0

I have a java Class in which RMI code is written as :

public class Test{
  public static void main(String[] args){
    System.setProperty("java.security.policy","file:/C:/myFloder/server.policy");
   
    if (System.getSecurityManager() == null) {
        System.setSecurityManager(new SecurityManager());
        log.info("Security manager installed.");
    } else {
        log.info("Security manager already exists.");
    }

    try {
        LocateRegistry.createRegistry(1099);
        log.info("java RMI registry created.");
    } catch (RemoteException e) {
        log.info("java RMI registry already exists.");
    }
    Naming.unbind("//" + serverIp + ":1099/ServletPath");
    log.info("RMI stareted successfully...!!");
  }
}

Here is the server.policy :

grant {
    permission java.security.AllPermission;
};

But when I am trying to execute it , it is giving me same exceptions all the time . I have tried various solutions from the stackoverflow also but in vain.

java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:1099" "connect,resolve")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
    at java.net.Socket.connect(Socket.java:584)
    at java.net.Socket.connect(Socket.java:538)
    at java.net.Socket.<init>(Socket.java:434)
    at java.net.Socket.<init>(Socket.java:211)
    at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
    at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:148)
    at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
    at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:342)
    at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
    at java.rmi.Naming.rebind(Naming.java:177)
    at com.ist.ivision.rmi.server.SendOnQueueImpl.initMethod(SendOnQueueImpl.java:99)
    at com.ist.ivision.rmi.server.SendOnQueueImpl.main(SendOnQueueImpl.java:143)
    at com.ist.ivision.servlet.IVisionStartup$2.run(IVisionStartup.java:124)
    at java.lang.Thread.run(Thread.java:745)

java.security.AccessControlException: access denied ("java.io.FilePermission" "filepath/A.java" "write")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkWrite(SecurityManager.java:979)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:200)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:101)
    at java.io.FileWriter.<init>(FileWriter.java:63)

Could anyone please let me know what I am doing wrong here ??

Thanks

Neeraj N
  • 53
  • 5
  • When you run your code, do you get "Security manager installed." OR "Security manager already exists." ? The reason I asks is because it might not be reading the policy file you specified.. – JCompetence Dec 01 '20 at 11:48
  • @SusanMustafa I am getting "Security manager installed." – Neeraj N Dec 01 '20 at 12:04
  • I think it is not finding your policy file....even if Java is not complaining. – JCompetence Dec 01 '20 at 12:12
  • @SusanMustafa How do I make it read the policy file ? – Neeraj N Dec 01 '20 at 12:29
  • Why are you using a SecurityManager? You only need it for RMI if you're using the codebase feature. And why are you unbinding something from a newly created registry, which is therefore empty? – user207421 Dec 15 '20 at 01:40

1 Answers1

0

Looking at the existing java.policy file, the format looks different also.

// Standard extensions get all permissions by default

grant codeBase "file:${{java.ext.dirs}}/*" {
        permission java.security.AllPermission;
};

I would also double check that the path is correct to your custom .policy file.

A helpful Stackoverflow is: Java RMI AccessControlException: access denied

===== Edited

Otherwise, try to remove the System.setProperty() from the code, and POINT to the custom policy file as a runtime argument from your IDE when you run:

Remove System.setProperty()

Modify your Eclipse/Intellij and add the runtime arguments

-Djava.security.manager -Djava.security.policy=C:/myFloder/server.policy

============= Edited 2

Try to do this instead of using a file:

    Policy.setPolicy(new Policy() {
        @Override
        public boolean implies(ProtectionDomain domain, Permission permission) {
            return true; // all permissions
        }
    });

    System.setSecurityManager(new SecurityManager());
JCompetence
  • 6,997
  • 3
  • 19
  • 26
  • 1
    I tried this way also . I replaced "${{java.ext.dirs}}" with the absoute file path but still it is giving me the same exception @Susan Musafa – Neeraj N Dec 01 '20 at 12:29
  • I did replace "${{java.ext.dirs}}" with "file://C:/serverpath/webapps/ROOT/WEB-INF/classes/*" but it is not helping out. I am placing the jar files to the tomcat context . There how do I do this : "-Djava.security.manager -Djava.security.policy=C:/myFloder/server.policy" – Neeraj N Dec 01 '20 at 12:39
  • I didnt meant modify your policy file. I was wondering if you could modify your System.setProperty() to point to file:// instead of file:/ but do TRY to point to the policy file as a runtime argument RATHER than in the code, see if that could help. TO at least eliminate the possible path issues – JCompetence Dec 01 '20 at 12:42
  • But I am not executing the code from eclipse IDE . I am creating the jar and then deploying it to the tomcat container. There how do I provide runtime arguments ? – Neeraj N Dec 01 '20 at 12:47
  • For Tomcat, https://stackoverflow.com/questions/12407163/pass-vm-argument-to-apache-tomcat It shows you how to pass arguments. – JCompetence Dec 01 '20 at 12:50
  • Nopes, it is not working that way also . Giving out the same error – Neeraj N Dec 01 '20 at 12:59
  • I tried the edited code , now that exception has gone but "java.lang.SecurityException: attempt to add a Permission to a readonly Permissions object" this exception occured – Neeraj N Dec 01 '20 at 13:21
  • 1
    I got the solution , I need to refresh the policies by ```Policy.getPolicy().refresh()``` only rest of things were right posted in my question. – Neeraj N Dec 01 '20 at 13:52