RMI 服务器拒绝启动:java.security.AccessControlException:访问被拒绝("java.net.SocketPermission"“127.0.0.1:1099”"connect,resolve")

RMI Server refuses to start: java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:1099" "connect,resolve")

好的,所以我尝试 google 这个并尝试了一百万种不同的方法,none 其中有帮助。

目前我正在使用以下命令启动我的服务器:

java -Djava.security.policy=rmi_generated.policy -Djava.security.debug=access,failure MainLauncher aiserver.AIServer

MainLauncher 基本上只是将 bin/ 和 lib/ 加载到 class 路径 + 调用 aiserver.AIServer.main,不应该真正影响与此相关的任何事情。

这是启动实际服务器的部分:

PolicyFileGenerator.generate();
if (System.getSecurityManager() == null)
        System.setSecurityManager ( new RMISecurityManager() );
try {
    Naming.bind("AIService",server);
} catch (MalformedURLException | RemoteException
        | AlreadyBoundException ex) {
        throw new RuntimeException("failed binding server",ex);
}

这是我得到的异常:

Exception in thread "main" java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:483)
    at lib.ClassPathHack.launch(ClassPathHack.java:62)
    at MainLauncher.main(MainLauncher.java:7)
Caused by: java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:1099" "connect,resolve")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
    at java.net.Socket.connect(Socket.java:584)
    at java.net.Socket.connect(Socket.java:538)
    at java.net.Socket.<init>(Socket.java:434)
    at java.net.Socket.<init>(Socket.java:211)
    at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
    at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:148)
    at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
    at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:342)
    at sun.rmi.registry.RegistryImpl_Stub.bind(Unknown Source)
    at java.rmi.Naming.bind(Naming.java:128)
    at com.kt.commons.services.RMIServerHelper.register(RMIServerHelper.java:86)
    at aiserver.AIServer.main(AIServer.java:13)

这里是生成的 RMI 策略文件的当前内容。会生成到./rmi_generated.policy.

grant codeBase "file:/home/jp/projects/aiservice/bin" {
    permission java.security.AllPermission;
    permission java.net.SocketPermission "localhost:1099", "connect, resolve";
    permission java.net.SocketPermission "127.0.0.1:1099", "connect, resolve";
    permission java.net.SocketPermission "localhost:80", "connect, resolve";

};

