• Oracle Technology Network
• Software Downloads
• Documentation

Search

rmid starts the activation system daemon that allowsobjects to be registered and activated in a virtual machine(VM).

SYNOPSIS

rmid [options]

DESCRIPTION

Thermid tool starts the activation system daemon. Theactivation system daemon must be started before activatable objectscan be either registered with the activation system or activated ina VM. See theJava RMISpecification andActivationtutorials for details on how to write programs that useactivatable remote objects.

The daemon can be started by executing thermidcommand, and specifying a security policy file, as follows:

    rmid -J-Djava.security.policy=rmid.policy

Note: When running Sun's implementation ofrmid, by default you will need to specify a securitypolicy file so thatrmid can verify whether or not theinformation in eachActivationGroupDesc is allowed tobe used to launch a VM for an activation group. Specifically, thecommand and options specified by theCommandEnvironment and anyPropertiespassed to anActivationGroupDesc's constructor mustnow be explicitly allowed in thesecuritypolicy file forrmid. The value of thesun.rmi.activation.execPolicyproperty dictates the policy thatrmid uses todetermine whether or not the information in anActivationGroupDesc may be used to launch a VM for anactivation group.

Executingrmid by default

• starts the Activator and an internal registry on the defaultport, 1098, and
• binds anActivationSystem to the namejava.rmi.activation.ActivationSystem in this internalregistry.

To specify an alternate port for the registry, you must specifythe-port option when starting uprmid.For example,

    rmid -J-Djava.security.policy=rmid.policy -port 1099

starts the activation system daemon and a registry on theregistry's default port, 1099.

Startingrmid frominetd/xinetd

An alternative to startingrmid from the commandline is to configureinetd (Solaris) orxinetd (Linux) to startrmid ondemand.

Whenrmid starts up, it attempts to obtain aninherited channel (inherited frominetd/xinetd) by invoking theSystem.inheritedChannel method. If the inheritedchannel isnull or not an instance ofjava.nio.channels.ServerSocketChannel, thenrmid assumes that it was not started byinetd/xinetd, and it starts up asdescribed above.

If the inherited channel is aServerSocketChannelinstance, thenrmid uses thejava.net.ServerSocket obtained from theServerSocketChannel as the server socket that acceptsrequests for the remote objects it exports, namely the registry inwhich thejava.rmi.activation.ActivationSystem isbound and thejava.rmi.activation.Activator remoteobject. In this mode,rmid behaves the same as when itis started from the command line,except:

• Output printed toSystem.err is redirected to afile. This file is located in the directory specified by thejava.io.tmpdir system property (typically/var/tmp or/tmp) with the prefix"rmid-err" and the suffix"tmp".
• The-port option is disallowed. If this option isspecified,rmid will exit with an error message.
• The-log option is required. If this option is notspecified,rmid will exit with an error message.

See the man pages forinetd (Solaris) orxinetd (Linux) for details on how to configureservices to be started on demand.

OPTIONS

-C<someCommandLineOption>

Specifies an option that is passed as a command-line argumentto each child process (activation group) ofrmid whenthat process is created. For example, you could pass a property toeach virtual machine spawned by the activation system daemon:

    rmid -C-Dsome.property=value

This ability to pass command-line arguments to child processes canbe useful for debugging. For example, the following command:

    rmid -C-Djava.rmi.server.logCalls=true

will enable server-call logging in all child VMs.

-J<someCommandLineOption>

Specifies an option that is passed to thejavainterpreter runningrmid. For example, to specify thatrmid use a policy file namedrmid.policy,the-J option can be used to define thejava.security.policy property onrmid'scommand line, for example:

    rmid -J-Djava.security.policy=rmid.policy

-J-Dsun.rmi.activation.execPolicy=<policy>

Specifies the policy thatrmid employs to checkcommands and command-line options used to launch the VM in which anactivation group runs. Please note that this option exists only inSun's implementation of the Java RMI activation daemon. If thisproperty is not specified on the command line, the result is thesame as if-J-Dsun.rmi.activation.execPolicy=defaultwere specified. The possible values of<policy> can bedefault,<policyClassName>, ornone:

• default (or if thisproperty isunspecified)

  The defaultexecPolicy allowsrmid toexecute commands with specific command-line options only ifrmid has been granted permission to execute thosecommands and options inthe security policyfile thatrmid uses. Only the default activationgroup implementation can be used with thedefault executionpolicy.

  rmid launches a VM for an activation group usingthe information in the group's registered activation groupdescriptor, anActivationGroupDesc. The groupdescriptor specifies an optionalActivationGroupDesc.CommandEnvironment which includesthecommand to execute to start the activation group as wellas any command lineoptions to be added to the command line.By default,rmid uses thejava commandfound injava.home. The group descriptor also containsproperties overrides that are added to the command line asoptions defined as:

      -D<property>=<value>

  The permissioncom.sun.rmi.rmid.ExecPermission isused to grantrmid permission to execute a command,specified in the group descriptor'sCommandEnvironmentto launch an activation group. The permissioncom.sun.rmi.rmid.ExecOptionPermission is used to allowrmid to use command-line options, specified asproperties overrides in the group descriptor or as options in theCommandEnvironment, when launching the activationgroup.

