RMI & JDK1.2 security

Luke Stephens (psitek@bellsouth.net)
Mon, 08 Feb 1999 14:19:48 -0500

Date: Mon, 08 Feb 1999 14:19:48 -0500
From: Luke Stephens <psitek@bellsouth.net>
To: java-security@java.sun.com
Subject: RMI & JDK1.2 security

Greetings,

I am attempting to use the "Activatable" features of RMI. I am "exec"ing
an instance of the rmiregistry and rmid processes (out of a main
process) (Runtime.exec(rmiregistry). In addition, I am attempting to run
a "setup" script to set up the "activatable" rmi server. When I run
this, I get what appears to be a security "blowup" (see trace below).
Basically, it appears that when it goes to get the ActivationServer that
its checkPermission() call fails and throws a security exception. I have
granted allPermissions in this environment. When I attempt to install a
RMISecurityManager, I get failures with file reading (related to reading
in property files). I have three specific questions:
1. Is there some combination of RMISecurityManager properties that I
need to have set to make this work?

2. What how can I set the specific permission where this is failing.

3. Is there a default security configuration for this type of RMI
activity.

[Trace]
*******
java.rmi.activation.ActivationException: ActivationSystem not running;
nested exception is:
java.security.AccessControlException: access denied
(java.net.SocketPermission 127.0.0.1:1098 connect,resolve)
java.security.AccessControlException: access denied
(java.net.SocketPermission 127.0.0.1:1098 connect,resolve)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:195)

at
java.security.AccessController.checkPermission(AccessController.java:403)

at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at
java.lang.SecurityManager.checkConnect(SecurityManager.java:1006)
at java.net.Socket.<init>(Socket.java:258)
at java.net.Socket.<init>(Socket.java:98)
at
sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:29)

at
sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:124)

at
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:462)
at
sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:194)
at
sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:178)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:89)
at
java.rmi.activation.ActivationGroup.getSystem(ActivationGroup.java:419)
at
com.psitek.test.harness.server.TestServerMasterSetup.doSetup(TestServerMasterSetup.java:74)

at
com.psitek.test.harness.server.TestServerManager.setupTestServerMaster(TestServerManager.java:125)

at
com.psitek.test.harness.server.TestServerManager.initialize(TestServerManager.java:32)

at
com.psitek.test.harness.server.TestServerManager.main(TestServerManager.java:26)

java.security.AccessControlException: access denied
(java.util.PropertyPermission user.dir read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:195)

at
java.security.AccessController.checkPermission(AccessController.java:403)

at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1222)

at java.lang.System.getProperty(System.java:507)
at
com.psitek.test.harness.server.TestServerManager.loadProperties(TestServerManager.java:158)

at
com.psitek.test.harness.server.TestServerManager.initialize(TestServerManager.java:36)

at
com.psitek.test.harness.server.TestServerManager.main(TestServerManager.java:26)