04/22/23 1

Advanced Remote Method Invocations

04/22/23 2

RMI – Advanced topics The Java RMI API has a rich collection of

features. We will look at some of RMI’s more

interesting advanced features, namely: stub downloading security manager client callback.

Although these features are not inherent to the distributed object paradigm, they are helpful mechanisms and can be useful to application developers.

04/22/23 3

The Java RMI Architecture

C lien t S er v er

s tu b

r em o te r e f er en c e lay er

tr an s p o r t lay er

s k e le to n

r em o te r e f er en c e lay er

tr an s p o r t lay er

l;o g ic a l d a ta p a th

p h y s ic a l d a ta p a th

s u p p o r ts th e in te r f ac e w ithth e ap p lic a tio n p r o g r am

m ap s th e p la tf o r m - in d ep en d en t s tu b /s k e le to nlay er to th e p la tf o r m - d ep en d en t tr an s p o r tlay er ; c a r r ies o u t r em o te r e f e r en c e p r o to c o ls

s e ts u p , m ain ta in s , an d s h u ts d o w nc o n n ec tio n s ; an d c ar r ies o u t th etr an s p o r t p r o to c o l

04/22/23 4

Java RMI Client Server InteractionC lie n t h o s t

S e rv e r h o s t

R M I r eg is tr y

S o m eS er v er . c las s

S o m eI n ter f ac e_ s tu b . c las s

S o m eI n ter f ac e_ s k e l. c las s

C lien t. c las s

S o m eI n ter f ac e_ s tu b . c las s

12

3

4

1 . C lie n t lo o k s u p th e in te rfa ce o bje ct in th e R M I re g is t ry o n th e s e rv e r h o s t .2 . Th e R M I R e g is try re tu rn s a re m o te re fe re n ce to th e in te rfa ce o bje ct .3 . I f th e in te rfa ce o bje ct 's s tu b is n o t o n th e c lie n t h o s t a n d if it is s o a rra n g e d by th e s e rv e r, th e s tu b is do wn lo a de d fro m a n H TTP s e rv e r.4 . V ia th e s e rv e r s tu b, th e clie n t pro ce s s in te ra ct s with th e s k e le to n o f th e in te rfa ce o bje ct t o a cce s s th e m e th o ds in th e s e rv e r o bje ct .

H TTP h o s t

X

04/22/23 5

RMI Stub Downloading RMI is designed to allow stubs to be made

available to the client dynamically (in HW_#3). Doing so allows changes to be made in the remote methods without affecting the client program.

The stub can be filed with an web server and be downloaded using HTTP/FTP.

Security measures are needed in both the client side and the server side:

A java security policy file needs to be set on the server host and also on the client host.

A Java Security Manager should be instantiated in both the client and server programs.

04/22/23 6

Stub downloading If the stub will be downloaded from a remote server, transfer

the stub class to the appropriate directory that HTTP server can reach, e.g., www.csc.calpoly.edu/~mliu/www, and make sure that the RIGHT access permission to the file is set.

When activating the server, specify command option

java -D java.r m i .s e r ve .c o de bas e = < U R L > / \ -D java.r m i .s e r ve r .ho s tnam e = < s e r ve r ho s t nam e > \ -D java.s e c ur i ty.po l i c y= < ful l d i r e c to r y path to java po l i c y fi l e >w he r e < U R L > i s the U R L fo r the s tub c l as s , e .g ., ht tp: / /w w w .c s c .c al po l y.e du /~ m l i u /c l as s < s e r ve r ho s t nam e > i s the nam e o f the ho s t o n w hi c h the s e r ve r r uns ,and < ful l d i r e c to r y path to java po l i c y fi l e > s pe c i fi e s w he r e the s e c ur i ty po l i c y fi l e fo r th i s appl i c at i o n i s to be fo und, e .g ., java.s e c ur i ty i f yo u have a fi l e by that nam e i n the d i r e c to r y w he r e the s e r ve r c l as s i s .

java -D java.rmi.server.codebase = <URL> \

-D java.rmi.server.hostname=<server host name> \

-D java.security.policy=<full directory path to java.policy file>

04/22/23 7

The java.policy file

The RMI security manager does not permit network access. Exceptions can be made via the specification in a java.policy file.

grant { // permits socket access to all common TCP ports, including the default // RMI registry port (1099) – need for both the client and the server. permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve"; // permits socket access to port 80, the default HTTP port – needed // by client to contact an HTTP server for stub downloading permission java.net.SocketPermission "*:80", "connect";

