RMI Security Manager

[Philipp Kraus]

Hi @all,

I'm write at this time a sheed for my study with Matlab and Java.
I run RMI objects under Matlab and there some problems with
security. I had implementated a server and client classes and run these
classes under Matlab. My questing:

_Must_ I implamentate a RMI Security Manager for_both_ server and
client or can I?
I don't need security because it's a solution that works only in a
kown subnet.
Client and Server have all classes in the local classpath.

Thanks

Phil

 

[Marcin Rze¼nicki]

Hi @all,

I'm write at this time a sheed for my study with Matlab and Java.
I run RMI objects under Matlab and there some problems with
security. I had implementated a server and client classes and run these
classes under Matlab. My questing:

_Must_ I implamentate a RMI Security Manager for_both_ server and
client or can I?
 I don't need security because it's a solution that works only in a
kown subnet.
Client and Server have all classes in the local classpath.

Thanks

Phil

To my knowledge, no. I am using RMI in very similar configuration as
yours, and I've never had to enable RMI Security Manager. AFAIK it is
not needed unless you need code download.

 

[Philipp Kraus]

To my knowledge, no. I am using RMI in very similar configuration as
yours, and I've never had to enable RMI Security Manager. AFAIK it is
not needed unless you need code download.

I try both solutions, with and without security manager. Without the
manager my Matlab crashes down with a lot of exceptions, some of the
Matlab codebase. If I installed a manager it run without errors and I can
connect the RMI object from localhost, but not from the subnet.
I had set the permissions to "permission java.security.AllPermission;",
load the policy file, create the security manager or take the loaded manager,
create a local RMI Registry or take the loaded and bind my object.

If I try "Naming.list(<url>)", I can see the object from all clients in
the subnet.
The command "netstat -a" shows the RMI Registry on the server to listen on
all net interfaces (*:*). If I call Naming.lookup I get an time out
exception. If
I run "telnet rmiserver 1099" I get an connection. On my wireshark logs I
see also that there send data from/to server and client. I take a look to the
packet content and I see the object properierties, so I think java
transfers the
data, but I don't understand the timeout on RMI lookup.
Another net code with multicast connections runs perfect.

Have anyone an idea, but I don't understand this time out

Thank

Phil

 

[EJP]

Correct.

I try both solutions, with and without security manager. Without the
manager my Matlab crashes down with a lot of exceptions, some of the
Matlab codebase.

An application can't possibly get *more* errors without a security
manager unless that lack has allowed it to proceed further.

If I installed a manager it run without errors and I can

connect the RMI object from localhost, but not from the subnet.

What happens instead? That sounds like you need to set
java.rmi.server.hostname at the server host. Nothing to do with
permissions or security managers AFACIS.

If I call Naming.lookup I get an time out
exception.

And Naming.list() works? Or do you mean that calling a remote method on
an object *obtained from* Naming.lookup() times out. Again that would
indicate a need to set java.rmi.server.hostname.

RMI objects necessarily exported on port 1099, unless you take special
steps to ensure that. It is sounding like either a
java.rmi.server.hostname issue (item A.1 in the RMI FAQ) or you have a
firewall blocking everything but port 1099.

 

[Roedy Green]

data, but I don't understand the timeout on RMI lookup.
Another net code with multicast connections runs perfect.

Have anyone an idea, but I don't understand this time out

Just a thought. Is any OTHER sort of security, e.g. a firewall
interfering? In the reign of the dinosaurs, IIRC I had to fiddle with
a firewall to let the RMI traffic through.
--
Roedy Green Canadian Mind Products
http://mindprod.com

No flying machine will ever fly from New York to Paris.
~ Orville Wright (born: 1871-08-19 died: 1948-10-30 at age: 77) 1908 We see that same conservative pessimism in those crafting today’s computers and computer tools. They are overwhelmed by the details of producing even today’s solutions. You need young, over-confident people who don’t know too much to chart the course ahead. This is especially true of global warming where the current generation has entirely given up hope of a green planet and sustainable human survival.

 

[Philipp Kraus]

Just a thought. Is any OTHER sort of security, e.g. a firewall
interfering? In the reign of the dinosaurs, IIRC I had to fiddle with
a firewall to let the RMI traffic through.

I had found the "bug". Under my Ubuntu in the /etc/host was a
wrong IP for the hostname. I run DHCP with DNS but the order
for the IP <-> name connect is first "host" and then "dns". So
the RMI hostname was the IP in the wrong subnet.