0

I'm having trouble getting RMI security policies working. I have a .policy file on both the server and client, each of which is running a SecurityManager.

When I try and run the client its failing. My policy file grants everything atm. Heres the content:

grant { permission java.security.AllPermission };

I have the file client.policy in the root directory of my JAR file (I tried running it with the policy file outside the jar too). Then I run the client with this:

java -jar PagePlanner.jar -Djava.security.policy=client.policy -Djava.rmi.codebase=http://192.168.0.88:2077/home/me/NetbeansProjects/PageServer/dist/PageServer.jar -Djava.security.debug=access

Specifying my policy file and the path to my code base. I'm not sure if either of these are correct. I also tried setting the debug switch as I read somewhere it should give me extra info about whats going wrong, but it does not seem to make a difference.Heres the output when I run the client:

Exception in thread "main" java.security.AccessControlException: access denied (java.awt.AWTPermission setWindowAlwaysOnTop)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.awt.Window.setAlwaysOnTop(Window.java:2038)
    at gui.LoginForm.<init>(LoginForm.java:59)
    at main.Main.main(Main.java:21)

From which point the client just hangs. Any ideas what I'm doing wrong here? The policy setup on the server-side is pretty much the same. I can post the details if that helps.

Cheers.

Ultimate Gobblement
  • 1,851
  • 16
  • 23

1 Answers1

0

Run the client with -Djava.security.debug=access,failure. Most probably your .policy file isn't being found.

BTW you don't need to set the codebase at the client unless the client has its own implementations of abstract classes/interfaces and the server doesn't know about them. The codebase is normally only set at the server, so as to annotate classes that are downloaded to the client and the Registry.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • For some reason-Djava.security.debug=access,failure was not giving me any output. Not sure why that was, in the end I modified the system-wide policy file and dropped the client-side switches for the time being. Then I ran into several more problems which you appear to already have answered on other sites - so thanks for that :) – Ultimate Gobblement Sep 15 '10 at 11:59
  • EJP is right about the java.security.debug parameter values, the syntax however it is slightly different. Try it like this: -Djava.security.debug=”access,failure” – Florin Feb 09 '11 at 15:45
  • @Florin: I've never had to use those quotes. That would only be an issue with a command processor (shell) that separated arguments at commas. I haven't used one of those for about 32 years;-) – user207421 Feb 11 '11 at 06:07