}; grant { // Allow everything hw_#3

permission java.security.AllPermission; };

04/22/23 8

The java.policy file - 2 This file can be filed in the same directory as the server class

file. When activating the client, a java.policy file also should be

specified: java -D java.rmi.server.useCodebaseOnly=true

-D java.rmi.server.codebase =http://hostname:80/stub_dir/ -D java.security.manager -D java.security.policy=java.policy

SomeClient

[ -D property=value ] [ -Djava.security.policy=someURL SomeApp where someURL is a URL specifying the location of a policy file ] java.rmi.server.codebase: this property specifies the

locations from which classes that are published by this JVM.

java.rmi.server.useCodebaseOnly: If this value is true, automatic loading of classes is prohibited except from the local CLASSPATH and from the java.rmi.server.codebase property set on this JVM.

Default security policy file: $java_jre_home/lib/security/java.policy

permission java.net.SocketPermission "localhost:1024-", "listen";

04/22/23 9

The java.policy file - 3 The "-D java.security.manager" argument

ensures that the default security manager is installed, and thus the application is subject to policy checks.

Default security manager is not required if the application installs a security manager.

If you use java -Djava.security.manager –D

java.security.policy==someURL SomeApp, then just the specified policy file will be used; all the ones indicated in the security properties file will be ignored.

Ref: http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html

04/22/23 10

File Placements

jav a .p o lic y

S o m eC lien t. c las s

jav a .p o lc y

S o m eS er v er . c las s

S o m eI n te r f ac e_ s tu b .c las s

S o m eI n te r f ac e .S k e le to n .c las s

S o m eI n te r f ac e_ s tu b .c las s

C lie n t h o s t

c lien t d ir ec to r y

S e rv e r h o s t

s e r v er d ir ec to r y

H TTP S e rv e r

04/22/23 11

RMI Security Manager Since RMI involves access to/from a remote/foreign host,

and possibly object downloading, it is important for both the server and the client to protect its system from malicious access.

The RMISecurityManager--a Java class, can be instantiated in both the client and the server for limiting access privileges.

RMI's class loader will not download any classes from remote locations if no security manager has been set.

RMISecurityManager does not apply to applets, which run under the protection of their browser's security manager.

You can instantiate/write your own security manager, if so desired.

try { System.setSecurityManager(new RMISecurityManager( )); }catch { …}

04/22/23 12

Sample Code for Stub Downloading The possible ways--accept, connect, listen, and resolve,

to connect to a host in SocketPermission java class. The "listen" action is only meaningful when used with

"localhost". The "resolve" action is implied when any of the other

actions are present. The action "resolve" refers to host/ip name service lookups.

p1 = new SocketPermission(“ise.gmu.edu:7777", "connect, accept"); allows that code to connect to port 7777 on ise.gmu.edu, and to accept connections on that port.

p2 = new SocketPermission("localhost:1024-", "accept, connect, listen"); allows that code to accept connections on, connect to, or listen on any port between 1024 and 65535 on the local host.

Ref: http://java.sun.com/j2se/1.4.2/docs/api/java/net/SocketPermission.html

04/22/23 13

Algorithm for building an RMI Application

Server side:1. Open a directory for all the files to be generated for this application.

2. Specify the remote-server interface, and compile it to generate the interface class file.

3. Build the remote server class by implementing the interface, and compile it using javac.

4. Use rmic to process the server class to generate a stub.class file and a skelton.class file: rmic SomeServerImpl

5. If stub downloading is desired, copy the stub file to an appropriate directory on the HTTP host.

6. Activate the RMIRegistry, if it has not already been activated.

7. Set up a java.policy file.

8. Activate the server, specifying (i) the codebase if stub downloading is desired, (ii) the server host name, and (iii) the security policy file.

