1RMID(1) JDK Commands RMID(1)
2
3
4
6 rmid - start the activation system daemon that enables objects to be
7 registered and activated in a Java Virtual Machine (JVM)
8
10 rmid [options]
11
12 options
13 This represent the command-line options for the rmid command.
14 See Options for rmid.
15
17 The rmid command starts the activation system daemon. The activation
18 system daemon must be started before objects that can be activated are
19 either registered with the activation system or activated in a JVM.
20
21 Start the daemon by executing the rmid command and specifying a securi‐
22 ty policy file, as follows:
23
24 rmid -J-Djava.security.policy=rmid.policy
25
26 When you run Oracle's implementation of the rmid command, by default
27 you must specify a security policy file so that the rmid command can
28 verify whether or not the information in each ActivationGroupDesc is
29 allowed to be used to start a JVM for an activation group. Specifical‐
30 ly, the command and options specified by the CommandEnvironment and any
31 properties passed to an ActivationGroupDesc constructor must now be ex‐
32 plicitly allowed in the security policy file for the rmid command. The
33 value of the sun.rmi.activation.execPolicy property dictates the policy
34 that the rmid command uses to determine whether or not the information
35 in an ActivationGroupDesc can be used to start a JVM for an activation
36 group. For more information see the description of the -J-Dsun.rmi.ac‐
37 tivation.execPolicy=policy option.
38
39 Executing the rmid command starts the Activator and an internal reg‐
40 istry on the default port 1098 and binds an ActivationSystem to the
41 name java.rmi.activation.ActivationSystem in this internal registry.
42
43 To specify an alternate port for the registry, you must specify the
44 -port option when you execute the rmid command. For example, the fol‐
45 lowing command starts the activation system daemon and a registry on
46 the registry's default port, 1099.
47
48 rmid -J-Djava.security.policy=rmid.policy -port 1099
49
51 An alternative to starting rmid from the command line is to configure
52 inetd (Oracle Solaris) or xinetd (Linux) to start rmid on demand.
53
54 When RMID starts, it attempts to obtain an inherited channel (inherited
55 from inetd/xinetd) by calling the System.inheritedChannel method. If
56 the inherited channel is null or not an instance of java.nio.chan‐
57 nels.ServerSocketChannel, then RMID assumes that it wasn't started by
58 inetd/xinetd, and it starts as previously described.
59
60 If the inherited channel is a ServerSocketChannel instance, then RMID
61 uses the java.net.ServerSocket obtained from the ServerSocketChannel as
62 the server socket that accepts requests for the remote objects it ex‐
63 ports: The registry in which the java.rmi.activation.ActivationSystem
64 is bound and the java.rmi.activation.Activator remote object. In this
65 mode, RMID behaves the same as when it is started from the command
66 line, except in the following cases:
67
68 · Output printed to System.err is redirected to a file. This file is
69 located in the directory specified by the java.io.tmpdir system prop‐
70 erty (typically /var/tmp or /tmp) with the prefix rmid-err and the
71 suffix tmp.
72
73 · The -port option isn't allowed. If this option is specified, then
74 RMID exits with an error message.
75
76 · The -log option is required. If this option isn't specified, then
77 RMID exits with an error message
78
80 -Coption
81 Specifies an option that's passed as a command-line argument to
82 each child process (activation group) of the rmid command when
83 that process is created. For example, you could pass a property
84 to each virtual machine spawned by the activation system daemon:
85
86 rmid -C-Dsome.property=value
87
88 This ability to pass command-line arguments to child processes
89 can be useful for debugging. For example, the following command
90 enables server-call logging in all child JVMs.
91
92 rmid -C-Djava.rmi.server.logCalls=true
93
94 -Joption
95 Specifies an option that's passed to the Java interpreter run‐
96 ning RMID command. For example, to specify that the rmid com‐
97 mand use a policy file named rmid.policy, the -J option can be
98 used to define the java.security.policy property on the rmid
99 command line, for example:
100
101 rmid -J-Djava.security.policy-rmid.policy
102
103 -J-Dsun.rmi.activation.execPolicy=policy
104 Specifies the policy that the RMID command employs to check com‐
105 mands and command-line options used to start the JVM in which an
106 activation group runs. This option exists only in Oracle's im‐
107 plementation of the Java RMI activation daemon. If this proper‐
108 ty isn't specified on the command line, then the result is the
109 same as though -J-Dsun.rmi.activation.execPolicy=default were
110 specified.
