Advanced Remote Method Invocations
description
Transcript of Advanced Remote Method Invocations
04/22/23 1
Advanced Remote Method Invocations
04/22/23 2
RMI – Advanced topics The Java RMI API has a rich collection of
features. We will look at some of RMI’s more
interesting advanced features, namely: stub downloading security manager client callback.
Although these features are not inherent to the distributed object paradigm, they are helpful mechanisms and can be useful to application developers.
04/22/23 3
The Java RMI Architecture
C lien t S er v er
s tu b
r em o te r e f er en c e lay er
tr an s p o r t lay er
s k e le to n
r em o te r e f er en c e lay er
tr an s p o r t lay er
l;o g ic a l d a ta p a th
p h y s ic a l d a ta p a th
s u p p o r ts th e in te r f ac e w ithth e ap p lic a tio n p r o g r am
m ap s th e p la tf o r m - in d ep en d en t s tu b /s k e le to nlay er to th e p la tf o r m - d ep en d en t tr an s p o r tlay er ; c a r r ies o u t r em o te r e f e r en c e p r o to c o ls
s e ts u p , m ain ta in s , an d s h u ts d o w nc o n n ec tio n s ; an d c ar r ies o u t th etr an s p o r t p r o to c o l
04/22/23 4
Java RMI Client Server InteractionC lie n t h o s t
S e rv e r h o s t
R M I r eg is tr y
S o m eS er v er . c las s
S o m eI n ter f ac e_ s tu b . c las s
S o m eI n ter f ac e_ s k e l. c las s
C lien t. c las s
S o m eI n ter f ac e_ s tu b . c las s
12
3
4
1 . C lie n t lo o k s u p th e in te rfa ce o bje ct in th e R M I re g is t ry o n th e s e rv e r h o s t .2 . Th e R M I R e g is try re tu rn s a re m o te re fe re n ce to th e in te rfa ce o bje ct .3 . I f th e in te rfa ce o bje ct 's s tu b is n o t o n th e c lie n t h o s t a n d if it is s o a rra n g e d by th e s e rv e r, th e s tu b is do wn lo a de d fro m a n H TTP s e rv e r.4 . V ia th e s e rv e r s tu b, th e clie n t pro ce s s in te ra ct s with th e s k e le to n o f th e in te rfa ce o bje ct t o a cce s s th e m e th o ds in th e s e rv e r o bje ct .
H TTP h o s t
X
04/22/23 5
RMI Stub Downloading RMI is designed to allow stubs to be made
available to the client dynamically (in HW_#3). Doing so allows changes to be made in the remote methods without affecting the client program.
The stub can be filed with an web server and be downloaded using HTTP/FTP.
Security measures are needed in both the client side and the server side:
A java security policy file needs to be set on the server host and also on the client host.
A Java Security Manager should be instantiated in both the client and server programs.
04/22/23 6
Stub downloading If the stub will be downloaded from a remote server, transfer
the stub class to the appropriate directory that HTTP server can reach, e.g., www.csc.calpoly.edu/~mliu/www, and make sure that the RIGHT access permission to the file is set.
When activating the server, specify command option
java -D java.r m i .s e r ve .c o de bas e = < U R L > / \ -D java.r m i .s e r ve r .ho s tnam e = < s e r ve r ho s t nam e > \ -D java.s e c ur i ty.po l i c y= < ful l d i r e c to r y path to java po l i c y fi l e >w he r e < U R L > i s the U R L fo r the s tub c l as s , e .g ., ht tp: / /w w w .c s c .c al po l y.e du /~ m l i u /c l as s < s e r ve r ho s t nam e > i s the nam e o f the ho s t o n w hi c h the s e r ve r r uns ,and < ful l d i r e c to r y path to java po l i c y fi l e > s pe c i fi e s w he r e the s e c ur i ty po l i c y fi l e fo r th i s appl i c at i o n i s to be fo und, e .g ., java.s e c ur i ty i f yo u have a fi l e by that nam e i n the d i r e c to r y w he r e the s e r ve r c l as s i s .
java -D java.rmi.server.codebase = <URL> \
-D java.rmi.server.hostname=<server host name> \
-D java.security.policy=<full directory path to java.policy file>
04/22/23 7
The java.policy file
The RMI security manager does not permit network access. Exceptions can be made via the specification in a java.policy file.
