11 Replies Latest reply on Dec 10, 2008 5:16 AM by Elvis D,

    no security manager: RMI class loader disabled

    Dan Williams Newbie

      Hi, hope this is the right place to put this message. I have a stand-alone java class which I am trying to use as a client to an EJB running inside JBOSS v4.0.2. I actually took this source code from another website as an example and just changed the package declaration. The EJB deploys fine and I can look it up OK from a Servlet/WAR file running inside the same JVM. When I try to access the bean from a different JVM (different host) or same host but outside the container, I get the exception shown at bottom of this message.

      Here is all my code and config:
      1. stand-alone client class with main method (same try/catch works flawlessly if I put inside a servlet inside JBOSS).
      package com.dan;

      import javax.naming.Context;
      import javax.naming.InitialContext;

      public class TesterClient extends java.lang.Object {
      public static void main(String[] args) {

      try {
      InitialContext ic = new InitialContext();
      Object o = ic.lookup("test/Tester");
      TesterHome home = (TesterHome)
      javax.rmi.PortableRemoteObject.narrow (o, TesterHome.class);

      Tester test = home.create();
      System.out.println( test.returnMessage( args[0] ) );
      } catch ( Exception e ) {
      e.printStackTrace();
      }//end try/catch
      }//end main()
      }//end class TesterClient

      2. jndi.properties on the client side (nowhere near jboss)
      java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
      java.naming.provider.url=localhost:1099
      java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces

      3. The classpath and command line
      The CLASSPATH when running (under Win2k, same box on which the jboss server is running although It's using networking to get to the server anyway as if I shut down the server, I get a socket timeout exception instead) has all the JARs from the jboss\client directory in it plus the usual suspects from J2SDK1.5 home.

      The BAT file I use to run the is as follows (where the com/dan path is under the current directory):
      SET CP=jboss;client;JARs (didn't want to put them all in here)
      java -cp %CLASSPATH%;%CP%;. tester.TesterClient 'some string'

      3. EJB code (and usual interfaces):

      package com.dan;

      public interface Tester extends javax.ejb.EJBObject {

      public String returnMessage( String msg ) throws java.rmi.RemoteException;

      }//end interface Tester

      ---

      package com.dan;

      import javax.ejb.*;

      public class TesterEJB extends java.lang.Object implements SessionBean {

      /** Creates new TesterEJB */
      public void ejbCreate() {
      }

      public void ejbActivate() throws javax.ejb.EJBException, java.rmi.RemoteException {
      }

      public void ejbPassivate() throws javax.ejb.EJBException, java.rmi.RemoteException {
      }

      public void ejbRemove() throws javax.ejb.EJBException, java.rmi.RemoteException {
      }

      public void setSessionContext(javax.ejb.SessionContext sessionContext) throws javax.ejb.EJBException, java.rmi.RemoteException {
      }

      public String returnMessage(java.lang.String msg) {
      return msg;
      }

      }

      ---

      package com.dan;
      public interface TesterHome extends javax.ejb.EJBHome {

      Tester create() throws java.rmi.RemoteException, javax.ejb.CreateException;

      }//end interface TesterHome

      4. ejb-jar.xml in the EJB JAR META-INF
      <?xml version="1.0" encoding="UTF-8"?>

      <!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'>

      <ejb-jar>
      <display-name>TesterJAR</display-name>
      <enterprise-beans>

      <display-name>TesterBean</display-name>
      <ejb-name>TesterBean</ejb-name>
      com.dan.TesterHome
      com.dan.Tester
      <ejb-class>com.dan.TesterEJB</ejb-class>
      <session-type>Stateless</session-type>
      <transaction-type>Container</transaction-type>