111
112 The possible values of policy can be default, policyClassName,
113 or none.
114
115 · default
116
117 The default or unspecified value execPolicy allows the rmid
118 command to execute commands with specific command-line options
119 only when the rmid command was granted permission to execute
120 those commands and options in the security policy file that
121 the rmid command uses. Only the default activation group im‐
122 plementation can be used with the default execution policy.
123
124 The rmid command starts a JVM for an activation group with the
125 information in the group's registered activation group de‐
126 scriptor, ActivationGroupDesc. The group descriptor specifies
127 an optional ActivationGroupDesc.CommandEnvironment that in‐
128 cludes the command to execute to start the activation group
129 and any command-line options to be added to the command line.
130 By default, the rmid command uses the java command found in
131 java.home. The group descriptor also contains properties
132 overrides that are added to the command line as options de‐
133 fined as: -Dproperty=value. The com.sun.rmi.rmid.ExecPermis‐
134 sion permission grants the rmid command permission to execute
135 a command that's specified in the group descriptor's Comman‐
136 dEnvironment to start an activation group. The
137 com.sun.rmi.rmid.ExecOptionPermission permission enables the
138 rmid command to use command-line options, specified as proper‐
139 ties overrides in the group descriptor or as options in the
140 CommandEnvironment when starting the activation group. When
141 granting the rmid command permission to execute various com‐
142 mands and options, the permissions ExecPermission and ExecOp‐
143 tionPermission must be granted to all code sources.
144
145 ExecPermission class: Represents permission for the rmid com‐
146 mand to execute a specific command to start an activation
147 group.
148
149 ExecPermission syntax: The name of ExecPermission is the path
150 name of a command to grant the rmid command permission to exe‐
151 cute.
152
153 A path name that ends in a slash (/) and an asterisk (*) indi‐
154 cates that all of the files are contained in that directory
155 where the slash is the file-separator character, File.separa‐
156 torChar.
157
158 A path name that ends in a slash (/) and a minus sign (-) in‐
159 dicates that all files and subdirectories are contained in
160 that directory (recursively).
161
162 A path name that consists of the special token <<ALL FILES>>
163 matches any file.
164
165 A path name that consists of an asterisk (*) indicates that
166 all the files are in the current directory.
167
168 A path name that consists of a minus sign (-) indicates that
169 all the files are in the current directory and (recursively)
170 all files and subdirectories are contained in the current di‐
171 rectory.
172
173 ExecOptionPermission class: Represents permission for the rmid
174 command to use a specific command-line option when starting an
175 activation group. The name of ExecOptionPermission is the
176 value of a command-line option.
177
178 ExecOptionPermission syntax: Options support a limited wild
179 card scheme. An asterisk signifies a wild card match, and it
180 can appear as the option name itself (matches any option), or
181 an asterisk (*) can appear at the end of the option name only
182 when the asterisk (*) follows a dot (.) or an equals sign (=).
183
184 For example: * or -Dmydir.* or -Da.b.c=* is valid, but *mydir
185 or -Da*b or ab* isn't valid.
186
187 Policy file for rmid
188
189 When you grant the rmid command permission to execute various
190 commands and options, the permissions ExecPermission and Exe‐
191 cOptionPermission must be granted to all code sources (univer‐
192 sally). It is safe to grant these permissions universally be‐
193 cause only the rmid command checks these permissions.
