October 9th, 2006 Admin Posted in RMI(Remote Method Invocation) No Comments »
Server is untrusted
Stubs could be malicious
rmic is OK, but someone could custom-code an evil stub: it’s just a .class file
RMI Security Managers
AppletSecurityManager
stub can only do what an applet can do
RMISecurityManager
disables all functions except class definition and access
A downloaded class is allowed to make a connection if the connection was initiated via the RMI transport.
None
Stub loading disabled
Stubs still work if they are in local classpath
October 9th, 2006 Admin Posted in RMI(Remote Method Invocation) No Comments »
writes object as a sequence of bytes
writes it to a Stream
recreates it on the other end
creates a brand new object with the old data
java.io.Serializable
Objects that implement the java.io.Serializable interface are marked as serializable
Also subclasses
Magically, all non-static and non-transient data members will be serialized
Actually, it’s not magic, it’s Reflection (it’s done with mirrors)
empty interface - just a marker
It’s a promise
Not All Objects Are Serializable
Any object that doesn’t implement Serializable
Any object that would pose a security risk
e.g. FileInputStream
Any object whose value depends on VM-specific information
e.g. Thread
Any object that contains a (non-static, non-transient) unserializable object (recursively)
NotSerializableException
thrown if you try to serialize or unserialize an unserializable object
maybe you subclassed a Serializable object and added some unserializable members
October 9th, 2006 Admin Posted in RMI(Remote Method Invocation) No Comments »
Primitive types
passed by value
Remote objects
passed by reference
Non-remote objects
passed by value