1RMID(1) JDK Commands RMID(1)
2
3
4
6 rmid - start the activation system daemon that enables objects to be
7 registered and activated in a Java Virtual Machine (JVM)
8
10 rmid [options]
11
12 options
13 This represent the command-line options for the rmid command.
14 See Options for rmid.
15
17 Deprecation Notice: The rmid tool and the RMI Activation mechanism have
18 been deprecated and may be removed from a future version of the plat‐
19 form. See JEP 385 [https://openjdk.java.net/jeps/385] for further in‐
20 formation.
21
22 The rmid command starts the activation system daemon. The activation
23 system daemon must be started before objects that can be activated are
24 either registered with the activation system or activated in a JVM.
25
26 Start the daemon by executing the rmid command and specifying a securi‐
27 ty policy file, as follows:
28
29 rmid -J-Djava.security.policy=rmid.policy
30
31 When you run Oracle's implementation of the rmid command, by default
32 you must specify a security policy file so that the rmid command can
33 verify whether or not the information in each ActivationGroupDesc is
34 allowed to be used to start a JVM for an activation group. Specifical‐
35 ly, the command and options specified by the CommandEnvironment and any
36 properties passed to an ActivationGroupDesc constructor must now be ex‐
37 plicitly allowed in the security policy file for the rmid command. The
38 value of the sun.rmi.activation.execPolicy property dictates the policy
39 that the rmid command uses to determine whether or not the information
40 in an ActivationGroupDesc can be used to start a JVM for an activation
41 group. For more information see the description of the -J-Dsun.rmi.ac‐
42 tivation.execPolicy=policy option.
43
44 Executing the rmid command starts the Activator and an internal reg‐
45 istry on the default port 1098 and binds an ActivationSystem to the
46 name java.rmi.activation.ActivationSystem in this internal registry.
47
48 To specify an alternate port for the registry, you must specify the
49 -port option when you execute the rmid command. For example, the fol‐
50 lowing command starts the activation system daemon and a registry on
51 the registry's default port, 1099.
52
53 rmid -J-Djava.security.policy=rmid.policy -port 1099
54
56 An alternative to starting rmid from the command line is to configure
57 xinetd (Linux) to start rmid on demand.
58
59 When RMID starts, it attempts to obtain an inherited channel (inherited
60 from inetd/xinetd) by calling the System.inheritedChannel method. If
61 the inherited channel is null or not an instance of java.nio.chan‐
62 nels.ServerSocketChannel, then RMID assumes that it wasn't started by
63 inetd/xinetd, and it starts as previously described.
64
65 If the inherited channel is a ServerSocketChannel instance, then RMID
66 uses the java.net.ServerSocket obtained from the ServerSocketChannel as
67 the server socket that accepts requests for the remote objects it ex‐
68 ports: The registry in which the java.rmi.activation.ActivationSystem
69 is bound and the java.rmi.activation.Activator remote object. In this
70 mode, RMID behaves the same as when it is started from the command
71 line, except in the following cases:
72
73 · Output printed to System.err is redirected to a file. This file is
74 located in the directory specified by the java.io.tmpdir system prop‐
75 erty (typically /var/tmp or /tmp) with the prefix rmid-err and the
76 suffix tmp.
77
78 · The -port option isn't allowed. If this option is specified, then
79 RMID exits with an error message.
80
81 · The -log option is required. If this option isn't specified, then
82 RMID exits with an error message
83
85 -Coption
86 Specifies an option that's passed as a command-line argument to
87 each child process (activation group) of the rmid command when
88 that process is created. For example, you could pass a property
89 to each virtual machine spawned by the activation system daemon:
90
91 rmid -C-Dsome.property=value
92
93 This ability to pass command-line arguments to child processes
94 can be useful for debugging. For example, the following command
95 enables server-call logging in all child JVMs.