grant { // permits socket access to all common TCP ports, including the default // RMI registry port (1099) – need for both the client and the server. permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve"; // permits socket access to port 80, the default HTTP port – needed // by client to contact an HTTP server for stub downloading permission java.net.SocketPermission "*:80", "connect";
}; grant { // Allow everything hw_#3
permission java.security.AllPermission; };
04/22/23 8
The java.policy file - 2 This file can be filed in the same directory as the server class
file. When activating the client, a java.policy file also should be
specified: java -D java.rmi.server.useCodebaseOnly=true
-D java.rmi.server.codebase =http://hostname:80/stub_dir/ -D java.security.manager -D java.security.policy=java.policy
SomeClient
[ -D property=value ] [ -Djava.security.policy=someURL SomeApp where someURL is a URL specifying the location of a policy file ] java.rmi.server.codebase: this property specifies the
locations from which classes that are published by this JVM.
java.rmi.server.useCodebaseOnly: If this value is true, automatic loading of classes is prohibited except from the local CLASSPATH and from the java.rmi.server.codebase property set on this JVM.
Default security policy file: $java_jre_home/lib/security/java.policy
permission java.net.SocketPermission "localhost:1024-", "listen";
04/22/23 9
The java.policy file - 3 The "-D java.security.manager" argument
ensures that the default security manager is installed, and thus the application is subject to policy checks.
Default security manager is not required if the application installs a security manager.
If you use java -Djava.security.manager –D
java.security.policy==someURL SomeApp, then just the specified policy file will be used; all the ones indicated in the security properties file will be ignored.
Ref: http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html
04/22/23 10
File Placements
jav a .p o lic y
S o m eC lien t. c las s
jav a .p o lc y
S o m eS er v er . c las s
S o m eI n te r f ac e_ s tu b .c las s
S o m eI n te r f ac e .S k e le to n .c las s
S o m eI n te r f ac e_ s tu b .c las s
C lie n t h o s t
c lien t d ir ec to r y
S e rv e r h o s t
s e r v er d ir ec to r y
H TTP S e rv e r
04/22/23 11
RMI Security Manager Since RMI involves access to/from a remote/foreign host,
and possibly object downloading, it is important for both the server and the client to protect its system from malicious access.
The RMISecurityManager--a Java class, can be instantiated in both the client and the server for limiting access privileges.
RMI's class loader will not download any classes from remote locations if no security manager has been set.
RMISecurityManager does not apply to applets, which run under the protection of their browser's security manager.
You can instantiate/write your own security manager, if so desired.
try { System.setSecurityManager(new RMISecurityManager( )); }catch { …}
04/22/23 12
Sample Code for Stub Downloading The possible ways--accept, connect, listen, and resolve,
to connect to a host in SocketPermission java class. The "listen" action is only meaningful when used with
"localhost". The "resolve" action is implied when any of the other
actions are present. The action "resolve" refers to host/ip name service lookups.
p1 = new SocketPermission(“ise.gmu.edu:7777", "connect, accept"); allows that code to connect to port 7777 on ise.gmu.edu, and to accept connections on that port.
p2 = new SocketPermission("localhost:1024-", "accept, connect, listen"); allows that code to accept connections on, connect to, or listen on any port between 1024 and 65535 on the local host.
Ref: http://java.sun.com/j2se/1.4.2/docs/api/java/net/SocketPermission.html
04/22/23 13
Algorithm for building an RMI Application
Server side:1. Open a directory for all the files to be generated for this application.
2. Specify the remote-server interface, and compile it to generate the interface class file.
3. Build the remote server class by implementing the interface, and compile it using javac.
4. Use rmic to process the server class to generate a stub.class file and a skelton.class file: rmic SomeServerImpl
5. If stub downloading is desired, copy the stub file to an appropriate directory on the HTTP host.
6. Activate the RMIRegistry, if it has not already been activated.
7. Set up a java.policy file.
8. Activate the server, specifying (i) the codebase if stub downloading is desired, (ii) the server host name, and (iii) the security policy file.
