rmisecd - The JavaTM RMI Secure Activation System Daemon

rmisecd starts the secure activation system daemon so that objects can be registered and activated in a JavaTM virtual machine.

SYNOPSIS

rmisecd [option ...]

DESCRIPTION

The rmisecd tool starts the secure activation system daemon. Before activatable objects can be either registered with the activation system or activated in a Java virtual machine, the activation system daemon must be started.

The access control policy for each of the secure objects exported by the daemon is equivalent to the policy provided by java.rmi.server.BasicCallController used with the java.rmi.activation.ActivationPermission class. A remote call to a secure object throws java.security.AccessControlException if the export descriptor for the secure object requires client authentication for the remote method and the client subject has not been granted an ActivationPermission with a name that equals the name of the remote method being invoked.

OPTIONS

-log dir
Specifies the name of the directory the activation system daemon uses to write its database and associated information. The log directory defaults to creating a directory named log, in the directory in which the rmisecd command is executed.

-port port
Specifies the port on which to export a non-secure read-only registry, and the port to use for the bootstrap activator for the ActivationSystem and the Activator. If this option is not specified, port 1098 is used. The activation system daemon binds the secure ActivationSystem, with the name "java.rmi.activation.ActivationSystem", in the registry. A SecurityException is thrown for any remote call that attempts to modify the registry.

-export fileOrURL
Specifies a file name or URL for an export descriptor configuration file, parsed using java.rmi.server.SecureExportFile. Configuration files specified with multiple options are parsed in order, and entries in later files replace entries in earlier files with the same names.

The secure ActivationSystem is exported using the export descriptor named "ActivationSystem". The secure Activator is exported using the export descriptor named "Activator". The secure ActivationMonitor is exported using the export descriptor named "ActivationMonitor".

These export files are also used by all default activation groups (those that use the default activation group implementation), when exporting their secure ActivationInstantiator. Each such group exports its secure ActivationInstantiator using the export descriptor named "ActivationInstantiator".

-login config
Specifies the name of a JAAS login Configuration entry. The name is used to construct a JAAS LoginContext with no CallbackHandler, and the subject produced by that LoginContext is used as the server subject when the objects are exported and as the client subject when certain remote calls are made. If this option is not specified, a null subject is used instead.

All three secure objects (ActivationSystem, Activator and ActivationMonitor) are exported with this subject, and all remote calls to ActivationInstantiator.newInstance in activation groups will be executed on behalf of this subject. In addition, default activation groups (those that use the default activation group implementation) export their secure ActivationInstantiator with this subject, and make all of their calls to the secure ActivationMonitor on behalf of this subject.

-Coption
Specifies an option that is passed as a command line argument to each child process (activation group) of rmisecd when that process is created. For example, you could pass a property to each Java virtual machine spawned by the activation system daemon:
rmisecd -C-Dsome.property=value
This ability to pass command-line arguments to child processes can be useful for debugging. For example, the following command:
rmisecd -C-Djava.rmi.server.logCalls=true
will enable server-call logging in all child Java virtual machines.

-Joption
Used in conjunction with any java tool option, it passes the option following the -J (no spaces between the -J and the option) on to the java interpreter.

-stop
Stops the rmisecd stored in the registry that is exported on the port specified by the -port option, or port 1098 if no -port is specified.

SEE ALSO

java.rmi.server.SecureExportFile, java.rmi.server.BasicCallController, java.rmi.activation.ActivationPermission, javax.security.auth.login.LoginContext, javax.security.auth.login.Configuration, and java tool options
Copyright © 2000 Sun Microsystems, Inc. All rights reserved