96
97 rmid -C-Djava.rmi.server.logCalls=true
98
99 -Joption
100 Specifies an option that's passed to the Java interpreter run‐
101 ning RMID command. For example, to specify that the rmid com‐
102 mand use a policy file named rmid.policy, the -J option can be
103 used to define the java.security.policy property on the rmid
104 command line, for example:
105
106 rmid -J-Djava.security.policy-rmid.policy
107
108 -J-Dsun.rmi.activation.execPolicy=policy
109 Specifies the policy that the RMID command employs to check com‐
110 mands and command-line options used to start the JVM in which an
111 activation group runs. This option exists only in Oracle's im‐
112 plementation of the Java RMI activation daemon. If this proper‐
113 ty isn't specified on the command line, then the result is the
114 same as though -J-Dsun.rmi.activation.execPolicy=default were
115 specified.
116
117 The possible values of policy can be default, policyClassName,
118 or none.
119
120 · default
121
122 The default or unspecified value execPolicy allows the rmid
123 command to execute commands with specific command-line options
124 only when the rmid command was granted permission to execute
125 those commands and options in the security policy file that
126 the rmid command uses. Only the default activation group im‐
127 plementation can be used with the default execution policy.
128
129 The rmid command starts a JVM for an activation group with the
130 information in the group's registered activation group de‐
131 scriptor, ActivationGroupDesc. The group descriptor specifies
132 an optional ActivationGroupDesc.CommandEnvironment that in‐
133 cludes the command to execute to start the activation group
134 and any command-line options to be added to the command line.
135 By default, the rmid command uses the java command found in
136 java.home. The group descriptor also contains properties
137 overrides that are added to the command line as options de‐
138 fined as: -Dproperty=value. The com.sun.rmi.rmid.ExecPermis‐
139 sion permission grants the rmid command permission to execute
140 a command that's specified in the group descriptor's Comman‐
141 dEnvironment to start an activation group. The
142 com.sun.rmi.rmid.ExecOptionPermission permission enables the
143 rmid command to use command-line options, specified as proper‐
144 ties overrides in the group descriptor or as options in the
145 CommandEnvironment when starting the activation group. When
146 granting the rmid command permission to execute various com‐
147 mands and options, the permissions ExecPermission and ExecOp‐
148 tionPermission must be granted to all code sources.
149
150 ExecPermission class: Represents permission for the rmid com‐
151 mand to execute a specific command to start an activation
152 group.
153
154 ExecPermission syntax: The name of ExecPermission is the path
155 name of a command to grant the rmid command permission to exe‐
156 cute.
157
158 A path name that ends in a slash (/) and an asterisk (*) indi‐
159 cates that all of the files are contained in that directory
160 where the slash is the file-separator character, File.separa‐
161 torChar.
162
163 A path name that ends in a slash (/) and a minus sign (-) in‐
164 dicates that all files and subdirectories are contained in
165 that directory (recursively).
166
167 A path name that consists of the special token <<ALL FILES>>
168 matches any file.
169
170 A path name that consists of an asterisk (*) indicates that
171 all the files are in the current directory.
172
173 A path name that consists of a minus sign (-) indicates that
174 all the files are in the current directory and (recursively)
175 all files and subdirectories are contained in the current di‐
176 rectory.
177
178 ExecOptionPermission class: Represents permission for the rmid
179 command to use a specific command-line option when starting an
180 activation group. The name of ExecOptionPermission is the
181 value of a command-line option.
182
183 ExecOptionPermission syntax: Options support a limited wild
184 card scheme. An asterisk signifies a wild card match, and it
185 can appear as the option name itself (matches any option), or
186 an asterisk (*) can appear at the end of the option name only
187 when the asterisk (*) follows a dot (.) or an equals sign (=).
188
189 For example: * or -Dmydir.* or -Da.b.c=* is valid, but *mydir
190 or -Da*b or ab* isn't valid.
191
192 Policy file for rmid
193
194 When you grant the rmid command permission to execute various
195 commands and options, the permissions ExecPermission and Exe‐
196 cOptionPermission must be granted to all code sources (univer‐
197 sally). It is safe to grant these permissions universally be‐
198 cause only the rmid command checks these permissions.