04/22/23 14
Sample Code for Stub Downloading
public interface HelloInterface extends Remote {public String sayHello() throws java.rmi.RemoteException;
} // end of HelloInterface interface
public class HelloImpl extends UnicastRemoteObject implements HelloInterface {
public HelloImpl() throws RemoteException { super( ); } public String sayHello() throws RemoteException { return "Hello, World!"; }} // end HelloImpl class
04/22/23 15
Sample Code for Stub Downloading
public class HelloServer { public static void main(String args[]) { try{ // System.setSecurityManager( new RMISecurityManager()); startRegistry(RMIPortNum); HelloImpl exportedObj = new HelloImpl(); registryURL = "rmi://cs1.cs.gmu.edu:" + portNum + "/hello"; Naming.rebind(registryURL, exportedObj); System.out.println("Hello Server ready."); }// end try catch (Exception re) { System.out.println("Exception in HelloServer.main: " + re); } } // end main
04/22/23 16
Sample Code for Stub Downloading
grant { // Allows RMI clients to make socket connections to the // public ports on any host. // If you start the RMI registry on a port in this range, you // will not incur a resolve access violation. permission java.net.SocketPermission "*:1024-65535", "connect, accept, resolve"; // Permits socket access to port 80, the default HTTP port - // needed by client to contact an HTTP server for stub // downloading. permission java.net.SocketPermission "*:80",
"connect, accept, resolve";};
04/22/23 17
Sample Code for Stub Downloading
build: $(JAVAC) HelloInterface.java $(JAVAC) HelloServer.java $(JAVAC) HelloImpl.javarmic: $(RMIC) HelloImpl
runs: $(JAVA) -D java.security.policy=java.policy
-D java.rmi.server.codebase=http://server_URL HelloServer
04/22/23 18
Algorithm for building an RMI Application
Client side:1. Open a directory for all the files to be generated
for this application.2. Implement the client program or applet, and
compile it to generate the client class.3. If stub downloading is not in effect, copy the
server interface stub class file.4. Set up a java.policy file.5. Activate the client, specifying (i) the server host
name, (ii) the security policy file, and (iii) the codebase if stub downloading is desired.
04/22/23 19
Client Code for Stub Downloading - 1
public class HelloClient { public static void main(String args[]) { try { System.setSecurityManager(new RMISecurityManager()); String registryURL = "rmi://ise.gmu.edu:" + portNum + "/hello"; // find the remote object and cast it to an interface object HelloInterface h = (HelloInterface)Naming.lookup(registryURL); // invoke the remote method String message = h.sayHello(); } // end try catch (Exception e) { System.out.println("Exception in HelloClient: " + e); } // end catch } //end main}//end class
04/22/23 20
Client Code for Stub Downloading - 2
build: $(JAVAC) HelloClient.java $(JAVAC) HelloInterface.java
runc: $(JAVA) –D java.rmi.server.useCodebaseOnly=true
-D java.rmi.server.codebase=http://URL_stub_dir/ -D java.security.policy=java.policy HelloClient
04/22/23 21
RMI Callbacks
04/22/23 22
Introduction In the client server model, the server is passive: the IPC
is initiated by the client; the server waits for the arrival of requests and provides responses.
Some applications require the server to initiate communication upon certain events. Examples applications are:
monitoring games auctioning voting/polling chat-room message/bulletin board groupware
04/22/23 23
Polling vs. Callback
In the absence of callback, a client will have to poll a passive server repeatedly if it needs to be notified that an event has occurred at the server end.
S e rv e r
C lie n t
...
P o lling
S e rv e r
C lie n t
C a llba c k
A clie n t is s u e s a re qu e s t to th es e rv e r re pe a te dly u n t il th ede s ire d re s po n s e is o bta in e d.
A clie n t re g is t e rs it s e lf with th es e rv e r, a n d wa it u n t il th e s e rv e rca lls ba ck .
a re m o te m e th o d ca ll
04/22/23 24
Two-way communications Some applications require that both sides may initiate IPC. Using sockets, duplex communication can be achieved by
using two sockets on either side. With connection-oriented sockets, each side acts as both a
client and a server.
r eq u es tr es p o n s e
r eq u es t
r es p o n s e
Pro ce s s 1Pro ce s s 1Process 2
04/22/23 25
RMI Callbacks A callback client registers itself with an RMI server. The server makes a callback to each registered client
upon the occurrence of a certain event.