  When grantingrmid permission to execute variouscommands and options, the permissionsExecPermission andExecOptionPermission needto be granted universally (i.e., granted to all code sources).

  ExecPermission
  

  TheExecPermission class represents permission forrmid to execute a specificcommand to launch anactivation group.

  Syntax
  Thename of anExecPermission is the path nameof a command to grantrmid permission to execute. Apath name that ends in "/*" indicates all the files contained inthat directory (where "/" is the file-separator character,File.separatorChar). A path name that ends with "/-"indicates all files and subdirectories contained in that directory(recursively). A path name consisting of the special token"<<ALL FILES>>" matchesany file.

  Note: A path name consisting of a single "*" indicatesall the files in the current directory, while a path nameconsisting of a single "-" indicates all the files in the currentdirectory and (recursively) all files and subdirectories containedin the current directory.

  ExecOptionPermission
  

  TheExecOptionPermission class representspermission forrmid to use a specific command-lineoption when launching an activation group. Thenameof anExecOptionPermission is the value of a commandline option.

  Syntax
  Options support a limited wildcard scheme. An asterisk signifies awildcard match, and it may appear as the option name itself (i.e.,it matches any option), or an asterisk may appear at the end of theoption name only if the asterisk follows either a "." or "=".

  For example: "*" or "-Dfoo.*" or "-Da.b.c=*" is valid, "*foo" or"-Da*b" or "ab*" is not.

  Policy file forrmid
  

  When grantingrmid permission to execute variouscommands and options, the permissionsExecPermissionandExecOptionPermission need to be granteduniversally (i.e., granted to all code sources). It is safe togrant these permissions universally because onlyrmidchecks these permissions.

  An example policy file that grants various execute permissionstormid is:

  grant {    permission com.sun.rmi.rmid.ExecPermission        "/files/apps/java/jdk1.7.0/solaris/bin/java";    permission com.sun.rmi.rmid.ExecPermission        "/files/apps/rmidcmds/*";    permission com.sun.rmi.rmid.ExecOptionPermission        "-Djava.security.policy=/files/policies/group.policy";    permission com.sun.rmi.rmid.ExecOptionPermission        "-Djava.security.debug=*";    permission com.sun.rmi.rmid.ExecOptionPermission        "-Dsun.rmi.*";};

  The first permission granted allowrmid to execute the1.7.0 version of thejava command, specified by itsexplicit path name. Note that by default, the version of thejava command found injava.home is used(the same one thatrmid uses), and does not need to bespecified in the policy file. The second permission allowsrmid to execute any command in the directory/files/apps/rmidcmds.

  The third permission granted, anExecOptionPermission, allowsrmid tolaunch an activation group that defines the security policy file tobe/files/policies/group.policy. The next permissionallows thejava.security.debug property to be used byan activation group. The last permission allows any property in thesun.rmi property name hierarchy to be used byactivation groups.

  To startrmid with a policy file, thejava.security.policy property needs to be specified onrmid's command line, for example:

  rmid -J-Djava.security.policy=rmid.policy

• <policyClassName>

  If the default behavior is not flexible enough, an administratorcan provide, when startingrmid, the name of a classwhosecheckExecCommand method is executed in order tocheck commands to be executed by rmid.

  ThepolicyClassName specifies a public class with apublic, no-argument constructor and an implementation of thefollowingcheckExecCommand method:

      public void checkExecCommand(ActivationGroupDesc desc,                                 String[] command)        throws SecurityException;

  Before launching an activation group,rmid calls thepolicy'scheckExecCommand method, passing it theactivation group descriptor and an array containing the completecommand to launch the activation group. If thecheckExecCommand throws aSecurityException,rmid will not launchthe activation group and anActivationException willbe thrown to the caller attempting to activate the object.
• none

  If thesun.rmi.activation.execPolicy property valueis "none", thenrmid will not perform any validationof commands to launch activation groups.

-logdir

Specifies the name of the directory the activation systemdaemon uses to write its database and associated information. Thelog directory defaults to creating a directory,log,in the directory in which thermid command wasexecuted.

-portport

Specifies the portrmid's registry uses. Theactivation system daemon binds theActivationSystem,with the namejava.rmi.activation.ActivationSystem, inthis registry. Thus, theActivationSystem on the localmachine can be obtained using the followingNaming.lookup method call:

    import java.rmi.*;     import java.rmi.activation.*;    ActivationSystem system; system = (ActivationSystem)    Naming.lookup("//:port/java.rmi.activation.ActivationSystem");

-stop

Stops the current invocation ofrmid, for a portspecified by the-port option. If no port isspecified, it will stop thermid running on port1098.

ENVIRONMENT VARIABLES

CLASSPATH

Used to provide the system a path to user-defined classes.Directories are separated by colons. For example:

    .:/usr/local/java/classes

SEE ALSO

rmic,CLASSPATH,java