1 '\" t 2 .\" Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. 3 .\" DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 .\" 5 .\" This code is free software; you can redistribute it and/or modify it 6 .\" under the terms of the GNU General Public License version 2 only, as 7 .\" published by the Free Software Foundation. 8 .\" 9 .\" This code is distributed in the hope that it will be useful, but WITHOUT 10 .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 .\" version 2 for more details (a copy is included in the LICENSE file that 13 .\" accompanied this code). 14 .\" 15 .\" You should have received a copy of the GNU General Public License version 16 .\" 2 along with this work; if not, write to the Free Software Foundation, 17 .\" Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 .\" 19 .\" Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 .\" or visit www.oracle.com if you need additional information or have any 21 .\" questions. 22 .\" 23 .\" Arch: generic 24 .\" Software: JDK 8 25 .\" Date: 21 November 2013 26 .\" SectDesc: Remote Method Invocation (RMI) Tools 27 .\" Title: rmid.1 28 .\" 29 .if n .pl 99999 30 .TH rmid 1 "21 November 2013" "JDK 8" "Remote Method Invocation (RMI) Tools" 31 .\" ----------------------------------------------------------------- 32 .\" * Define some portability stuff 33 .\" ----------------------------------------------------------------- 34 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 35 .\" http://bugs.debian.org/507673 36 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html 37 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 38 .ie \n(.g .ds Aq \(aq 39 .el .ds Aq ' 40 .\" ----------------------------------------------------------------- 41 .\" * set default formatting 42 .\" ----------------------------------------------------------------- 43 .\" disable hyphenation 44 .nh 45 .\" disable justification (adjust text to left margin only) 46 .ad l 47 .\" ----------------------------------------------------------------- 48 .\" * MAIN CONTENT STARTS HERE * 49 .\" ----------------------------------------------------------------- 50 51 .SH NAME 52 rmid \- Starts the activation system daemon that enables objects to be registered and activated in a Java Virtual Machine (JVM)\&. 53 .SH SYNOPSIS 54 .sp 55 .nf 56 57 \fBrmid\fR [\fIoptions\fR] 58 .fi 59 .sp 60 .TP 61 \fIoptions\fR 62 The command-line options\&. See Options\&. 63 .SH DESCRIPTION 64 The \f3rmid\fR command starts the activation system daemon\&. The activation system daemon must be started before activatable objects can be either registered with the activation system or activated in a JVM\&. For details on how to write programs that use activatable objects, the \fIUsing Activation\fR tutorial at http://docs\&.oracle\&.com/javase/8/docs/technotes/guides/rmi/activation/overview\&.html 65 .PP 66 Start the daemon by executing the \f3rmid\fR command and specifying a security policy file, as follows: 67 .sp 68 .nf 69 \f3rmid \-J\-Djava\&.security\&.policy=rmid\&.policy\fP 70 .fi 71 .nf 72 \f3\fP 73 .fi 74 .sp 75 When you run Oracle\(cqs implementation of the \f3rmid\fR command, by default you must specify a security policy file so that the \f3rmid\fR command can verify whether or not the information in each \f3ActivationGroupDesc\fR is allowed to be used to start a JVM for an activation group\&. Specifically, the command and options specified by the \f3CommandEnvironment\fR and any properties passed to an \f3ActivationGroupDesc\fR constructor must now be explicitly allowed in the security policy file for the \f3rmid\fR command\&. The value of the \f3sun\&.rmi\&.activation\&.execPolicy\fR property dictates the policy that the \f3rmid\fR command uses to determine whether or not the information in an \f3ActivationGroupDesc\fR can be used to start a JVM for an activation group\&. For more information see the description of the -J-Dsun\&.rmi\&.activation\&.execPolicy=policy option\&. 76 .PP 77 Executing the \f3rmid\fR command starts the Activator and an internal registry on the default port1098 and binds an \f3ActivationSystem\fR to the name \f3java\&.rmi\&.activation\&.ActivationSystem\fR in this internal registry\&. 78 .PP 79 To specify an alternate port for the registry, you must specify the \f3-port\fR option when you execute the \f3rmid\fR command\&. For example, the following command starts the activation system daemon and a registry on the registry\&'s default port, 1099\&. 80 .sp 81 .nf 82 \f3rmid \-J\-Djava\&.security\&.policy=rmid\&.policy \-port 1099\fP 83 .fi 84 .nf 85 \f3\fP 86 .fi 87 .sp 88 .SH START\ RMID\ ON\ DEMAND 89 An alternative to starting \f3rmid\fR from the command line is to configure \f3inetd\fR (Oracle Solaris) or \f3xinetd\fR (Linux) to start \f3rmid\fR on demand\&. 90 .PP 91 When RMID starts, it attempts to obtain an inherited channel (inherited from \f3inetd\fR/\f3xinetd\fR) by calling the \f3System\&.inheritedChannel\fR method\&. If the inherited channel is null or not an instance of \f3java\&.nio\&.channels\&.ServerSocketChannel\fR, then RMID assumes that it was not started by \f3inetd\fR/\f3xinetd\fR, and it starts as previously described\&. 92 .PP 93 If the inherited channel is a \f3ServerSocketChannel\fR instance, then RMID uses the \f3java\&.net\&.ServerSocket\fR obtained from the \f3ServerSocketChannel\fR as the server socket that accepts requests for the remote objects it exports: The registry in which the \f3java\&.rmi\&.activation\&.ActivationSystem\fR is bound and the \f3java\&.rmi\&.activation\&.Activator\fR remote object\&. In this mode, RMID behaves the same as when it is started from the command line, except in the following cases: 94 .TP 0.2i 95 \(bu 96 Output printed to \f3System\&.err\fR is redirected to a file\&. This file is located in the directory specified by the \f3java\&.io\&.tmpdir\fR system property (typically \f3/var/tmp\fR or \f3/tmp\fR) with the prefix \f3rmid-err\fR and the suffix \f3tmp\fR\&. 