rmid - The Java RMI Activation System Daemon
f3rmid starts the activation system daemon that allows objects to be registered and activated in a virtual machine (VM).
f3 rmid [options]
The f3rmid tool starts the activation system daemon. The activation system daemon must be started before activatable objects can be either registered with the activation system or activated in a VM. See the
f2Java RMI Specification @
http://docs.oracle.com/javase/7/docs/platform/rmi/spec/rmiTOC.html and
f2Activation tutorials @
http://docs.oracle.com/javase/7/docs/technotes/guides/rmi/activation/overview.html for details on how to write programs that use activatable remote objects.
The daemon can be started by executing the f2rmid command, and specifying a security policy file, as follows:
f3 rmid -J-Djava.security.policy=rmid.policy
f3Note: When running Sun's implementation of f2rmid, by default you will need to specify a security policy file so that f2rmid can verify whether or not the information in each f2ActivationGroupDesc is allowed to be used to launch a VM for an activation group. Specifically, the command and options specified by the f2CommandEnvironment and any f2Properties passed to an f2ActivationGroupDesc's constructor must now be explicitly allowed in the security policy file for f2rmid. The value of the f2sun.rmi.activation.execPolicy property dictates the policy that f2rmid uses to determine whether or not the information in an f2ActivationGroupDesc may be used to launch a VM for an activation group.
Executing f2rmid by default
o starts the Activator and an internal registry on the default port, 1098, and
o binds an f2ActivationSystem to the name f2java.rmi.activation.ActivationSystem in this internal registry.
To specify an alternate port for the registry, you must specify the f2-port option when starting up f2rmid. For example,
f3 rmid -J-Djava.security.policy=rmid.policy -port 1099
starts the activation system daemon and a registry on the registry's default port, 1099.
Starting rmid from inetd/xinetd
An alternative to starting f2rmid from the command line is to configure f2inetd (Solaris) or f2xinetd (Linux) to start f2rmid on demand.
When f2rmid starts up, it attempts to obtain an inherited channel (inherited from f2inetd/f2xinetd) by invoking the f2System.inheritedChannel method. If the inherited channel is f2null or not an instance of f2java.nio.channels.ServerSocketChannel, then f2rmid assumes that it was not started by f2inetd/f2xinetd, and it starts up as described above.
If the inherited channel is a f2ServerSocketChannel instance, then f2rmid uses the f2java.net.ServerSocket obtained from the f2ServerSocketChannel as the server socket that accepts requests for the remote objects it exports, namely the registry in which the f2java.rmi.activation.ActivationSystem is bound and the f2java.rmi.activation.Activator remote object. In this mode, f2rmid behaves the same as when it is started from the command line, f2except:
o Output printed to f2System.err is redirected to a file. This file is located in the directory specified by the f2java.io.tmpdir system property (typically f2/var/tmp or f2/tmp) with the prefix f2"rmid-err" and the suffix f2"tmp".
o The f2-port option is disallowed. If this option is specified, f2rmid will exit with an error message.
o The f2-log option is required. If this option is not specified, f2rmid will exit with an error message.
See the man pages for f2inetd (Solaris) or f2xinetd (Linux) for details on how to configure services to be started on demand.
-C<someCommandLineOption> Specifies an option that is passed as a command-line argument to each child process (activation group) of f2rmid when that process is created. For example, you could pass a property to each virtual machine spawned by the activation system daemon:
f3 rmid -C-Dsome.property=value
This ability to pass command-line arguments to child processes can be useful for debugging. For example, the following command:
f3 rmid -C-Djava.rmi.server.logCalls=true
will enable server-call logging in all child VMs.
-J<someCommandLineOption> Specifies an option that is passed to the f2java interpreter running f2rmid. For example, to specify that f2rmid use a policy file named f2rmid.policy, the f2-J option can be used to define the f2java.security.policy property on f2rmid's command line, for example:
f3 rmid -J-Djava.security.policy=rmid.policy
-J-Dsun.rmi.activation.execPolicy=<policy> Specifies the policy that f2rmid employs to check commands and command-line options used to launch the VM in which an activation group runs. Please note that this option exists only in Sun's implementation of the Java RMI activation daemon. If this property is not specified on the command line, the result is the same as if f2-J-Dsun.rmi.activation.execPolicy=default were specified. The possible values of f2<policy> can be f2default, f2<policyClassName>, or f2none:
o f3default (or if this property is f4unspecifiedf3)
The default f2execPolicy allows f2rmid to execute commands with specific command-line options only if f2rmid has been granted permission to execute those commands and options in the security policy file that f2rmid uses. Only the default activation group implementation can be used with the f2default execution policy.
f2rmid launches a VM for an activation group using the information in the group's registered activation group descriptor, an f2ActivationGroupDesc. The group descriptor specifies an optional f2ActivationGroupDesc.CommandEnvironment which includes the f2command to execute to start the activation group as well as any command line f2options to be added to the command line. By default, f2rmid uses the f2java command found in f2java.home. The group descriptor also contains f2properties overrides that are added to the command line as options defined as:
f3 -Df4<property>f3=f4<value>f3
The permission f2com.sun.rmi.rmid.ExecPermission is used to grant f2rmid permission to execute a command, specified in the group descriptor's f2CommandEnvironment to launch an activation group. The permission f2com.sun.rmi.rmid.ExecOptionPermission is used to allow f2rmid to use command-line options, specified as properties overrides in the group descriptor or as options in the f2CommandEnvironment, when launching the activation group.
