by:
Hi , I am getting the following error when using java version 1.5 "java.security.NoSuchProviderException: no such provider: SunJSSE" Has anyone any ideas why i am getting this error .....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.