Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES Lecture 12 George Koutsogiannakis/ Summer 2011 1 Topics • Servlets used as RMI Client. – RMI Security needed for Servlet to RMI server Communications. 2 Servlet as RMI client • The Servlet will implement the doGet or doPost method as normally. • Within the method (doGet or doPost): – You need to catch Exceprion (create try/catch) – Do a lookup on the registry: ReverseInterface r= (ReverseInterface) Naming.lookup ("//localhost:1099/Reverse"); 3 Servlet as RMI client – Where we assume that: • The server has registered a remote object for its instance called “Reverse”. • The server’s Remote Interface that defines its service is ReverseInterface. • The registry is at port 1099. – Then go ahead and do the remote invocation and capture the output (still within try block): String str=r.reverseString(qr); 4 Servlet as RMI client – Where r is the reference received from the registry – The argument in the remote method is the data type that the method accepts (i.e qr is of String data type in the example). – The returned value from the server is captured by variable str (assuming that the remote method returns a String data type in this example). 5 Servlet as RMI client – Process the captured data by the servlet using the proper stream and the response object: PrintWriter out=response.getWriter(); out.println(str); out.close(); 6 RMI server. • Create RMI server as it is done normally. import java.rmi.Remote; import java.rmi.RemoteException; public interface ReverseInterface extends Remote { String reverseString(String originalstring) throws RemoteException; } IN THE SERVER ReserveInterfaceImpl: public static void main(String[] args){ String name="//localhost/Reverse"; try { ReverseInterfaceImpl r= new ReverseInterfaceImpl(); Naming.rebind(name, r); etc…………… 7 RMI server. IMPLEMENT THE REMOTE METHOD (SERVICE) public String reverseString(String originalstring) throws RemoteException { int length=originalstring.length(); StringBuffer temp=new StringBuffer(length); for (int i=length; i>0; i-- ) { temp.append(originalstring.substring(i-1,i)); } return temp.toString(); } 8 SET UP OF THE APPLICATION • Create the applications web site outside of Tomcat (NEVER DEVELOP THE APPLICATION INSIDE TOMCAT). • Do NOT Include the required files for the RMI server in the application’s deployment. Place all RMI client related files in the same directory as the servlet. • Deploy using a WAR file approach. – Remember that with the servlet you will need the stub from the server and a copy of the interface file also. 9 SET UP OF THE APPLICATION • You will need the certificate applied like you did in the assignment 1 with respect to a signed applet – We assume that the servlet uses an applet as a client!! • You may need a policy file like (optional): grant { permission java.security.AllPermission; }; 10 SET UP OF THE APPLICATION • To allow communications between the Web Server (the servlet acting as RMI client) and the RMI Server: – Modify the java.policy file in the System’s security directory (jdk installation) as follows: // allows anyone to listen on un-privileged ports permission java.net.SocketPermission "localhost:1024-65535", "connect, accept, listen, resolve"; 11 Servlet as RMI Over IIOP Client. • In either the doGet or doPost method: – We will need a Hashtable structure to place the call to registry as a name/value attributes ReverseInterface r; Hashtable env=new Hashtable(); env.put("java.naming.factory.initial", "com.sun.jndi.cosnaming.CNCtxFactory"); env.put("java.naming.provider.url", "iiop://localhost:900"); We assume that the IIOP Naming Service is listening at port 900. 12 Servlet as RMI Over IIOP Client – In try block contact the Naming Service (IIOP registry): Context initialNamingContext=new InitialContext(env); out.println("obtained InitialContext"); r=(ReverseInterface)PortableRemoteObject.narrow(initialNami ngContext.lookup("Reverse"), ReverseInterface.class); – Now do the remote invocation using the reference r received from the Naming Service String str=r. reverseString(qr); WHERE reverseString is the remote method defined in the Interface created by the Server. 13 Servlet as RMI Over IIOP Client – Process the data captured by using the proper stream with the response object. 14 RMI Over IIOP Server • Need additional import statements: import java.rmi.*; import java.rmi.server.*; //add the lines below import javax.rmi.PortableRemoteObject; import javax.naming.*; import java.net.*; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; 15 RMI Over IIOP Server – public class ReverseInterfaceImpl extends PortableRemoteObject implements ReverseInterface – Registration in try block in main method: ReverseInterfaceImpl r= new ReverseInterfaceImpl(); //add the follwoing lines Context initialNamingContext=new InitialContext(); System.out.println("Binding server to registry.."); initialNamingContext.rebind("Reverse", r); System.out.println("Object was registered"); – Implement the remote method. 16 SET UP OF THE APPLICATION • Set up is similar to RMI description in previous files. • Compiling should be as described in the RMI over IIOP presentation (lecture 11). 17 RMI SECURITY • RMI has its own Security Manager. – Automatic downloading of stub files and interface file by the client is strictly cntrolled by security. • • • • Secured Class Loaded java.policy file java.security file Security Policy controlled by RMISecurityManager object 18 RMI SECURITY • RMISecurityManager creates a sandbox similar to what the applets have to encounter. • Default RMISecurityManager uses the default java.policy and java.security system files. • We can create our own RMISecurityManager and remove some of the restrictions. • We can also change for demonstration reasons some of the restrictions by modifying the java.policy and java.security files and let the default RMISecurityManager object operate. 19 Study Guide • See examples posted on the course’ s web site – ServletRMI.zip and – ServletRMIoverIIOP.zip 20