When granting f2rmid permission to execute various commands and options, the permissions f2ExecPermission and f2ExecOptionPermission need to be granted universally (i.e., granted to all code sources).
ExecPermission The f2ExecPermission class represents permission for f2rmid to execute a specific f2command to launch an activation group.
f3Syntax
The f2name of an f2ExecPermission is the path name of a command to grant f2rmid permission to execute. A path name that ends in "/*" indicates all the files contained in that directory (where "/" is the file-separator character, f2File.separatorChar). A path name that ends with "/-" indicates all files and subdirectories contained in that directory (recursively). A path name consisting of the special token "<<ALL FILES>>" matches f3any file.
f3Note: A path name consisting of a single "*" indicates all the files in the current directory, while a path name consisting of a single "-" indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory.
ExecOptionPermission The f2ExecOptionPermission class represents permission for f2rmid to use a specific command-line f2option when launching an activation group. The f2name of an f2ExecOptionPermission is the value of a command line option.
f3Syntax
Options support a limited wildcard scheme. An asterisk signifies a wildcard match, and it may appear as the option name itself (i.e., it matches any option), or an asterisk may appear at the end of the option name only if the asterisk follows either a "." or "=".
For example: "*" or "-Dfoo.*" or "-Da.b.c=*" is valid, "*foo" or "-Da*b" or "ab*" is not.
Policy file for rmid When granting f2rmid permission to execute various commands and options, the permissions f2ExecPermission and f2ExecOptionPermission need to be granted universally (i.e., granted to all code sources). It is safe to grant these permissions universally because only f2rmid checks these permissions.
An example policy file that grants various execute permissions to f2rmid is:
f3
grant {
permission com.sun.rmi.rmid.ExecPermission
"/files/apps/java/jdk1.7.0/solaris/bin/java";
permission com.sun.rmi.rmid.ExecPermission
"/files/apps/rmidcmds/*";
permission com.sun.rmi.rmid.ExecOptionPermission
"-Djava.security.policy=/files/policies/group.policy";
permission com.sun.rmi.rmid.ExecOptionPermission
"-Djava.security.debug=*";
permission com.sun.rmi.rmid.ExecOptionPermission
"-Dsun.rmi.*";
};
The first permission granted allow f2rmid to execute the 1.7.0 version of the f2java command, specified by its explicit path name. Note that by default, the version of the f2java command found in f2java.home is used (the same one that f2rmid uses), and does not need to be specified in the policy file. The second permission allows f2rmid to execute any command in the directory f2/files/apps/rmidcmds.
The third permission granted, an f2ExecOptionPermission, allows f2rmid to launch an activation group that defines the security policy file to be f2/files/policies/group.policy. The next permission allows the f2java.security.debug property to be used by an activation group. The last permission allows any property in the f2sun.rmi property name hierarchy to be used by activation groups.
To start f2rmid with a policy file, the f2java.security.policy property needs to be specified on f2rmid's command line, for example:
f2rmid -J-Djava.security.policy=rmid.policy
o f4<policyClassName>
If the default behavior is not flexible enough, an administrator can provide, when starting f2rmid, the name of a class whose f2checkExecCommand method is executed in order to check commands to be executed by rmid.
The f2policyClassName specifies a public class with a public, no-argument constructor and an implementation of the following f2checkExecCommand method:
f3 public void checkExecCommand(ActivationGroupDesc desc, String[] command) throws SecurityException;
Before launching an activation group, f2rmid calls the policy's f2checkExecCommand method, passing it the activation group descriptor and an array containing the complete command to launch the activation group. If the f2checkExecCommand throws a f2SecurityException, f2rmid will not launch the activation group and an f2ActivationException will be thrown to the caller attempting to activate the object.
o f3none
If the f2sun.rmi.activation.execPolicy property value is "none", then f2rmid will not perform any validation of commands to launch activation groups.
-log dir Specifies the name of the directory the activation system daemon uses to write its database and associated information. The log directory defaults to creating a directory, f2log, in the directory in which the f2rmid command was executed.
-port port Specifies the port f2rmid's registry uses. The activation system daemon binds the f2ActivationSystem, with the name f2java.rmi.activation.ActivationSystem, in this registry. Thus, the f2ActivationSystem on the local machine can be obtained using the following f2Naming.lookup method call:
f3
import java.rmi.*;
import java.rmi.activation.*;
ActivationSystem system; system = (ActivationSystem)
Naming.lookup("//:f4port/java.rmi.activation.ActivationSystem");
-stop Stops the current invocation of f2rmid, for a port specified by the f2-port option. If no port is specified, it will stop the f2rmid running on port 1098.
CLASSPATH Used to provide the system a path to user-defined classes. Directories are separated by colons. For example:
f3 .:/usr/local/java/classes
rmic(1),
f2CLASSPATH @
http://docs.oracle.com/javase/7/docs/technotes/tools/index.html#classpath, java(1)