rmi java.security.AccessControlException
I am new to RIM, and currently taking the tutorial at http://java.sun.com/docs/books/tutorial/rmi/overview.html
I am able to start server like:
C:\Documents and Settings\myHome>java -cp c:\home\ann\src;c:\home\ann\public_ html\classes\compute.jar -Djava.rmi.server.codebase=file:/c:/home/ann/public_htm l/classes/compute.jar -Djava.rmi.server.hostname=localhost -Djava.security.polic y=c:\home\ann\policy\server.policy engine.ComputeEngine ComputeEngine bound
However, when i try to run client i got exceptions
access: access allowed (java.lang.RuntimePermission createClassLoader)
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
ComputePi exception:
java.rmi.ServerException: RemoteException occurred in server thread; nested exce
ption is:
java.rmi.UnmarshalException: error unmarshalling arguments; nested excep
tion is:
java.lang.ClassNotFoundException: access to class loader denied
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Sou
rce)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Sour
ce)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source
)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknow
n Source)
at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(Unkn
own Source)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(Unknown Source)
at $Proxy0.executeTask(Unknown Source)
at client.ComputePi.main(ComputePi.java:27)
Caused by: java.rmi.UnmarshalException: error unmarshalling arguments; nested ex
ception is:
java.lang.ClassNotFoundException: access to class loader denied
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Sou
rce)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Sour
ce)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source
)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassNotFoundException: access to class loader denied
at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
at java.rmi.server.RMIClassLoader$2.loadClass(Unknown Source)
at java.rmi.server.RMIClassLoader.loadClass(Unknown Source)
at sun.rmi.server.MarshalInputStream.resolveClass(Unknown Source)
at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
at java.io.ObjectInputStream.readClassDesc(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at sun.rmi.server.UnicastRef.unmarshalValue(Unknown Source)
... 10 more
Caused by: java.security.AccessControlException: access denied (java.io.FilePerm
ission \c:\home\jones\public_html\classes\- read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.rmi.server.LoaderHandler$Loader.checkPermissions(Unknown Source)
at sun.rmi.server.LoaderHandler$Loader.access$000(Unknown Source)
... 21 more
i believe the problem is the client policy file for client (correct if i am wrong please), as we can see from stack trace
Caused by: java.security.AccessControlException: access denied (java.io.FilePerm ission \c:\home\jones\public_html\classes\- read)
However, my client.policy file looks like
grant codeBase "file:/c:/home/jones/public_html/classes/-" {
permission java.security.AllPermission;
};
grant{
permission java.net.SocketPermission "127.0.0.1:1024-65535", "connect,resolve";
};
There are AllPermission for codeBase "file:/c:/home/jones/public_html/classes/-".
So, did i set the codeBase permission wrong, so there are more permission client application needs?
Thanks!!!
Update: if i move the client.policy file to C:\Program Files\Java\jre6\lib\security and i start the client with
C:\Documents and Settings\jianzhang>java -cp c:\home\jones\src;c:\home\jones\pub lic_html\classes\compute.jar -Djava.rmi.server.codebase=file:/c:/home/jones/publ ic_html/classes/ -Djava.security.policy=client.policy -Djava.security.debug=acce ss,failure client.ComputePi localhost 45
i got exception
ComputePi exception:
java.security.AccessControlException: access denied (java.net.SocketPermission 1
27.0.0.1:1099 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.(Unknown Source)
at java.net.Socket.(Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at client.ComputePi.main(ComputePi.java:25)
However, the client.policy file has specified
grant{
permission java.net.SocketPermission "127.0.0.1:1024-65535", "connect,resolve";
};
Update with full stack trace Here is the full stack trace,
C:\home\jones\src>java -cp C:\home\jones\src;C:\home\jones\public_html\classes\c
ompute.jar;C:\home\jones\public_html\classes -Djava.rmi.server.codebase=file:/C:
/home/jones/public_html/classes/ -Djava.security.policy=client.policy -Djava.sec
urity.debug=access,failure client.ComputePi localhost 45
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
access: access allowed (java.security.SecurityPermission getProperty.policy.expa
ndProperties)
access: access allowed (java.security.SecurityPermission getProperty.policy.igno
reIdentityScope)
access: access allowed (java.security.SecurityPermission getProperty.policy.allo
wSystemProperty)
access: access allowed (java.util.PropertyPermission sun.security.policy.utf8 re
ad)
access: access allowed (java.util.PropertyPermission sun.security.policy.numcach
es read)
access: access allowed (java.util.PropertyPermission java.security.policy read)
access: access allowed (java.util.PropertyPermission user.dir read)
access: access allowed (java.io.FilePermission C:\home\jones\src\client.policy r
ead)
access: access allowed (java.io.FilePermission client.policy read)
access: access allowed (java.security.SecurityPermission getProperty.policy.url.