 

04/22/23 14

Sample Code for Stub Downloading

public interface HelloInterface extends Remote {public String sayHello() throws java.rmi.RemoteException;

} // end of HelloInterface interface

public class HelloImpl extends UnicastRemoteObject implements HelloInterface {

public HelloImpl() throws RemoteException { super( ); } public String sayHello() throws RemoteException { return "Hello, World!"; }} // end HelloImpl class

04/22/23 15

Sample Code for Stub Downloading

public class HelloServer { public static void main(String args[]) { try{ // System.setSecurityManager( new RMISecurityManager()); startRegistry(RMIPortNum); HelloImpl exportedObj = new HelloImpl(); registryURL = "rmi://cs1.cs.gmu.edu:" + portNum + "/hello"; Naming.rebind(registryURL, exportedObj); System.out.println("Hello Server ready."); }// end try catch (Exception re) { System.out.println("Exception in HelloServer.main: " + re); } } // end main

04/22/23 16

Sample Code for Stub Downloading

grant { // Allows RMI clients to make socket connections to the // public ports on any host. // If you start the RMI registry on a port in this range, you // will not incur a resolve access violation. permission java.net.SocketPermission "*:1024-65535", "connect, accept, resolve"; // Permits socket access to port 80, the default HTTP port - // needed by client to contact an HTTP server for stub // downloading. permission java.net.SocketPermission "*:80",

"connect, accept, resolve";};

04/22/23 17

Sample Code for Stub Downloading

build: $(JAVAC) HelloInterface.java $(JAVAC) HelloServer.java $(JAVAC) HelloImpl.javarmic: $(RMIC) HelloImpl

runs: $(JAVA) -D java.security.policy=java.policy

-D java.rmi.server.codebase=http://server_URL HelloServer

04/22/23 18

Algorithm for building an RMI Application

Client side:1. Open a directory for all the files to be generated

for this application.2. Implement the client program or applet, and

compile it to generate the client class.3. If stub downloading is not in effect, copy the

server interface stub class file.4. Set up a java.policy file.5. Activate the client, specifying (i) the server host

name, (ii) the security policy file, and (iii) the codebase if stub downloading is desired.

04/22/23 19

Client Code for Stub Downloading - 1

public class HelloClient { public static void main(String args[]) { try { System.setSecurityManager(new RMISecurityManager()); String registryURL = "rmi://ise.gmu.edu:" + portNum + "/hello"; // find the remote object and cast it to an interface object HelloInterface h = (HelloInterface)Naming.lookup(registryURL); // invoke the remote method String message = h.sayHello(); } // end try catch (Exception e) { System.out.println("Exception in HelloClient: " + e); } // end catch } //end main}//end class

04/22/23 20

Client Code for Stub Downloading - 2

build: $(JAVAC) HelloClient.java $(JAVAC) HelloInterface.java

runc: $(JAVA) –D java.rmi.server.useCodebaseOnly=true

-D java.rmi.server.codebase=http://URL_stub_dir/ -D java.security.policy=java.policy HelloClient

04/22/23 21

RMI Callbacks

04/22/23 22

Introduction In the client server model, the server is passive: the IPC

is initiated by the client; the server waits for the arrival of requests and provides responses.

Some applications require the server to initiate communication upon certain events. Examples applications are:

monitoring games auctioning voting/polling chat-room message/bulletin board groupware

04/22/23 23

Polling vs. Callback

In the absence of callback, a client will have to poll a passive server repeatedly if it needs to be notified that an event has occurred at the server end.

S e rv e r

C lie n t

...

P o lling

S e rv e r

C lie n t

C a llba c k

A clie n t is s u e s a re qu e s t to th es e rv e r re pe a te dly u n t il th ede s ire d re s po n s e is o bta in e d.

A clie n t re g is t e rs it s e lf with th es e rv e r, a n d wa it u n t il th e s e rv e rca lls ba ck .

a re m o te m e th o d ca ll

04/22/23 24

Two-way communications Some applications require that both sides may initiate IPC. Using sockets, duplex communication can be achieved by

using two sockets on either side. With connection-oriented sockets, each side acts as both a

client and a server.

r eq u es tr es p o n s e

r eq u es t

r es p o n s e

Pro ce s s 1Pro ce s s 1Process 2

04/22/23 25

RMI Callbacks A callback client registers itself with an RMI server. The server makes a callback to each registered client

upon the occurrence of a certain event.

