473,388 Members | 1,109 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,388 software developers and data experts.

[HELP] RMI & Java security (too secure!)

[cross-posted on comp.lang.java]
[cross-posted on comp.lang.java.security]

hi you all,
first of all apologies for having cross-posted this message but really
i did not know where to post it. please let me know what ng you
consider the most suitable for the described issue.

i wrote a program made by a client and a server that communicate via
RMI

premise 1) everything has been developed and executed on WinXP
Professional and the following jre

java version "1.4.2_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_02-b03)
Java HotSpot(TM) Client VM (build 1.4.2_02-b03, mixed mode)
premise 2) the registration on the RMI registry is all inside the
program (ie: i don't use rmiregistry app)
here are the two main problems i can't handle:

1 (server unaffected by local server.policy file) - i launch the
server with the following command:

java my.path.server server.properties

problem: wether i specify a proper server.policy with
-Djava.security.policy or i launch only the command above what happens
is that the server FAILS TO REGISTER ON THE RMI REGISTRY IF I DON'T
ADD THE FOLLOWING TWO LINES IN THE /lib/security/java.policy of the
jre.

grant {
permission java.net.SocketPermission "*:1024-65535", "connect,
accept, resolve";
permission java.net.SocketPermission "localhost:1024-65535",
"connect, accept, resolve";
};

question: is it correct or should it work only passing onto it the
ad-hoc server.policy containing the above two lines? what's going on?

anyway, once the server has been correctly registered modifying the
jre java.policy, i start the client

java my.path.client client.properties
-Djava.security.policy=client.policy

and everything works perfectly (on XP professional).
2 (problems with win2k server and win2003 server) - the exact same
thing brought onto the two server machines does not work.

in any case, whatever the security configuration, the client ALWAYS
FAILS TO CONNECT TO THE SERVER with the following exception:

java.rmi.ConnectException: Connection refused to host: 10.0.0.66;
nested exception is: java.net.ConnectException: Connection refused:
connect

differently, if the server is launched on my XP and the client on one
of the two servers, it works.

to sum it up, if the server is on a win server machine in no way can i
connect to it (at least i could not manage to).

is there something to be set properly on those machines?
are the ports above the 1024 in some way locked? (on RMI i use the
4100)

i hope it is all more or less clear enough and (above all) that
someone would be able to help me.

i ran short of ideas.

ciao and have a nice day,
l
Jul 17 '05 #1
4 5410
there are two ways to solve this problem...

one is to find a quick fix somewhere off the Internet

the other is to take a day out and spend it with a good book on Java
Security (and then perhaps another on Java RMI)... there are so many
quality books out there, a simple search on amazon or a trip to your
local computer book store is well worth the effort

- perry

Lorenzo wrote:
[cross-posted on comp.lang.java]
[cross-posted on comp.lang.java.security]

hi you all,
first of all apologies for having cross-posted this message but really
i did not know where to post it. please let me know what ng you
consider the most suitable for the described issue.

i wrote a program made by a client and a server that communicate via
RMI

premise 1) everything has been developed and executed on WinXP
Professional and the following jre

java version "1.4.2_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_02-b03)
Java HotSpot(TM) Client VM (build 1.4.2_02-b03, mixed mode)
premise 2) the registration on the RMI registry is all inside the
program (ie: i don't use rmiregistry app)
here are the two main problems i can't handle:

1 (server unaffected by local server.policy file) - i launch the
server with the following command:

java my.path.server server.properties

problem: wether i specify a proper server.policy with
-Djava.security.policy or i launch only the command above what happens
is that the server FAILS TO REGISTER ON THE RMI REGISTRY IF I DON'T
ADD THE FOLLOWING TWO LINES IN THE /lib/security/java.policy of the
jre.

grant {
permission java.net.SocketPermission "*:1024-65535", "connect,
accept, resolve";
permission java.net.SocketPermission "localhost:1024-65535",
"connect, accept, resolve";
};

question: is it correct or should it work only passing onto it the
ad-hoc server.policy containing the above two lines? what's going on?

anyway, once the server has been correctly registered modifying the
jre java.policy, i start the client

java my.path.client client.properties
-Djava.security.policy=client.policy

and everything works perfectly (on XP professional).
2 (problems with win2k server and win2003 server) - the exact same
thing brought onto the two server machines does not work.

in any case, whatever the security configuration, the client ALWAYS
FAILS TO CONNECT TO THE SERVER with the following exception:

java.rmi.ConnectException: Connection refused to host: 10.0.0.66;
nested exception is: java.net.ConnectException: Connection refused:
connect

differently, if the server is launched on my XP and the client on one
of the two servers, it works.

to sum it up, if the server is on a win server machine in no way can i
connect to it (at least i could not manage to).

is there something to be set properly on those machines?
are the ports above the 1024 in some way locked? (on RMI i use the
4100)

i hope it is all more or less clear enough and (above all) that
someone would be able to help me.

i ran short of ideas.

ciao and have a nice day,
l


Jul 17 '05 #2
Lorenzo wrote:
[cross-posted on comp.lang.java]
[cross-posted on comp.lang.java.security]

hi you all,
first of all apologies for having cross-posted this message but really
i did not know where to post it. please let me know what ng you
consider the most suitable for the described issue.