1)
access: access allowed (java.util.PropertyPermission java.home read)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\lib\se
curity\java.policy read)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\lib\se
curity\java.policy read)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\lib\se
curity\java.policy read)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\lib\se
curity\java.policy read)
access: access allowed (java.util.PropertyPermission java.ext.dirs read)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\lib\ex
t\* read)
access: access allowed (java.io.FilePermission C:\WINDOWS\Sun\Java\lib\ext\* rea
d)
access: access allowed (java.security.SecurityPermission getProperty.policy.url.
2)
access: access allowed (java.util.PropertyPermission user.home read)
access: access allowed (java.io.FilePermission C:\Documents and Settings\anga
ng\.java.policy read)
access: access allowed (java.io.FilePermission C:\Documents and Settings\anga
ng\.java.policy read)
access: access allowed (java.io.FilePermission C:\Documents and Settings\anga
ng\.java.policy read)
access: access allowed (java.security.SecurityPermission getProperty.policy.url.
3)
access: access allowed (java.util.PropertyPermission java.security.auth.policy r
ead)
access: access allowed (java.security.SecurityPermission getProperty.auth.policy
.url.1)
access: access allowed (java.lang.RuntimePermission accessClassInPackage.sun.sec
urity.provider)
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
access: access allowed (java.util.PropertyPermission java.security.egd read)
access: access allowed (java.security.SecurityPermission getProperty.securerando
m.source)
access: access allowed (java.security.SecurityPermission putProviderProperty.SUN
)
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
access: access allowed (java.util.PropertyPermission * read,write)
access: access allowed (java.util.PropertyPermission os.arch read)
access: access allowed (java.util.PropertyPermission java.net.preferIPv6Addresse
s read)
access: access allowed (java.lang.RuntimePermission loadLibrary.net)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\bin\ne
t.dll read)
access: access allowed (java.util.PropertyPermission java.net.preferIPv4Stack re
ad)
access: access allowed (java.util.PropertyPermission impl.prefix read)
access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks
)
access: access allowed (java.util.PropertyPermission sun.net.spi.nameservice.pro
vider.1 read)
access: access allowed (java.net.SocketPermission myComputer resolve)
access: access allowed (java.security.SecurityPermission getProperty.networkaddr
ess.cache.ttl)
access: access allowed (java.util.PropertyPermission sun.net.inetaddr.ttl read)
access: access allowed (java.security.SecurityPermission getProperty.networkaddr
ess.cache.negative.ttl)
access: access allowed (java.io.FilePermission C:\Documents and Settings\anga
ng\Local Settings\Temp read)
access: access allowed (java.io.FilePermission C:\Documents and Settings\anga
ng\Local Settings\Temp read)
access: access allowed (java.io.FilePermission C:\Documents and Settings\anga
ng\Local Settings\Temp read)
access: access allowed (java.io.FilePermission C:\Documents and Settings\anga
ng\Local Settings\Temp read)
access: access allowed (java.io.FilePermission C:\DOCUME~1\ang~1\LOCALS~1\Tem
p read)
access: access allowed (java.util.PropertyPermission java.rmi.server.hostname re
ad)
access: access allowed (java.io.FilePermission C:\home\jones\src read)
access: access denied (java.net.SocketPermission myComputer resolve)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Unknown Source)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getLocalHost(Unknown Source)
at sun.rmi.transport.tcp.TCPEndpoint.(Unknown Source)
at java.rmi.registry.LocateRegistry.getRegistry(Unknown Source)
at java.rmi.registry.LocateRegistry.getRegistry(Unknown Source)
at java.rmi.registry.LocateRegistry.getRegistry(Unknown Source)
at client.ComputePi.main(ComputePi.java:24)
access: access allowed (java.security.SecurityPermission getPolicy)
access: access allowed (java.io.FilePermission C:\home\jones\src read)
access: domain that failed ProtectionDomain (file:/C:/home/jones/src/ )
sun.misc.Launcher$AppClassLoader@1b90b39
java.security.Permissions@d70d7a (
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission exitVM)
(java.io.FilePermission \C:\home\jones\src\- read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(java.net.SocketPermission localhost:1024- listen,resolve)
)
access: access allowed (java.util.PropertyPermission java.rmi.server.useLocalHos
tName read)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.logLevel
read)
access: access allowed (java.util.PropertyPermission sun.rmi.log.useOld read)
access: access allowed (java.util.PropertyPermission java.util.logging.manager r
ead)
access: access allowed (java.lang.RuntimePermission setContextClassLoader)
