4

I'm using RMI to invoke a method that is specified to return an object of class ClassX.

ClassX xObj = remoteObject.meth(...);

If the remote method actually returns an instance of a locally unknown subclass SubclassOfX of ClassX, this class SubclassOfX is automatically downloaded from a codebase (as specified by the annotation on the serialized instance of SubclassOfX).
(for those who need it: codebase concept in RMI)

Before Java17, a SecurityManager (and a policy file) had to be used to allow class loading from the codebase. But starting with Java17, the SecurityManager is deprecated and marked for removal.

My question now: how to allow/control class loading from a codebase in the future?

Edit1: And just to answer to comment citing jep411: I know about this document, but there is no solution/alternative given in it for this RMI use case of SecurityManager.

Any1
  • 41
  • 3
  • 1
    (Hi & Welcome!;)"There is no replacement for the Security Manager. See [JEP 411](https://openjdk.java.net/jeps/411) for discussion and alternatives." – xerx593 Jan 01 '22 at 13:52
  • ...so: "don't worry until" 27/29, as i understand: (jep411+) https://en.wikipedia.org/wiki/Java_version_history – xerx593 Jan 01 '22 at 14:00
  • 1
    I know about jep411, but I can't find any solution/alternative given in it for this classical RMI use case of SecurityManager. – Any1 Jan 01 '22 at 16:59
  • @Progman The codebase is a well-known feature of RMI. It would be familiar to anybody competent to answer the question. – user207421 Jan 24 '22 at 01:00

0 Answers0