Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Loading RMI class from local filesystem

2 views
Skip to first unread message

bren...@gmail.com

unread,
Nov 15, 2008, 10:12:40 PM11/15/08
to
Need to load an RMI class from a jar on the local filesystem. With
Update 10, this is becoming nearly impossible, for some odd reason,
with code which has always worked.

I don't want to edit the java policy file on my deployment systems,
and I am also running under Java Web Start.

After running standalone and getting rid of Web Start, I get the same
error. Exception when trying to read the class from the jar file.
Don't wanna put the classes on the net at the codebase for Java Web
Start, because everything has to run standalone detached from the
network.

All of this worked on Java 6 Update 5 but it craps out with Update 10
and I have to find a way to make it work.

The stack trace indicates that I'm stopped on a simple
java.io.FilePermission. I've written and installed a subclass of
RMISecurityManager which permits everything I can think of. However,
from the stack trace looks like it calls checkRead and then goes
further. Is this a different security manager, other than the one I
have over-ridden? Is there more than 1 security manager in an
application?

I would assume it would hit my checkRead and my checkRead does NOT
call anything else, so not sure exactly what is going on here.

HOW can I allow this jar file to be read? If it can be read, then I
think the class can be loaded which is relevant to the RMI
implementation and everything should work.

-Djava.rmi.server.codebase=file://./sZoneTrader.jar <-- that's the
property and protocol I'm using to get it to the file, and it appears
the file exists, just can't be read.

ERR: 08.11.15 09:44:07.094: java.security.AccessControlException:
access denied (java.io.FilePermission \\.\sZoneTrader.jar read)
java.security.AccessControlException: access denied
(java.io.FilePermission \\.\sZoneTrader.jar read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.exists(Unknown Source)
at sun.net.www.protocol.file.Handler.openConnection(Unknown Source)
at sun.net.www.protocol.file.Handler.openConnection(Unknown Source)
at java.net.URL.openConnection(Unknown Source)
at sun.rmi.server.LoaderHandler.addPermissionsForURLs(Unknown Source)
at sun.rmi.server.LoaderHandler.access$300(Unknown Source)
at sun.rmi.server.LoaderHandler$Loader.<init>(Unknown Source)
at sun.rmi.server.LoaderHandler$Loader.<init>(Unknown Source)
at sun.rmi.server.LoaderHandler$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.server.LoaderHandler.lookupLoader(Unknown Source)
at sun.rmi.server.LoaderHandler.loadProxyClass(Unknown Source)
at java.rmi.server.RMIClassLoader$2.loadProxyClass(Unknown Source)
at java.rmi.server.RMIClassLoader.loadProxyClass(Unknown Source)
at sun.rmi.server.MarshalInputStream.resolveProxyClass(Unknown
Source)
at java.io.ObjectInputStream.readProxyDesc(Unknown Source)
at java.io.ObjectInputStream.readClassDesc(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source)
at sun.rmi.server.UnicastServerRef.oldDispatch(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown
Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown
Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer
(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at java.rmi.Naming.rebind(Unknown Source)
at com.twc.trader.ZoneTrader.<init>(Unknown Source)
at com.twc.trader.ZoneTrader.createAndShowGUI(Unknown Source)
at com.twc.trader.ZoneTrader.access$4(Unknown Source)
at com.twc.trader.ZoneTrader$95.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown
Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown
Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)

OUT: 08.11.15 09:44:07.094: RemoteIndicatorServiceImpl Naming.rebind
FAILURE.

bren...@gmail.com

unread,
Nov 15, 2008, 11:08:36 PM11/15/08
to

http://lopica.sourceforge.net/faq.html suggests a couple of things to
do... Interesting that I could carry my own policy and activate it on
the fly. Might try and do that.

iceryx reports: The classes I loaded with my own URLClassLoader didn't
have the same permissions as the classes loaded directly through Web
Start. So I included my own policy file in a jar to grant
java.security.AllPermissions to all codebases. Then in my main class,
I wrote:

URL policyUrl = Thread.currentThread().getContextClassLoader
().getResource("my.java.policy");
Policy.getPolicy().refresh();
This fixed it. I guess that when you give "all-permissions" to your
Web Start app, it assigns java.security.AllPermissions only to code
loaded from the Web Start codebase, but not to code from other
codebases. Changing the policy widened this permission to everything.

As another alternative you can also write your own Policy subclass
permitting everything and then call Policy.setPolicy() to turn it on.

Andrew Thompson

unread,
Nov 16, 2008, 6:27:16 PM11/16/08
to
On Nov 16, 3:08 pm, brent5...@gmail.com wrote:
> ...suggests a couple of things to do...  

If your app. has full permissions, it can
simply call ...

System.setSecurityManager(null);

.. to blow away the last vestiges of any
security manager.

It was necessary to do this in various projects
that load other code in non-standard ways
(eg URLClassLoader) for the loaded code to
have full access.

I cannot say what happens there, for Vista
systems running UAC.

--
Andrew T.
pscode.org

0 new messages