Lecture 12

1

Lecture 12

George Koutsogiannakis/ Summer 2011

CS441

CURRENT TOPICS IN PROGRAMMING LANGUAGES

Topics

• Servlets used as RMI Client.– RMI Security needed for Servlet to RMI server

Communications.

2

Servlet as RMI client

• The Servlet will implement the doGet or doPost method as normally.

• Within the method (doGet or doPost):– You need to catch Exceprion (create try/catch)– Do a lookup on the registry:

ReverseInterface r= (ReverseInterface) Naming.lookup ("//localhost:1099/Reverse");

3


– Where we assume that:• The server has registered a remote object for its instance

called “Reverse”.• The server’s Remote Interface that defines its service is

ReverseInterface.• The registry is at port 1099.

– Then go ahead and do the remote invocation and capture the output (still within try block):

String str=r.reverseString(qr);

4


– Where r is the reference received from the registry

– The argument in the remote method is the data type that the method accepts (i.e qr is of String data type in the example).

– The returned value from the server is captured by variable str (assuming that the remote method returns a String data type in this example).

5


– Process the captured data by the servlet using the proper stream and the response object:

PrintWriter out=response.getWriter();

out.println(str);

out.close();

6

RMI server.

• Create RMI server as it is done normally.import java.rmi.Remote;

import java.rmi.RemoteException;

public interface ReverseInterface extends Remote

{

String reverseString(String originalstring) throws RemoteException;

}

IN THE SERVER ReserveInterfaceImpl:

public static void main(String[] args){

String name="//localhost/Reverse";

try

{ ReverseInterfaceImpl r= new ReverseInterfaceImpl();

Naming.rebind(name, r); etc……………

7

RMI server.

IMPLEMENT THE REMOTE METHOD (SERVICE)public String reverseString(String originalstring) throws

RemoteException

{

int length=originalstring.length();

StringBuffer temp=new StringBuffer(length);

for (int i=length; i>0; i-- )

{

temp.append(originalstring.substring(i-1,i));

}

return temp.toString();

}

8

SET UP OF THE APPLICATION

• Create the applications web site outside of Tomcat (NEVER DEVELOP THE APPLICATION INSIDE TOMCAT).

• Do NOT Include the required files for the RMI server in the application’s deployment. Place all RMI client related files in the same directory as the servlet.

• Deploy using a WAR file approach.– Remember that with the servlet you will need the stub from the

server and a copy of the interface file also.

9


• You will need the certificate applied like you did in the assignment 1 with respect to a signed applet – We assume that the servlet uses an applet as a

client!!

• You may need a policy file like (optional): grant {

permission java.security.AllPermission;

};

10


• To allow communications between the Web Server (the servlet acting as RMI client) and the RMI Server:– Modify the java.policy file in the System’s security directory (jdk

installation) as follows:

// allows anyone to listen on un-privileged ports

permission java.net.SocketPermission "localhost:1024-65535", "connect, accept, listen, resolve";

11

Servlet as RMI Over IIOP Client.

• In either the doGet or doPost method:– We will need a Hashtable structure to place the call to

registry as a name/value attributes

ReverseInterface r;

Hashtable env=new Hashtable();

env.put("java.naming.factory.initial", "com.sun.jndi.cosnaming.CNCtxFactory");

env.put("java.naming.provider.url", "iiop://localhost:900");

We assume that the IIOP Naming Service is listening at port 900.

12

Servlet as RMI Over IIOP Client

– In try block contact the Naming Service (IIOP registry):

Context initialNamingContext=new InitialContext(env);

out.println("obtained InitialContext");

r=(ReverseInterface)PortableRemoteObject.narrow(initialNamingContext.lookup("Reverse"), ReverseInterface.class);

– Now do the remote invocation using the reference r received from the Naming Service

String str=r. reverseString(qr);WHERE reverseString is the remote method defined in the

Interface created by the Server.

13

Servlet as RMI Over IIOP Client

– Process the data captured by using the proper stream with the response object.

14

RMI Over IIOP Server

• Need additional import statements:import java.rmi.*;

import java.rmi.server.*;

//add the lines below

import javax.rmi.PortableRemoteObject;

import javax.naming.*;

import java.net.*;

import javax.naming.Context;

import javax.naming.InitialContext;

import javax.naming.NamingException;

15

RMI Over IIOP Server

– public class ReverseInterfaceImpl extends PortableRemoteObject implements ReverseInterface

– Registration in try block in main method:ReverseInterfaceImpl r= new ReverseInterfaceImpl();

//add the follwoing lines

Context initialNamingContext=new InitialContext();

System.out.println("Binding server to registry..");

initialNamingContext.rebind("Reverse", r);

System.out.println("Object was registered");

– Implement the remote method.

16


• Set up is similar to RMI description in previous files.

• Compiling should be as described in the RMI over IIOP presentation (lecture 11).

17

RMI SECURITY

• RMI has its own Security Manager.– Automatic downloading of stub files and

interface file by the client is strictly cntrolled by security.

• Secured Class Loaded

• java.policy file

• java.security file

• Security Policy controlled by RMISecurityManager object

18

RMI SECURITY

• RMISecurityManager creates a sandbox similar to what the applets have to encounter.

• Default RMISecurityManager uses the default java.policy and java.security system files.

• We can create our own RMISecurityManager and remove some of the restrictions.

• We can also change for demonstration reasons some of the restrictions by modifying the java.policy and java.security files and let the default RMISecurityManager object operate.

19

Study Guide

• See examples posted on the course’ s web site – ServletRMI.zip and – ServletRMIoverIIOP.zip

20

Lecture 12

Documents

Transcript of Lecture 12