这是 JVM 在我给出 -Djava.security.debug=access,failure 标志时吐出的内容。

jp@jp-ThinkPad-Edge-E530 ~/projects/aiservice $ java -Djava.security.policy=rmi_generated.policy -Djava.security.debug=access,failure MainLauncher aiserver.AIServer
rmi_generated.policy
/home/jp/projects/aiservice
access: access allowed ("java.io.FilePermission" "/home/jp/projects/aiservice/lib/ktcommons.jar" "read")
access: access denied ("java.net.SocketPermission" "jp-ThinkPad-Edge-E530" "resolve")
java.lang.Exception: Stack trace
    at java.lang.Thread.dumpStack(Thread.java:1329)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:447)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1048)
    at java.net.InetAddress.getLocalHost(InetAddress.java:1456)
    at java.rmi.registry.LocateRegistry.getRegistry(LocateRegistry.java:158)
    at java.rmi.registry.LocateRegistry.getRegistry(LocateRegistry.java:123)
    at java.rmi.Naming.getRegistry(Naming.java:221)
    at java.rmi.Naming.bind(Naming.java:123)
    at com.kt.commons.services.RMIServerHelper.register(RMIServerHelper.java:86)
    at aiserver.AIServer.main(AIServer.java:13)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:483)
    at lib.ClassPathHack.launch(ClassPathHack.java:62)
    at MainLauncher.main(MainLauncher.java:7)
access: access allowed ("java.security.SecurityPermission" "getPolicy")
access: access allowed ("java.io.FilePermission" "/home/jp/projects/aiservice/lib/ktcommons.jar" "read")
access: domain that failed ProtectionDomain  (file:/home/jp/projects/aiservice/lib/ktcommons.jar <no signer certificates>)
 sun.misc.Launcher$AppClassLoader@73d16e93
 <no principals>
 java.security.Permissions@73035e27 (
 ("java.lang.RuntimePermission" "exitVM")
 ("java.lang.RuntimePermission" "stopThread")
 ("java.net.SocketPermission" "localhost:0" "listen,resolve")
 ("java.io.FilePermission" "/home/jp/projects/aiservice/lib/ktcommons.jar" "read")
 ("java.util.PropertyPermission" "java.specification.version" "read")
 ("java.util.PropertyPermission" "java.version" "read")
 ("java.util.PropertyPermission" "os.arch" "read")
 ("java.util.PropertyPermission" "java.specification.vendor" "read")
 ("java.util.PropertyPermission" "java.vm.specification.name" "read")
 ("java.util.PropertyPermission" "java.vm.vendor" "read")
 ("java.util.PropertyPermission" "path.separator" "read")
 ("java.util.PropertyPermission" "os.version" "read")
 ("java.util.PropertyPermission" "file.separator" "read")
 ("java.util.PropertyPermission" "line.separator" "read")
 ("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
 ("java.util.PropertyPermission" "java.specification.name" "read")
 ("java.util.PropertyPermission" "java.vendor.url" "read")
 ("java.util.PropertyPermission" "java.vendor" "read")
 ("java.util.PropertyPermission" "java.vm.version" "read")
 ("java.util.PropertyPermission" "java.vm.name" "read")
 ("java.util.PropertyPermission" "java.vm.specification.version" "read")
 ("java.util.PropertyPermission" "os.name" "read")
 ("java.util.PropertyPermission" "java.class.version" "read")
)


access: access allowed ("java.util.PropertyPermission" "java.rmi.server.hostname" "read")
access: access allowed ("java.util.PropertyPermission" "sun.rmi.transport.connectionTimeout" "read")
access: access allowed ("java.util.PropertyPermission" "sun.rmi.transport.tcp.handshakeTimeout" "read")
access: access allowed ("java.util.PropertyPermission" "sun.rmi.transport.tcp.responseTimeout" "read")
access: access allowed ("java.lang.RuntimePermission" "sun.rmi.runtime.RuntimeUtil.getInstance")
access: access allowed ("java.util.PropertyPermission" "jdk.net.ephemeralPortRange.low" "read")
access: access allowed ("java.lang.RuntimePermission" "loadLibrary.net")
access: access allowed ("java.io.FilePermission" "/usr/lib/jvm/java-8-oracle/jre/lib/amd64/libnet.so" "read")
access: access allowed ("java.util.PropertyPermission" "os.name" "read")
access: access allowed ("java.util.PropertyPermission" "jdk.net.ephemeralPortRange.high" "read")
access: access denied ("java.net.SocketPermission" "127.0.0.1:1099" "connect,resolve")
java.lang.Exception: Stack trace
    at java.lang.Thread.dumpStack(Thread.java:1329)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:447)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
    at java.net.Socket.connect(Socket.java:584)
    at java.net.Socket.connect(Socket.java:538)
    at java.net.Socket.<init>(Socket.java:434)
    at java.net.Socket.<init>(Socket.java:211)
    at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
    at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:148)
    at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
    at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:342)
    at sun.rmi.registry.RegistryImpl_Stub.bind(Unknown Source)
    at java.rmi.Naming.bind(Naming.java:128)
    at com.kt.commons.services.RMIServerHelper.register(RMIServerHelper.java:86)
    at aiserver.AIServer.main(AIServer.java:13)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:483)
    at lib.ClassPathHack.launch(ClassPathHack.java:62)
    at MainLauncher.main(MainLauncher.java:7)
access: access allowed ("java.security.SecurityPermission" "getPolicy")
access: access allowed ("java.io.FilePermission" "/home/jp/projects/aiservice/lib/ktcommons.jar" "read")
access: domain that failed ProtectionDomain  (file:/home/jp/projects/aiservice/lib/ktcommons.jar <no signer certificates>)
 sun.misc.Launcher$AppClassLoader@73d16e93
 <no principals>
 java.security.Permissions@483bf400 (
 ("java.lang.RuntimePermission" "exitVM")
 ("java.lang.RuntimePermission" "stopThread")
 ("java.net.SocketPermission" "localhost:0" "listen,resolve")
 ("java.io.FilePermission" "/home/jp/projects/aiservice/lib/ktcommons.jar" "read")
 ("java.util.PropertyPermission" "java.specification.version" "read")
 ("java.util.PropertyPermission" "java.version" "read")
 ("java.util.PropertyPermission" "os.arch" "read")
 ("java.util.PropertyPermission" "java.specification.vendor" "read")
 ("java.util.PropertyPermission" "java.vm.specification.name" "read")
 ("java.util.PropertyPermission" "java.vm.vendor" "read")
 ("java.util.PropertyPermission" "path.separator" "read")
 ("java.util.PropertyPermission" "os.version" "read")
 ("java.util.PropertyPermission" "file.separator" "read")
 ("java.util.PropertyPermission" "line.separator" "read")
 ("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
 ("java.util.PropertyPermission" "java.specification.name" "read")
 ("java.util.PropertyPermission" "java.vendor.url" "read")
 ("java.util.PropertyPermission" "java.vendor" "read")
 ("java.util.PropertyPermission" "java.vm.version" "read")
 ("java.util.PropertyPermission" "java.vm.name" "read")
 ("java.util.PropertyPermission" "java.vm.specification.version" "read")
 ("java.util.PropertyPermission" "os.name" "read")
 ("java.util.PropertyPermission" "java.class.version" "read")
)


