Specifying remote codeBase for Java security policy

1.1k views Asked by At

I have a client-side security policy, with a statement that grants permissions. I want to be able to specify it to grant the set of permissions for an RMI server only. For example this works:

grant{    
    //my permissions    
};

But I cant figure out how to link the set of permissions so that they apply to my codebase on the server. Actually anything, as long as its tied to the server would be fine. I have tried:

grant codeBase "file://hostname/-"{    
    //my permissions   
};

With the hostname being the name or IP of the machine, both with and w/o the port number. But this does not work, neither does using http instead of file. If I understand what I read so far correctly the hyphen at the end should apply the permissions to anything located on the server. Anyone know what I need to do to get this to work?

Thanks.

Heres the codebase specified when running the server:

-Djava.rmi.server.codebase=file://home/me/PageServer/build/classes/  pageserver.LoginService pageserver.PlannerService 
2

There are 2 answers

4
Andy Thomas On BEST ANSWER

Where is the local JVM getting the code that should be granted permissions?

If it's downloading the code from an HTTP codebase on the server, you can use a URL starting with "http:".

If it's local code, you can use a URL starting with "file:" and ending with a local path.

Disclaimer: I've written security files for Jini, which is built atop RMI, and it's been a few years. Apologies for anything I've missed.

0
user207421 On

Use a JAR for the codebase, and specify exactly the HTTP URL in the .policy file that you specified in -Djava.rmi.server.codebase.