T h e c a llb ac k lis t

C 1

C 2

C 3

C 4

C 5

c allb ac k

S e rv e rC lie n ts

R M I c a lls

04/22/23 26

Callback Client-Server InteractionsC lie n t h o s t

S e rv e r h o s t

R M I r eg is tr y

S o m eS er v er . c las s

S o m eI n ter f ac e_ s tu b .c las s

S o m eI n ter f ac e_ s k el. c las s

C lien t. c las s12

1 . C lie n t lo o k s u p th e in te rfa ce o bje ct in th e R M I re g is try o n th e s e rv e r h o s t .2 . Th e R M I R e g is try re tu rn s a re m o te re fe re n ce to th e in te rfa ce o bje ct .3 . V ia th e s e rv e r s tu b, th e c lie n t pro ce s s in v o k e s a re m o te m e th o d to re g is t e r it s e lf fo r ca llba ck , pa s s in g a re m o te re fe re n ce to it s e lf to th e s e rv e r. Th e s e rv e r s a v e s th e re fe re n ce in it s ca llba ck lis t .4 . V ia th e s e rv e r s tu b, th e c lie n t pro ce s s in te ra ct s with th e s k e le to n o f th e in te rfa ce o bje ct t o a cce s s th e m e th o ds in th e in te rfa ce o bje ct .5 . W h e n th e a n t ic ipa te d e v e n t ta k e s pla ce , th e s e rv e r m a k e s a ca llba ck to e a ch re g is t e re d c lie n t v ia th e ca llba ck in te rfa ce s tu b o n th e s e rv e r s ide a n d th e ca llba ck in te rfa ce s k e le to n o n th e c lie n t s ide .

X

C allb ac k I n ter f ac e_ s k el. c las s

C allb ac k I n ter f ac e_ s tu b .c las s5

3 ,4

04/22/23 27

Callback application files

C lie n t .c la s s

C l i e n tIn te rface .cl as s

S e rve rIn te rface .cl as s

C lie n t I m pl.c la s s

S e rve rIm pl _S tu b.cl as s

C l i e n tIm pl _s k e l .cl as s

O bje ct c lie n t h o s t

o bje ct c lie n t dire cto ry

S e rv e r.cla s s

S e rve rIn te rface .cl as s

C l i e n tIn te rface .cl as s

S e rv e rI m pl.c la s s

C l i e n tIm pl _S tu b.cl as s

S e rve rIm pl _s k e l .cl as s

O bje ct s e rv e r h o s t

o bje ct s e rv e r dire cto ry

04/22/23 28

RMI Callback file placements

jav a .p o lic y

S o m eC lien t. c las s

jav a .p o lc y

S o m eS er v er . c las s

S o m eI n te r f ac e_ s tu b .c las s

S o m eI n te r f ac e .S k ele to n .c las s

S o m eI n te r f ac e_ s tu b .c las s

C lie n t h o s t

c lien t d ir ec to r y

S e rv e r h o s t

s er v er d ir ec to r y

H TTP S e rv e r

C allb ac k I n ter f ac e _ s tu b .c las s

C allb ac k I n ter f ac e _ s k e l. c las s

04/22/23 29

The Hello Application with Callback

s a y H e llo ( )

H e llo I n te rfa ce

Un i cas tRe m ote O bje ct

H e llo I m plH e llo S e rv e r

lis tR e g is t ry ( )s ta rtR e g is t ry ( )

s e rv e rre g is t ryclie n t

re bin d( )

lo o k u p( )

s a y H e llo ( )

s e que nc e d i ag r am

U M L di ag r am

n o t ify M e ( )

C al l back C l i e n tIn te rface

Un i cas tRe m ote O bje ct

C a l l b a c k C l i e n tm p lC a l l b a c k C l i e n t

a ddC a llba ck ( )

n o t ify M e ( )

04/22/23 30

RMI Callback Interface

The server provides a remote method (in server interface), which allows a client to register itself for callbacks.

A client remote interface for the callback is needed, in addition to the server-side interface.

The client remote interface specifies a method for accepting a callback from the server.

The client program is a subclass of RemoteObject, and implements the callback (client) remote interface, including the callback method—NotifyMe().

The client registers itself for callback in its main method, by passing an object reference to the client remote interface.

The server invokes the client’s remote method—NotifyMe(), upon the occurrence of the anticipated event.

04/22/23 31

Algorithm for building an RMI Callback Application

Server side:1. Open a directory for all the files to be generated for this application.2. Specify the remote-server interface, and compile it to generate the

interface class file.3. Build the remote server class by implementing the interface, and

compile it using javac.4. Use rmic to process the server class to generate a stub class file and a

skeleton class file: rmic ServerInterfaceImpl5. If stub downloading is desired, copy the stub file to an appropriate

directory on the HTTP host.6. Activate the RMIRegistry, if it has not already been activated.7. Set up a java.policy file.8. Activate the server, specifying (i) the codebase if stub downloading is

desired, (ii) the server host name, and (iii) the security policy file.9. Obtain the CallbackClientInterface and its stub file. Use rmic

CallbackClientInterfaceImpl to generate the stub file for the callback.