194
195 An example policy file that grants various execute permissions
196 to the rmid command is:
197
198 · Oracle Solaris:
199
200 grant {
201 permission com.sun.rmi.rmid.ExecPermission
202 "/files/apps/java/jdk1.7.0/solaris/bin/java";
203
204 permission com.sun.rmi.rmid.ExecPermission
205 "/files/apps/rmidcmds/*";
206
207 permission com.sun.rmi.rmid.ExecOptionPermission
208 "-Djava.security.policy=/files/policies/group.policy";
209
210 permission com.sun.rmi.rmid.ExecOptionPermission
211 "-Djava.security.debug=*";
212
213 permission com.sun.rmi.rmid.ExecOptionPermission
214 "-Dsun.rmi.*";
215 };
216
217 · Windows:
218
219 grant {
220 permission com.sun.rmi.rmid.ExecPermission
221 "c:\\files\\apps\\java\\jdk1.7.0\\win\\bin\\java";
222
223 permission com.sun.rmi.rmid.ExecPermission
224 "c:\\files\\apps\\rmidcmds\\*";
225
226 permission com.sun.rmi.rmid.ExecOptionPermission
227 "-Djava.security.policy=c:\\files\\policies\\group.policy";
228
229 permission com.sun.rmi.rmid.ExecOptionPermission
230 "-Djava.security.debug=*";
231
232 permission com.sun.rmi.rmid.ExecOptionPermission
233 "-Dsun.rmi.*";
234 };
235
236 The first permission granted allows the rmid command to exe‐
237 cute the 1.7.0 release of the java command, specified by its
238 explicit path name. By default, the version of the java com‐
239 mand found in java.home is used (the same one that the rmid
240 command uses), and doesn't need to be specified in the policy
241 file. The second permission allows the rmid command to exe‐
242 cute any command in either the directory /files/apps/rmidcmds
243 (Oracle Solaris, Linux, and macOS) or the directory
244 c:\files\apps\rmidcmds\ (Windows).
245
246 The third permission granted, ExecOptionPermission, allows the
247 rmid command to start an activation group that defines the se‐
248 curity policy file to be either /files/policies/group.policy
249 (Oracle Solaris) or c:\files\policies\group.policy (Windows).
250 The next permission allows the java.security.debug property to
251 be used by an activation group. The last permission allows
252 any property in the sun.rmi property name hierarchy to be used
253 by activation groups.
254
255 To start the rmid command with a policy file, the java.securi‐
256 ty.policy property needs to be specified on the rmid command
257 line, for example:
258
259 rmid -J-Djava.security.policy=rmid.policy.
260
261 · policyClassName
262
263 If the default behavior isn't flexible enough, then an admin‐
264 istrator can provide, when starting the rmid command, the name
265 of a class whose checkExecCommand method is executed to check
266 commands to be executed by the rmid command.
267
268 The policyClassName specifies a public class with a public,
269 no-argument constructor and an implementation of the following
270 checkExecCommand method:
271
272 public void checkExecCommand(ActivationGroupDesc desc, String[] command)
273 throws SecurityException;
274
275 Before starting an activation group, the rmid command calls
276 the policy's checkExecCommand method and passes to it the ac‐
277 tivation group descriptor and an array that contains the com‐
278 plete command to start the activation group. If the checkEx‐
279 ecCommand throws a SecurityException, then the rmid command
280 doesn't start the activation group and an ActivationException
281 is thrown to the caller attempting to activate the object.
282
283 · none
284
285 If the sun.rmi.activation.execPolicy property value is none,
286 then the rmid command doesn't perform any validation of com‐
287 mands to start activation groups.
288
289 -log dir
290 Specifies the name of the directory that the activation system
291 daemon uses to write its database and associated information.
292 The log directory defaults to creating a log, in the directory
293 in which the rmid command was executed.
294
295 -port port
296 Specifies the port that the registry uses. The activation sys‐
297 tem daemon binds ActivationSystem, with the name java.rmi.acti‐
298 vation.ActivationSystem, in this registry. The ActivationSystem
299 on the local machine can be obtained using the following Nam‐
300 ing.lookup method call:
301
302 import java.rmi.*;
303 import java.rmi.activation.*;
304
305 ActivationSystem system; system = (ActivationSystem)
306 Naming.lookup("//:port/java.rmi.activation.ActivationSystem");
307
308 -stop Stops the current invocation of the rmid command for a port
309 specified by the -port option. If no port is specified, then
310 this option stops the rmid invocation running on port 1098.
311
312
313
314JDK 13 2018 RMID(1)