5

I'm using RMI to invoke a method that is specified to return an object of class ClassX.

ClassX xObj = remoteObject.meth(...);

If the remote method actually returns an instance of a locally unknown subclass SubclassOfX of ClassX, this class SubclassOfX is automatically downloaded from a codebase (as specified by the annotation on the serialized instance of SubclassOfX).
(for those who need it: codebase concept in RMI)

Before Java17, a SecurityManager (and a policy file) had to be used to allow class loading from the codebase. But starting with Java17, the SecurityManager is deprecated and marked for removal.

My question now: how to allow/control class loading from a codebase in the future?

Edit1: And just to answer to comment citing jep411: I know about this document, but there is no solution/alternative given in it for this RMI use case of SecurityManager.

Improve this question
4
  • 1
    (Hi & Welcome!;)"There is no replacement for the Security Manager. See JEP 411 for discussion and alternatives." Commented Jan 1, 2022 at 13:52
  • ...so: "don't worry until" 27/29, as i understand: (jep411+) en.wikipedia.org/wiki/Java_version_history Commented Jan 1, 2022 at 14:00
  • 1
    I know about jep411, but I can't find any solution/alternative given in it for this classical RMI use case of SecurityManager. Commented Jan 1, 2022 at 16:59
  • @Progman The codebase is a well-known feature of RMI. It would be familiar to anybody competent to answer the question. Commented Jan 24, 2022 at 1:00
Related questions
5
Java RMI with no SecurityManager
4
RMISecurityManager vs. SecurityManager
32
Java: no security manager: RMI class loader disabled
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.