i wrote a program made by a client and a server that communicate via
RMI

premise 1) everything has been developed and executed on WinXP
Professional and the following jre

java version "1.4.2_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_02-b03)
Java HotSpot(TM) Client VM (build 1.4.2_02-b03, mixed mode)
premise 2) the registration on the RMI registry is all inside the
program (ie: i don't use rmiregistry app)
here are the two main problems i can't handle:

1 (server unaffected by local server.policy file) - i launch the
server with the following command:

java my.path.server server.properties

problem: wether i specify a proper server.policy with
-Djava.security.policy or i launch only the command above what happens
is that the server FAILS TO REGISTER ON THE RMI REGISTRY IF I DON'T
ADD THE FOLLOWING TWO LINES IN THE /lib/security/java.policy of the
jre.

grant {
permission java.net.SocketPermission "*:1024-65535", "connect,
accept, resolve";
permission java.net.SocketPermission "localhost:1024-65535",
"connect, accept, resolve";
};

question: is it correct or should it work only passing onto it the
ad-hoc server.policy containing the above two lines? what's going on?

anyway, once the server has been correctly registered modifying the
jre java.policy, i start the client

java my.path.client client.properties
-Djava.security.policy=client.policy

and everything works perfectly (on XP professional).
2 (problems with win2k server and win2003 server) - the exact same
thing brought onto the two server machines does not work.

in any case, whatever the security configuration, the client ALWAYS
FAILS TO CONNECT TO THE SERVER with the following exception:

java.rmi.ConnectException: Connection refused to host: 10.0.0.66;
nested exception is: java.net.ConnectException: Connection refused:
connect


I don't think that message has anything to do with Java security. I think
it's caused by TCP/IP failing to connect to the requested port. "Connection
refused" is normally generated when a client attempts to connect to a port
on a server and the server isn't listening on that port. Can you verify that
the RMI server is really up and listening on the port you think it is (I
don't know Windows well enough to suggest any diagnostic tools).

It might also be a firewall getting in the way. Do you have any sort of
firewall protecting the W2k/W3k servers which might be blocking the RMI
registry port?

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nm*@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
Jul 17 '05 #3
perry <pe***@unifiedobjects.com> wrote in message news:<lI********************@news20.bellglobal.com >...
there are two ways to solve this problem...

one is to find a quick fix somewhere off the Internet

the other is to take a day out and spend it with a good book on Java
Security (and then perhaps another on Java RMI)... there are so many
quality books out there, a simple search on amazon or a trip to your
local computer book store is well worth the effort


yes, i've done both things. then i used sysinternals tcpview to find
out it was a matter of domain resolving.

watch out for this.
i learnt that in the java policy file is much better to specify IP
addresses rather than names, they can be resolved differently than you
expect.
was it a known issue?

not it works, even if machines belong to different domains.
thanx for the answer,
l
Jul 17 '05 #4
Lorenzo wrote:
i used sysinternals tcpview to find
out it was a matter of domain resolving.

watch out for this.
i learnt that in the java policy file is much better to specify IP
addresses rather than names, they can be resolved differently than you
expect.
was it a known issue?


Name resolution is done by the OS, not Java. I would guess the problem is
Active Directory and dynamic DNS.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nm*@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
Jul 17 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Derek | last post by:
what usually causes a java.security.NoSuchAlgorithmException? i am getting this while trying to run WebTest with SSL. so, if there is anyone out there using SSL and webtest i would appreciate...
0
by: fabio | last post by:
Hi, I'm writing a program for PPC and I use IBM's Websphere Device Developper PPRO1.0 java VM. This vm is much smaller and simple than standard vm as it has to run on small devices as handhelds....
12
by: Rainer Rosenberger | last post by:
Hello, in an intranet we have the requirement to communicate between two browser windows, e.g. read hidden fields or execute functions in other window. This works fine as long as both windows come...
1
by: McKirahan | last post by:
What is "active content"? My ASP page just returns HTML.... I have a page with an .htm extension that has a form whose action is an ASP page which generates a report after updating a database...
3
by: Woody Splawn | last post by:
For reasons I have not yet identified my Help, Search and Help, Index has quit working. That is, in the VB IDE, from the Help menu, I can select Dynamic help or Contents and things work as...
6
by: kusuma chalasani | last post by:
hi.. i'm using msaccess database to retrive the data into an applet... during runtime i'm getting an error like java.security.AccessControlException:access denied(java.lang...
1
by: Smoothj | last post by:
Hello all, when connecting to an IRC server with my java applet some of my members get this error code. java.security.AccessControlException : access denied (java.net.SocketPermission...
0
by: mr man | last post by:
I try to play runescape and this came up......this comes up with all java java.security.PrivilegedActionException: java.io.FileNotFoundException: C:\Documents and Settings\HP_Owner\Application...
4
by: nano2 | last post by:
Hi , I am getting the following error when using java version 1.5 "java.security.NoSuchProviderException: no such provider: SunJSSE" Has anyone any ideas why i am getting this error .....
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.