access: access allowed (java.lang.RuntimePermission shutdownHooks)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission java.util.logging.config.cl
ass read)
access: access allowed (java.util.PropertyPermission java.util.logging.config.fi
le read)
access: access allowed (java.util.PropertyPermission java.home read)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\lib\lo
gging.properties read)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\lib\lo
gging.properties read)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\lib\lo
gging.properties read)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission line.separator read)
access: access allowed (java.util.PropertyPermission line.separator read)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.tcp.logLe
vel read)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.tcp.maxCo
nnectionThreads read)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.tcp.threa
dKeepAliveTime read)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.proxy.log
Level read)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.proxy.con
nectTimeout read)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.proxy.eag
erHttpFallback read)
access: access allowed (java.util.PropertyPermission http.proxyHost read)
access: access allowed (java.util.PropertyPermission proxyHost read)
access: access allowed (java.util.PropertyPermission java.rmi.server.disableHttp
read)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.tcp.readT
imeout read)
access: access allowed (java.util.PropertyPermission sun.rmi.server.logLevel rea
d)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission java.rmi.server.ignoreStubC
lasses read)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission sun.rmi.client.logCalls rea
d)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission java.rmi.server.hostname re
ad)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.connectio
nTimeout read)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.tcp.hands
hakeTimeout read)
access: access allowed (java.util.PropertyPermission sun.rmi.transport.tcp.respo
nseTimeout read)
access: access allowed (java.util.logging.LoggingPermission control)
access: access allowed (java.util.PropertyPermission sun.rmi.runtime.schedulerTh
reads read)
access: access allowed (java.lang.RuntimePermission sun.rmi.runtime.RuntimeUtil.
getInstance)
access: access allowed (java.net.SocketPermission localhost resolve)
access: access allowed (java.lang.RuntimePermission loadLibrary.net)
access: access allowed (java.io.FilePermission C:\Program Files\Java\jre6\bin\ne
t.dll read)
access: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Unknown Source)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.(Unknown Source)
at java.net.Socket.(Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at client.ComputePi.main(ComputePi.java:25)
access: access allowed (java.security.SecurityPermission getPolicy)
access: access allowed (java.io.FilePermission C:\home\jones\src read)
access: domain that failed ProtectionDomain (file:/C:/home/jones/src/ )
sun.misc.Launcher$AppClassLoader@1b90b39
java.security.Permissions@77158a (
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission exitVM)
(java.io.FilePermission \C:\home\jones\src\- read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(java.net.SocketPermission localhost:1024- listen,resolve)
)
ComputePi exception:
java.security.AccessControlException: access denied (java.net.SocketPermission 1
27.0.0.1:1099 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.(Unkn开发者_高级运维own Source)
at java.net.Socket.(Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at client.ComputePi.main(ComputePi.java:25)
At line 80:
access: access allowed (java.net.SocketPermission myComputer resolve)
however afrom line 99 to 111
access: access denied (java.net.SocketPermission myComputer resolve)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Unknown Source)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getLocalHost(Unknown Source)
at sun.rmi.transport.tcp.TCPEndpoint.(Unknown Source)
at java.rmi.registry.LocateRegistry.getRegistry(Unknown Source)
at java.rmi.registry.LocateRegistry.getRegistry(Unknown Source)
at java.rmi.registry.LocateRegistry.getRegistry(Unknown Source)
at client.ComputePi.main(ComputePi.java:24)
Problem solved, see my another post
How do you start the client? Do you specify a policy file when starting the client?
Your command line to start the client should look like:
java -cp c:\home\jones\src;c:\home\jones\public_html\classes\compute.jar
-Djava.rmi.server.codebase=file:/c:/home/jones/public_html/classes/
-Djava.security.policy=client.policy
client.ComputePi zaphod.east.sun.com 45
Update: you wrote:
if i move the client.policy file to
C:\Program Files\Java\jre6\lib\security
You need to change the paths you see in the examples (c:\home\jones, etc.) to the actual ones you use on your machine (where your code base and security files are).
加载中,请稍侯......
精彩评论