      </enterprise-beans>
      </ejb-jar>

      5. jboss.xml in META-INF
      <?xml version="1.0" encoding="UTF-8"?>

      <enterprise-beans>

      <ejb-name>TesterBean</ejb-name>
      <jndi-name>test/Tester</jndi-name>

      </enterprise-beans>


      6. And the exception...

      javax.naming.CommunicationException [Root exception is java.lang.ClassNotFoundException: com.dan.TesterHome (no security manager: RMI class loader disabled)]
      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:713)
      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
      at javax.naming.InitialContext.lookup(InitialContext.java:351)
      at tester.TesterClient.main(TesterClient.java:22)
      Caused by: java.lang.ClassNotFoundException: com.dan.TesterHome (no security man
      ager: RMI class loader disabled)
      at sun.rmi.server.LoaderHandler.loadProxyClass(LoaderHandler.java:531)
      at java.rmi.server.RMIClassLoader$2.loadProxyClass(RMIClassLoader.java:6
      28)
      at java.rmi.server.RMIClassLoader.loadProxyClass(RMIClassLoader.java:294
      )
      at sun.rmi.server.MarshalInputStream.resolveProxyClass(MarshalInputStrea
      m.java:238)
      at java.io.ObjectInputStream.readProxyDesc(ObjectInputStream.java:1494)
      at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1457)
      at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1
      693)
      at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1299)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339)
      at java.rmi.MarshalledObject.get(MarshalledObject.java:135)
      at org.jnp.interfaces.MarshalledValuePair.get(MarshalledValuePair.java:5
      7)
      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:637)
      ... 3 more


      Any hints / solution suggestions would be greatly appreciated!

      Dan

        • 1. Re: no security manager: RMI class loader disabled
          Cedric Simon Newbie

          You need a security manager.

          Sample code:
          System.setProperty("java.security.policy", "client.policy");
          if (System.getSecurityManager() == null)
          System.setSecurityManager(new RMISecurityManager());
          Properties env = new Properties();
          // Definir las propiededes y ubicacion de busqueda de Nombres JNDI.
          env.setProperty("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
          env.setProperty("java.naming.provider.url", "localhost:1099");
          env.setProperty("java.naming.factory.url.pkgs", "org.jboss.naming");
          context = new InitialContext(env);

          where the archive client.policy is in root dir and contain for example (this exaple is totally unsecure!):
          grant {
          permission java.security.AllPermission;
          };

          Hope it helps.

          • 2. Re: no security manager: RMI class loader disabled
            Mano Mano Newbie

            I have a similar problem, I did it as you mention but I got another error ....
            Getting J2EE initial context
            Looking up EJB Home
            java.security.AccessControlException: access denied (java.net.SocketPermission 230.0.0.4 connect,accept,resolve)
            at java.security.AccessControlContext.checkPermission(Unknown Source)
            at java.security.AccessController.checkPermission(Unknown Source)
            at java.lang.SecurityManager.checkPermission(Unknown Source)
            at java.lang.SecurityManager.checkMulticast(Unknown Source)
            at java.net.MulticastSocket.joinGroup(Unknown Source)
            at org.jnp.interfaces.NamingContext.discoverServer(NamingContext.java:1254)
            at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1382)
            at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:579)
            at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
            at javax.naming.InitialContext.lookup(Unknown Source)

            I appraise your help

            • 3. Re: no security manager: RMI class loader disabled
              David Zuo Newbie

              After you add:
              if (System.getSecurityManager() == null) {
              System.setSecurityManager(new RMISecurityManager());
              }
              don't forget add policyfilename as vm argument when you are trying to run your program, hope it help u. good luck

              • 4. Re: no security manager: RMI class loader disabled
                Dan Williams Newbie

                Hi, thanks, that seems to have worked. Now there are other logic problems but I'm sure I'll get around those after some painful debugging... :-)

                • 5. Re: no security manager: RMI class loader disabled
                  Alexander Degenstein Newbie

                  Hi @ all,
                  are you sure, thats the correct solution? i've the sam e problem with jboss 4.2 and ejb3. I have two beans deployed and trying to get the Service References with 2 different ServiceLocator's in the same VM. There's no Problem with the InitialContext, but the same Exception like above. Can you specialy describe the root of the problem? I dont understand why i don't need a RMISecurityManager whether i use only one InitialContext, but need a SecurityManager if I use a second InitialContext in the same VM. Please help me...