199
200 An example policy file that grants various execute permissions
201 to the rmid command is:
202
203 · Linux:
204
205 grant {
206 permission com.sun.rmi.rmid.ExecPermission
207 "/files/apps/java/jdk1.7.0/linux/bin/java";
208
209 permission com.sun.rmi.rmid.ExecPermission
210 "/files/apps/rmidcmds/*";
211
212 permission com.sun.rmi.rmid.ExecOptionPermission
213 "-Djava.security.policy=/files/policies/group.policy";
214
215 permission com.sun.rmi.rmid.ExecOptionPermission
216 "-Djava.security.debug=*";
217
218 permission com.sun.rmi.rmid.ExecOptionPermission
219 "-Dsun.rmi.*";
220 };
221
222 · Windows:
223
224 grant {
225 permission com.sun.rmi.rmid.ExecPermission
226 "c:\\files\\apps\\java\\jdk1.7.0\\win\\bin\\java";
227
228 permission com.sun.rmi.rmid.ExecPermission
229 "c:\\files\\apps\\rmidcmds\\*";
230
231 permission com.sun.rmi.rmid.ExecOptionPermission
232 "-Djava.security.policy=c:\\files\\policies\\group.policy";
233
234 permission com.sun.rmi.rmid.ExecOptionPermission
235 "-Djava.security.debug=*";
236
237 permission com.sun.rmi.rmid.ExecOptionPermission
238 "-Dsun.rmi.*";
239 };
240
241 The first permission granted allows the rmid command to exe‐
242 cute the 1.7.0 release of the java command, specified by its
243 explicit path name. By default, the version of the java com‐
244 mand found in java.home is used (the same one that the rmid
245 command uses), and doesn't need to be specified in the policy
246 file. The second permission allows the rmid command to exe‐
247 cute any command in either the directory /files/apps/rmidcmds
248 (Linux and macOS) or the directory c:\files\apps\rmidcmds\
249 (Windows).
250
251 The third permission granted, ExecOptionPermission, allows the
252 rmid command to start an activation group that defines the se‐
253 curity policy file to be either /files/policies/group.policy
254 (Linux) or c:\files\policies\group.policy (Windows). The next
255 permission allows the java.security.debug property to be used
256 by an activation group. The last permission allows any prop‐
257 erty in the sun.rmi property name hierarchy to be used by ac‐
258 tivation groups.
259
260 To start the rmid command with a policy file, the java.securi‐
261 ty.policy property needs to be specified on the rmid command
262 line, for example:
263
264 rmid -J-Djava.security.policy=rmid.policy.
265
266 · policyClassName
267
268 If the default behavior isn't flexible enough, then an admin‐
269 istrator can provide, when starting the rmid command, the name
270 of a class whose checkExecCommand method is executed to check
271 commands to be executed by the rmid command.
272
273 The policyClassName specifies a public class with a public,
274 no-argument constructor and an implementation of the following
275 checkExecCommand method:
276
277 public void checkExecCommand(ActivationGroupDesc desc, String[] command)
278 throws SecurityException;
279
280 Before starting an activation group, the rmid command calls
281 the policy's checkExecCommand method and passes to it the ac‐
282 tivation group descriptor and an array that contains the com‐
283 plete command to start the activation group. If the checkEx‐
284 ecCommand throws a SecurityException, then the rmid command
285 doesn't start the activation group and an ActivationException
286 is thrown to the caller attempting to activate the object.
287
288 · none
289
290 If the sun.rmi.activation.execPolicy property value is none,
291 then the rmid command doesn't perform any validation of com‐
292 mands to start activation groups.
293
294 -log dir
295 Specifies the name of the directory that the activation system
296 daemon uses to write its database and associated information.
297 The log directory defaults to creating a log, in the directory
298 in which the rmid command was executed.
299
300 -port port
301 Specifies the port that the registry uses. The activation sys‐
302 tem daemon binds ActivationSystem, with the name java.rmi.acti‐
303 vation.ActivationSystem, in this registry. The ActivationSystem
304 on the local machine can be obtained using the following Nam‐
305 ing.lookup method call:
306
307 import java.rmi.*;
308 import java.rmi.activation.*;
309
310 ActivationSystem system; system = (ActivationSystem)
311 Naming.lookup("//:port/java.rmi.activation.ActivationSystem");
312
313 -stop Stops the current invocation of the rmid command for a port
314 specified by the -port option. If no port is specified, then
315 this option stops the rmid invocation running on port 1098.
316
317
318
319JDK 16 2021 RMID(1)