 

04/22/23 32

Remote Interface for Server

public interface CallbackServerInterface extends Remote {

// remote method public String sayHello() throws java.rmi.RemoteException; // method to be invoked by a client to add itself to the callback list public void registerForCallback ( CallbackClientInterface CallbackObject) throws java.rmi.RemoteException;

public void unregisterForCallback( CallbackClientInterface CallbackObject) throws java.rmi.RemoteException;}

04/22/23 33

Client Remote Interface for Callback

// a remote interface specifying a callback method

public interface CallbackClientInterface extends java.rmi.Remote

{

// callback method to be called by the server

public void NotifyMe ( String message )

throws java.rmi.RemoteException;

}

04/22/23 34

ServerInterfaceImpl with callbackpublic class CallbackServerInterfaceImpl extends UnicastRemoteObject

implements CallbackServerInterface { public CallbackServerInterfaceImpl() throws RemoteException { super( ); clientList = new Vector(); }

public String sayHello( ) throws java.rmi.RemoteException { return("hello"); }

public synchronized void registerForCallback( CallbackClientInterface callbackClientObject) throws java.rmi.RemoteException{if (!(clientList.contains(callbackClientObject))) { clientList.addElement(callbackClientObject);doCallbacks(); } }

private synchronized void doCallbacks( ) throws java.rmi.RemoteException{ for (int i = 0; i < clientList.size(); i++){

CallbackClientInterface nextClient = (CallbackClientInterface)clientList.elementAt(i);String returnMsg = nextClient.notifyMe("Num of clients=" + clientList.size()); } } }

04/22/23 35

ClientInterfaceImpl with callback

public class CallbackClientInterfaceImpl extends UnicastRemoteObject implements CallbackClientInterface {

public CallbackClientInterfaceImpl() throws RemoteException {

super( ); }

public String notifyMe (String message){

String retMessage = "Call back received: " + message;

return retMessage; }

}

04/22/23 36

Algorithm for building an RMI Callback Application

Client side:1. Open a directory for all the files to be generated for this

application.2. Implement the client program or applet, and compile it

to generate the client class.3. If stub downloading is not in effect, copy the server

interface stub class file by hand.4. Implement the callback client interface—client interface

impl class 5. using rmic to generate a stub class and a skeleton class

for it for both client callback interface and server interface.

6. Set up a java.policy file.7. Activate the client, specifying (i) the server host name,

(ii) the security policy file, and (iii) the codebase if stub downloading is desired.

04/22/23 37

CallbackClientpublic class CallbackClient { public static void main(String args[]) { try { // stub downloading System.setSecurityManager(new RMISecurityManager()); String registryURL = "rmi://cs1.cs.gmu.edu:" + portNum + "/callback";CallbackServerInterface h =

(CallbackServerInterface)Naming.lookup(registryURL);CallbackClientInterface callbackObj = new CallbackClientInterfaceImpl(); // register for callback h.registerForCallback(callbackObj); System.out.println (“Registered for callback.");

h.unregisterForCallback(callbackObj); } catch (Exception e) { System.out.println ("Exception in CallbackClient: " + e); } // end catch } // end of main() }//end class

04/22/23 38

Summary-1 Stub downloading allows a stub class to be

downloaded to an object client at runtime, thereby allowing a remote object’s implementation to be modified and its stub class regenerated without affecting the software on the client host.

A security manager oversees access restrictions specified in a Java security policy file, which can be a system-wide policy file, or a policy file applied to an individual application only.

For security protection, the use of security managers is recommended in all RMI applications, regardless of whether stub downloading is involved.

04/22/23 39

Summary-2

Client callback: Client callback is useful for an

application where the clients desire to be notified by the server of the occurrence of some event.

Client callback allows an object server to make a remote method call to a client via a reference to a client remote interface.

04/22/23 40

Summary-3 Client callback:

To provide client callback, the client-side supplies a remote interface, instantiates a callback interface object passes a reference to the object to the server via

a remote method call to the server. The object server:

collects these client references in a data structure.

invokes a callback method, defined in the client remote interface, to pass data to the client, when the awaited event occurs.

Two sets of stub-skeletons are needed: one for the server remote interface, the other one for the client remote interface.