Exception in thread "main" java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:483)
    at lib.ClassPathHack.launch(ClassPathHack.java:62)
    at MainLauncher.main(MainLauncher.java:7)
Caused by: java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:1099" "connect,resolve")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
    at java.net.Socket.connect(Socket.java:584)
    at java.net.Socket.connect(Socket.java:538)
    at java.net.Socket.<init>(Socket.java:434)
    at java.net.Socket.<init>(Socket.java:211)
    at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
    at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:148)
    at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
    at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:342)
    at sun.rmi.registry.RegistryImpl_Stub.bind(Unknown Source)
    at java.rmi.Naming.bind(Naming.java:128)
    at com.kt.commons.services.RMIServerHelper.register(RMIServerHelper.java:86)
    at aiserver.AIServer.main(AIServer.java:13)
    ... 6 more

根据我 googled 的情况,可能的原因是 JVM 没有找到我的 .policy 文件,但情况似乎并非如此,因为如果我插入,我会收到不同的错误消息策略文件存在一些语法错误。

另一个常见原因似乎是策略文件中的代码库路径不正确。为了排除这种可能性,我尝试了以下方法:

None 其中有帮助。

是的,我有 rmiregistry 运行。

我也尝试过使用 sudo 完成所有这些操作。

FWIW 我 运行 的 java 版本是:

java 版本 "1.8.0_25" Java(TM) SE 运行时环境(build 1.8.0_25-b17) Java HotSpot(TM) 64 位服务器 VM(内部版本 25.25-b02,混合模式)

在 Linux 薄荷 17.1

原来我需要为几个不同的代码库授予权限才能完成这项工作。

授予 codeBase "file:/home/jp/projects/aiservice/bin" {...

授予 codeBase "file:/home/jp/projects/aiservice/" {...

授予 codeBase "file:/home/jp/projects/aiservice/lib/ktcommons.jar" {...

它仍然无法正常工作,但是嘿,至少我现在得到了一个不同的异常!