1rmid(1) General Commands Manual rmid(1)
2
6 rmid - The Java RMI Activation System Daemon
7 rmid starts the activation system daemon that allows objects to be reg‐
9 istered and activated in a virtual machine (VM).
10
12 rmid [options]
13
16 The rmid tool starts the activation system daemon. The activation sys‐
17 tem daemon must be started before activatable objects can be either
18 registered with the activation system or activated in a VM. See the
19 Java RMI Specification @
20 http://java.sun.com/javase/6/docs/platform/rmi/spec/rmitoc.html and
21 Activation tutorials @
22 http://java.sun.com/javase/6/docs/technotes/guides/rmi/activation/over‐
23 view.html for details on how to write programs that use activatable
24 remote objects.
25 The daemon can be started by executing the rmid command, and specifying
27 a security policy file, as follows:
28 rmid -J-Djava.security.policy=rmid.policy
30 Note: When running Sun's implementation of rmid, by default you will
33 need to specify a security policy file so that rmid can verify whether
34 or not the information in each ActivationGroupDesc is allowed to be
35 used to launch a VM for an activation group. Specifically, the command
36 and options specified by the CommandEnvironment and any Properties
37 passed to an ActivationGroupDesc's constructor must now be explicitly
38 allowed in the security policy file for rmid. The value of the
39 sun.rmi.activation.execPolicy property dictates the policy that rmid
40 uses to determine whether or not the information in an Activation‐
41 GroupDesc may be used to launch a VM for an activation group.
42 Executing rmid by default
44 * starts the Activator and an internal registry on the default port,
46 1098, and
47 * binds an ActivationSystem to the name java.rmi.activation.Activa‐
49 tionSystem in this internal registry.
50 To specify an alternate port for the registry, you must specify the
53 -port option when starting up rmid. For example,
54 rmid -J-Djava.security.policy=rmid.policy -port 1099
56 starts the activation system daemon and a registry on the registry's
59 default port, 1099.
60 Starting rmid from
62 inetd/xinetd
63 An alternative to starting rmid from the command line is to configure
65 inetd (Solaris) or xinetd (Linux) to start rmid on demand.
66 When rmid starts up, it attempts to obtain an inherited channel (inher‐
68 ited from inetd/xinetd) by invoking the System.inheritedChannel method.
69 If the inherited channel is null or not an instance of java.nio.chan‐
70 nels.ServerSocketChannel, then rmid assumes that it was not started by
71 inetd/xinetd, and it starts up as described above.
72 If the inherited channel is a ServerSocketChannel instance, then rmid
74 uses the java.net.ServerSocket obtained from the ServerSocketChannel as
75 the server socket that accepts requests for the remote objects it
76 exports, namely the registry in which the java.rmi.activation.Activa‐
77 tionSystem is bound and the java.rmi.activation.Activator remote
78 object. In this mode, rmid behaves the same as when it is started from
79 the command line, except:
80 * Output printed to System.err is redirected to a file. This file is
82 located in the directory specified by the java.io.tmpdir system
83 property (typically /var/tmp or /tmp) with the prefix "rmid-err"
84 and the suffix "tmp".
85 * The -port option is disallowed. If this option is specified, rmid
87 will exit with an error message.
88 * The -log option is required. If this option is not specified, rmid
90 will exit with an error message.
91 See the man pages for inetd (Solaris) or xinetd (Linux) for details on
94 how to configure services to be started on demand.
95
97 -C<someCommandLineOption>
98 Specifies an option that is passed as a command-line argument to
99 each child process (activation group) of rmid when that process is
100 created. For example, you could pass a property to each virtual
101 machine spawned by the activation system daemon:
102 rmid -C-Dsome.property=value
103 This ability to pass command-line arguments to child processes can
104 be useful for debugging. For example, the following command:
105 rmid -C-Djava.rmi.server.logCalls=true
106 will enable server-call logging in all child VMs.
107 -J<someCommandLineOption>
109 Specifies an option that is passed to the java interpreter running
110 rmid. For example, to specify that rmid use a policy file named
111 rmid.policy, the -J option can be used to define the java.secu‐
112 rity.policy property on rmid's command line, for example:
113 rmid -J-Djava.security.policy=rmid.policy
114 -J-Dsun.rmi.activation.execPolicy=<policy>
117 Specifies the policy that rmid employs to check commands and com‐
118 mand-line options used to launch the VM in which an activation group
119 runs. Please note that this option exists only in Sun's implementa‐
120 tion of the Java RMI activation daemon. If this property is not
121 specified on the command line, the result is the same as if
122 -J-Dsun.rmi.activation.execPolicy=default were specified. The possi‐
123 ble values of <policy> can be default, <policyClassName>, or none:
124 * default (or if this property is unspecified)
126 The default execPolicy allows rmid to execute commands with specific
128 command-line options only if rmid has been granted permission to
129 execute those commands and options in the security policy file that
130 rmid uses. Only the default activation group implementation can be
131 used with the default execution policy.
132 rmid launches a VM for an activation group using the information in
134 the group's registered activation group descriptor, an Activation‐
135 GroupDesc. The group descriptor specifies an optional Activation‐
136 GroupDesc.CommandEnvironment which includes the command to execute
137 to start the activation group as well as any command line options to
138 be added to the command line. By default, rmid uses the java command
139 found in java.home. The group descriptor also contains properties
140 overrides that are added to the command line as options defined as:
141 -D<property>=<value>
142 The permission com.sun.rmi.rmid.ExecPermission is used to grant rmid
144 permission to execute a command, specified in the group descriptor's
145 CommandEnvironment to launch an activation group. The permission
146 com.sun.rmi.rmid.ExecOptionPermission is used to allow rmid to use
147 command-line options, specified as properties overrides in the group
148 descriptor or as options in the CommandEnvironment, when launching
149 the activation group.