                  • 6. Re: no security manager: RMI class loader disabled
                    Sara Rodríguez Dorrego Novice

                    noFreak how have you solucionated this problem? I 've the same problem and i don't find the solution


                    Thanks

                    • 7. Re: no security manager: RMI class loader disabled
                      Narender Loganathan Newbie

                      Hi
                      Can you make sure that you are including the remote interface jar in your java classpath when you run the remote client?
                      I resolved this error by doing that

                      • 8. Re: no security manager: RMI class loader disabled
                        Sebastian Kaempfe Newbie

                        hey folks. i had the same problem with an ejb3-client on jboss 4.0.5
                        earlier i always used all jars within the jboss/client folder. but now i'm switching to maven and here you are advised to define everey single jar, your project depends on. so for my test-client i had to add the following jars as dependency:
                        jbossall-client.jar
                        jboss-ejb3-client.jar
                        jboss-aop-jdk50-client.jar
                        jboss-aspect-jdk50-client.jar

                        only then i got my client running and calling the ejb3.
                        it seems that as long as you don't provide the correct jars, the client tries to load through "JBoss RMI Classloader" and here we go...

                        • 9. Re: no security manager: RMI class loader disabled
                          Alexander Degenstein Newbie

                          hey, is it possible that you are using OSGI bundles (e. g. Eclipse RCP is based on)? If so, i have a possible solution.
                          In my case (as far as I can remember,no guaranty :)), i have called the different serviceLocator's from different OSGI Bundles in the same VM. So i have had problems with the JBoss Client Classes, which should be needed by both OSGI Bundles. For some reason (i cant describe the exactly reason, cause id didnt understood it), its get this problem. I have soluted this problem, with a third OSGI bundle which only contains the jboss-allclient.jar.
                          Let depend the other two bunldes which have to call the services on the jboss-allclient bundle. Add the following to the jboss-allclient.jar's manifest.mf:
                          Eclipse-BuddyPolicy: registered
                          and this to the depending bundles:
                          Eclipse-RegisterBuddy: <Bundle-SymbolicName>.
                          whereas <Bundle-SymbolicName> should be an attribute value in the jboss-allclient.jar's manifest.mf which identify the bundle.
                          I hope i could help :)

                          • 10. Re: no security manager: RMI class loader disabled
                            Alexander Degenstein Newbie

                            Oh, i have forgotten to bring out a basic event:
                            As per description "there are some problems with the JBoss Client Classes".
                            But it dont describe the Exception. Fact is, that the client side could not load the Service interface for some reaseon. In the next step (its RMI behavior) the client is trying to obtain the service interface from the server. but there's no RMISecurityManager so the acces to the Service interface from client side can not allowed. the outcome of this is the exception described above.
                            I hope i dont have described wrong. tomorrow i show in the book (an eclipse rcp book) where i have read the solution and give you the correct source to read about class loader problems in OSGI bundles...

                            • 11. Re: no security manager: RMI class loader disabled
                              Elvis D, Novice

                              Thank you noFreak. That resolved my problem. +1 4U!

                              "noFreak" wrote:
                              hey, is it possible that you are using OSGI bundles (e. g. Eclipse RCP is based on)? If so, i have a possible solution.
                              In my case (as far as I can remember,no guaranty :)), i have called the different serviceLocator's from different OSGI Bundles in the same VM. So i have had problems with the JBoss Client Classes, which should be needed by both OSGI Bundles. For some reason (i cant describe the exactly reason, cause id didnt understood it), its get this problem. I have soluted this problem, with a third OSGI bundle which only contains the jboss-allclient.jar.
                              Let depend the other two bunldes which have to call the services on the jboss-allclient bundle. Add the following to the jboss-allclient.jar's manifest.mf:
                              Eclipse-BuddyPolicy: registered
                              and this to the depending bundles:
                              Eclipse-RegisterBuddy: <Bundle-SymbolicName>.
                              whereas <Bundle-SymbolicName> should be an attribute value in the jboss-allclient.jar's manifest.mf which identify the bundle.
                              I hope i could help :)