T h e c a llb ac k lis t
C 1
C 2
C 3
C 4
C 5
c allb ac k
S e rv e rC lie n ts
R M I c a lls
04/22/23 26
Callback Client-Server InteractionsC lie n t h o s t
S e rv e r h o s t
R M I r eg is tr y
S o m eS er v er . c las s
S o m eI n ter f ac e_ s tu b .c las s
S o m eI n ter f ac e_ s k el. c las s
C lien t. c las s12
1 . C lie n t lo o k s u p th e in te rfa ce o bje ct in th e R M I re g is try o n th e s e rv e r h o s t .2 . Th e R M I R e g is try re tu rn s a re m o te re fe re n ce to th e in te rfa ce o bje ct .3 . V ia th e s e rv e r s tu b, th e c lie n t pro ce s s in v o k e s a re m o te m e th o d to re g is t e r it s e lf fo r ca llba ck , pa s s in g a re m o te re fe re n ce to it s e lf to th e s e rv e r. Th e s e rv e r s a v e s th e re fe re n ce in it s ca llba ck lis t .4 . V ia th e s e rv e r s tu b, th e c lie n t pro ce s s in te ra ct s with th e s k e le to n o f th e in te rfa ce o bje ct t o a cce s s th e m e th o ds in th e in te rfa ce o bje ct .5 . W h e n th e a n t ic ipa te d e v e n t ta k e s pla ce , th e s e rv e r m a k e s a ca llba ck to e a ch re g is t e re d c lie n t v ia th e ca llba ck in te rfa ce s tu b o n th e s e rv e r s ide a n d th e ca llba ck in te rfa ce s k e le to n o n th e c lie n t s ide .
X
C allb ac k I n ter f ac e_ s k el. c las s
C allb ac k I n ter f ac e_ s tu b .c las s5
3 ,4
04/22/23 27
Callback application files
C lie n t .c la s s
C l i e n tIn te rface .cl as s
S e rve rIn te rface .cl as s
C lie n t I m pl.c la s s
S e rve rIm pl _S tu b.cl as s
C l i e n tIm pl _s k e l .cl as s
O bje ct c lie n t h o s t
o bje ct c lie n t dire cto ry
S e rv e r.cla s s
S e rve rIn te rface .cl as s
C l i e n tIn te rface .cl as s
S e rv e rI m pl.c la s s
C l i e n tIm pl _S tu b.cl as s
S e rve rIm pl _s k e l .cl as s
O bje ct s e rv e r h o s t
o bje ct s e rv e r dire cto ry
04/22/23 28
RMI Callback file placements
jav a .p o lic y
S o m eC lien t. c las s
jav a .p o lc y
S o m eS er v er . c las s
S o m eI n te r f ac e_ s tu b .c las s
S o m eI n te r f ac e .S k ele to n .c las s
S o m eI n te r f ac e_ s tu b .c las s
C lie n t h o s t
c lien t d ir ec to r y
S e rv e r h o s t
s er v er d ir ec to r y
H TTP S e rv e r
C allb ac k I n ter f ac e _ s tu b .c las s
C allb ac k I n ter f ac e _ s k e l. c las s
04/22/23 29
The Hello Application with Callback
s a y H e llo ( )
H e llo I n te rfa ce
Un i cas tRe m ote O bje ct
H e llo I m plH e llo S e rv e r
lis tR e g is t ry ( )s ta rtR e g is t ry ( )
s e rv e rre g is t ryclie n t
re bin d( )
lo o k u p( )
s a y H e llo ( )
s e que nc e d i ag r am
U M L di ag r am
n o t ify M e ( )
C al l back C l i e n tIn te rface
Un i cas tRe m ote O bje ct
C a l l b a c k C l i e n tm p lC a l l b a c k C l i e n t
a ddC a llba ck ( )
n o t ify M e ( )
04/22/23 30
RMI Callback Interface
The server provides a remote method (in server interface), which allows a client to register itself for callbacks.
A client remote interface for the callback is needed, in addition to the server-side interface.
The client remote interface specifies a method for accepting a callback from the server.
The client program is a subclass of RemoteObject, and implements the callback (client) remote interface, including the callback method—NotifyMe().
The client registers itself for callback in its main method, by passing an object reference to the client remote interface.
The server invokes the client’s remote method—NotifyMe(), upon the occurrence of the anticipated event.
04/22/23 31
Algorithm for building an RMI Callback Application
Server side:1. Open a directory for all the files to be generated for this application.2. Specify the remote-server interface, and compile it to generate the
interface class file.3. Build the remote server class by implementing the interface, and
compile it using javac.4. Use rmic to process the server class to generate a stub class file and a
skeleton class file: rmic ServerInterfaceImpl5. If stub downloading is desired, copy the stub file to an appropriate
directory on the HTTP host.6. Activate the RMIRegistry, if it has not already been activated.7. Set up a java.policy file.8. Activate the server, specifying (i) the codebase if stub downloading is
desired, (ii) the server host name, and (iii) the security policy file.9. Obtain the CallbackClientInterface and its stub file. Use rmic
CallbackClientInterfaceImpl to generate the stub file for the callback.
