[ Home ] [ Up ] [ ComputeEngineImpl ] [ Security Policies ] [ ComputePi ] [ ComputeEngineClient ] [ Running the Example ]

The ComputeEngineImpl class has a significant difference from previous RMI examples we've seen so far:

• It uses java.lang.SecurityManager as the security manager for the program.

Why?  Because RMI's class loader will not download any classes from remote locations if no security manager has been set.

Here is the relevant piece of code that implements this:

    System.setProperty("java.security.policy", "policies/server.policy");
    System.setSecurityManager( new SecurityManager() );

The second line sets the security manager.

The first line specified a security policy file to be used.  In this case, I set up a server.policy file in a policies subfolder below the current working directory of the server program.  It contained the following:

grant
{
  permission java.net.SocketPermission
    "localhost:1024-65535", "connect,accept";
};

which grants the necessary permission to connect to, and accept connections from, a socket on the localhost, in the range 1024 to 65535.

Security is an important issue for RMI applications.  However, figuring out how to set up the security, and deciding what permissions need to be granted adds to the complexity of developing RMI programs.