150 When granting rmid permission to execute various commands and
152 options, the permissions ExecPermission and ExecOptionPermission
153 need to be granted universally (i.e., granted to all code sources).
154 ExecPermission
156 The ExecPermission class represents permission for rmid to exe‐
157 cute a specific command to launch an activation group.
158 Syntax
160 The name of an ExecPermission is the path name of a command to grant
161 rmid permission to execute. A path name that ends in "/*" indicates
162 all the files contained in that directory (where "/" is the
163 file-separator character, File.separatorChar). A path name that ends
164 with "/-" indicates all files and subdirectories contained in that
165 directory (recursively). A path name consisting of the special token
166 "<<ALL FILES>>" matches any file.
167 Note: A path name consisting of a single "*" indicates all the files
169 in the current directory, while a path name consisting of a single
170 "-" indicates all the files in the current directory and (recur‐
171 sively) all files and subdirectories contained in the current direc‐
172 tory.
173 ExecOptionPermission
175 The ExecOptionPermission class represents permission for rmid to
176 use a specific command-line option when launching an activation
177 group. The name of an ExecOptionPermission is the value of a com‐
178 mand line option.
179 Syntax
181 Options support a limited wildcard scheme. An asterisk signifies a
182 wildcard match, and it may appear as the option name itself (i.e.,
183 it matches any option), or an asterisk may appear at the end of the
184 option name only if the asterisk follows either a "." or "=".
185 For example: "*" or "-Dfoo.*" or "-Da.b.c=*" is valid, "*foo" or
187 "-Da*b" or "ab*" is not.
188 Policy file for
190 rmid When granting rmid permission to execute various commands
191 and options, the permissions ExecPermission and ExecOptionPermis‐
192 sion need to be granted universally (i.e., granted to all code
193 sources). It is safe to grant these permissions universally
194 because only rmid checks these permissions.
195 An example policy file that grants various execute permissions to
197 rmid is:
198 grant {
199 permission com.sun.rmi.rmid.ExecPermission
200 "/files/apps/java/jdk1.2.2/solaris/bin/java";
201 permission com.sun.rmi.rmid.ExecPermission
203 "/files/apps/java/jdk1.2.2/solaris/bin/java_g";
204 permission com.sun.rmi.rmid.ExecPermission
206 "/files/apps/rmidcmds/*";
207 permission com.sun.rmi.rmid.ExecOptionPermission
209 "-Djava.security.policy=/files/policies/group.policy";
210 permission com.sun.rmi.rmid.ExecOptionPermission
212 "-Djava.security.debug=*";
213 permission com.sun.rmi.rmid.ExecOptionPermission
215 "-Dsun.rmi.*";
216 };
217 The first two permissions granted allow rmid to execute the 1.2.2
218 version of the java and java_g commands, specified by their explicit
219 path names. Note that by default, the version of the java command
220 found in java.home is used (the same one that rmid uses), and does
221 not need to be specified in the policy file. The third permission
222 allows rmid to execute any command in the directory
223 /files/apps/rmidcmds.
224 The fourth permission granted, an ExecOptionPermission, allows rmid
226 to launch an activation group that defines the security policy file
227 to be /files/policies/group.policy. The next permission allows the
228 java.security.debug property to be used by an activation group. The
229 last permission allows any property in the sun.rmi property name
230 hierarchy to be used by activation groups.
231 To start rmid with a policy file, the java.security.policy property
233 needs to be specified on rmid's command line, for example:
234 rmid -J-Djava.security.policy=rmid.policy
237 *
239 * <policyClassName>
241 If the default behavior is not flexible enough, an administrator can
243 provide, when starting rmid, the name of a class whose checkExecCom‐
244 mand method is executed in order to check commands to be executed by
245 rmid.
246 The policyClassName specifies a public class with a public, no-argu‐
248 ment constructor and an implementation of the following checkExec‐
249 Command method:
250 public void checkExecCommand(ActivationGroupDesc desc,
251 String[] command)
252 throws SecurityException;
253 Before launching an activation group, rmid calls the policy's check‐
254 ExecCommand method, passing it the activation group descriptor and
255 an array containing the complete command to launch the activation
256 group. If the checkExecCommand throws a SecurityException, rmid will
257 not launch the activation group and an ActivationException will be
258 thrown to the caller attempting to activate the object.
259 * none
261 If the sun.rmi.activation.execPolicy property value is "none", then
263 rmid will not perform any validation of commands to launch activa‐
264 tion groups.
265 -log dir
267 Specifies the name of the directory the activation system daemon
268 uses to write its database and associated information. The log
269 directory defaults to creating a directory, log, in the directory in
270 which the rmid command was executed.
271 -port port
273 Specifies the port rmid's registry uses. The activation system dae‐
274 mon binds the ActivationSystem, with the name java.rmi.activa‐
275 tion.ActivationSystem, in this registry. Thus, the ActivationSystem
276 on the local machine can be obtained using the following Nam‐
277 ing.lookup method call:
278 import java.rmi.*;
279 import java.rmi.activation.*;
280 ActivationSystem system; system = (ActivationSystem)
282 Naming.lookup("//:port/java.rmi.activation.ActivationSystem");
283 -stop
285 Stops the current invocation of rmid, for a port specified by the
286 -port option. If no port is specified, it will stop the rmid running
287 on port 1098.
288
290 CLASSPATH
291 Used to provide the system a path to user-defined classes. Directo‐
292 ries are separated by colons. For example:
293 .:/usr/local/java/classes
294
297 rmic, CLASSPATH, java
298 05 Aug 2006 rmid(1)