04/22/23 32
Remote Interface for Server
public interface CallbackServerInterface extends Remote {
// remote method public String sayHello() throws java.rmi.RemoteException; // method to be invoked by a client to add itself to the callback list public void registerForCallback ( CallbackClientInterface CallbackObject) throws java.rmi.RemoteException;
public void unregisterForCallback( CallbackClientInterface CallbackObject) throws java.rmi.RemoteException;}
04/22/23 33
Client Remote Interface for Callback
// a remote interface specifying a callback method
public interface CallbackClientInterface extends java.rmi.Remote
{
// callback method to be called by the server
public void NotifyMe ( String message )
throws java.rmi.RemoteException;
}
04/22/23 34
ServerInterfaceImpl with callbackpublic class CallbackServerInterfaceImpl extends UnicastRemoteObject
implements CallbackServerInterface { public CallbackServerInterfaceImpl() throws RemoteException { super( ); clientList = new Vector(); }
public String sayHello( ) throws java.rmi.RemoteException { return("hello"); }
public synchronized void registerForCallback( CallbackClientInterface callbackClientObject) throws java.rmi.RemoteException{if (!(clientList.contains(callbackClientObject))) { clientList.addElement(callbackClientObject);doCallbacks(); } }
private synchronized void doCallbacks( ) throws java.rmi.RemoteException{ for (int i = 0; i < clientList.size(); i++){
CallbackClientInterface nextClient = (CallbackClientInterface)clientList.elementAt(i);String returnMsg = nextClient.notifyMe("Num of clients=" + clientList.size()); } } }
04/22/23 35
ClientInterfaceImpl with callback
public class CallbackClientInterfaceImpl extends UnicastRemoteObject implements CallbackClientInterface {
public CallbackClientInterfaceImpl() throws RemoteException {
super( ); }
public String notifyMe (String message){
String retMessage = "Call back received: " + message;
return retMessage; }
}
04/22/23 36
Algorithm for building an RMI Callback Application
Client side:1. Open a directory for all the files to be generated for this
application.2. Implement the client program or applet, and compile it
to generate the client class.3. If stub downloading is not in effect, copy the server
interface stub class file by hand.4. Implement the callback client interface—client interface
impl class 5. using rmic to generate a stub class and a skeleton class
for it for both client callback interface and server interface.
6. Set up a java.policy file.7. Activate the client, specifying (i) the server host name,
(ii) the security policy file, and (iii) the codebase if stub downloading is desired.
04/22/23 37
CallbackClientpublic class CallbackClient { public static void main(String args[]) { try { // stub downloading System.setSecurityManager(new RMISecurityManager()); String registryURL = "rmi://cs1.cs.gmu.edu:" + portNum + "/callback";CallbackServerInterface h =
(CallbackServerInterface)Naming.lookup(registryURL);CallbackClientInterface callbackObj = new CallbackClientInterfaceImpl(); // register for callback h.registerForCallback(callbackObj); System.out.println (“Registered for callback.");
h.unregisterForCallback(callbackObj); } catch (Exception e) { System.out.println ("Exception in CallbackClient: " + e); } // end catch } // end of main() }//end class
04/22/23 38
Summary-1 Stub downloading allows a stub class to be
downloaded to an object client at runtime, thereby allowing a remote object’s implementation to be modified and its stub class regenerated without affecting the software on the client host.
A security manager oversees access restrictions specified in a Java security policy file, which can be a system-wide policy file, or a policy file applied to an individual application only.
For security protection, the use of security managers is recommended in all RMI applications, regardless of whether stub downloading is involved.
04/22/23 39
Summary-2
Client callback: Client callback is useful for an
application where the clients desire to be notified by the server of the occurrence of some event.
Client callback allows an object server to make a remote method call to a client via a reference to a client remote interface.
04/22/23 40
Summary-3 Client callback:
To provide client callback, the client-side supplies a remote interface, instantiates a callback interface object passes a reference to the object to the server via
a remote method call to the server. The object server:
collects these client references in a data structure.
invokes a callback method, defined in the client remote interface, to pass data to the client, when the awaited event occurs.
Two sets of stub-skeletons are needed: one for the server remote interface, the other one for the client remote interface.