97 .TP 0.2i 98 \(bu 99 The \f3-port\fR option is not allowed\&. If this option is specified, then RMID exits with an error message\&. 100 .TP 0.2i 101 \(bu 102 The \f3-log\fR option is required\&. If this option is not specified, then RMID exits with an error message 103 .PP 104 See the man pages for \f3inetd\fR (Oracle Solaris) or \f3xinetd\fR (Linux) for details on how to configure services to be started on demand\&. 105 .SH OPTIONS 106 .TP 107 -C\fIoption\fR 108 .br 109 Specifies an option that is passed as a command-line argument to each child process (activation group) of the \f3rmid\fR command when that process is created\&. For example, you could pass a property to each virtual machine spawned by the activation system daemon: 110 .sp 111 .nf 112 \f3rmid \-C\-Dsome\&.property=value\fP 113 .fi 114 .nf 115 \f3\fP 116 .fi 117 .sp 118 119 120 This ability to pass command-line arguments to child processes can be useful for debugging\&. For example, the following command enables server-call logging in all child JVMs\&. 121 .sp 122 .nf 123 \f3rmid \-C\-Djava\&.rmi\&.server\&.logCalls=true\fP 124 .fi 125 .nf 126 \f3\fP 127 .fi 128 .sp 129 130 .TP 131 -J\fIoption\fR 132 .br 133 Specifies an option that is passed to the Java interpreter running RMID\&. For example, to specify that the \f3rmid\fR command use a policy file named \f3rmid\&.policy\fR, the \f3-J\fR option can be used to define the \f3java\&.security\&.policy\fR property on the \f3rmid\fR command line, for example: 134 .sp 135 .nf 136 \f3rmid \-J\-Djava\&.security\&.policy\-rmid\&.policy\fP 137 .fi 138 .nf 139 \f3\fP 140 .fi 141 .sp 142 143 .TP 144 -J-Dsun\&.rmi\&.activation\&.execPolicy=\fIpolicy\fR 145 .br 146 Specifies the policy that RMID employs to check commands and command-line options used to start the JVM in which an activation group runs\&. Please note that this option exists only in Oracle\&'s implementation of the Java RMI activation daemon\&. If this property is not specified on the command line, then the result is the same as though \f3-J-Dsun\&.rmi\&.activation\&.execPolicy=default\fR were specified\&. The possible values of \f3policy\fR can be \f3default\fR, \f3policyClassName\fR, or \f3none\fR\&. 147 .RS 148 .TP 0.2i 149 \(bu 150 default 151 152 The \f3default\fR or unspecified value \f3execPolicy\fR allows the \f3rmid\fR command to execute commands with specific command-line options only when the \f3rmid\fR command was granted permission to execute those commands and options in the security policy file that the \f3rmid\fR command uses\&. Only the default activation group implementation can be used with the default execution policy\&. 153 154 The \f3rmid\fR command starts a JVM for an activation group with the information in the group\&'s registered activation group descriptor, an \f3ActivationGroupDesc\fR\&. The group descriptor specifies an optional \f3ActivationGroupDesc\&.CommandEnvironment\fR that includes the command to execute to start the activation group and any command-line options to be added to the command line\&. By default, the \f3rmid\fR command uses the \f3java\fR command found in \f3java\&.home\fR\&. The group descriptor also contains properties overrides that are added to the command line as options defined as: \f3-D<property>=<value>\fR\&.The \f3com\&.sun\&.rmi\&.rmid\&.ExecPermission\fR permission grants the \f3rmid\fR command permission to execute a command that is specified in the group descriptor\&'s \f3CommandEnvironment\fR to start an activation group\&. The \f3com\&.sun\&.rmi\&.rmid\&.ExecOptionPermission\fR permission enables the \f3rmid\fR command to use command-line options, specified as properties overrides in the group descriptor or as options in the \f3CommandEnvironment\fR when starting the activation group\&.When granting the \f3rmid\fR command permission to execute various commands and options, the permissions \f3ExecPermission\fR and \f3ExecOptionPermission\fR must be granted to all code sources\&. 155 156 \fIExecPermission\fR 157 158 The \f3ExecPermission\fR class represents permission for the \f3rmid\fR command to execute a specific command to start an activation group\&. 159 160 \fISyntax\fR: The name of an \f3ExecPermission\fR is the path name of a command to grant the \f3rmid\fR command permission to execute\&. A path name that ends in a slash (/) and an asterisk (*) indicates that all of the files contained in that directory where slash is the file-separator character, \f3File\&.separatorChar\fR\&. A path name that ends in a slash (/) and a minus sign (-) indicates all files and subdirectories contained in that directory (recursively)\&. A path name that consists of the special token \f3<<ALL FILES>>\fR matches any file\&. 161 162 A path name that consists of an asterisk (*) indicates all the files in the current directory\&. A path name that consists of a minus sign (-) indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory\&. 163 164 \fIExecOptionPermission\fR 165 166 The \f3ExecOptionPermission\fR class represents permission for the \f3rmid\fR command to use a specific command-line option when starting an activation group\&. The name of an \f3ExecOptionPermission\fR is the value of a command-line option\&. 167 168 \fISyntax\fR: Options support a limited wild card scheme\&. An asterisk signifies a wild card match, and it can appear as the option name itself (matches any option), or an asterisk (*) can appear at the end of the option name only when the asterisk (*) follows a dot (\&.) or an equals sign (=)\&. 169 170 For example: \f3*\fR or \f3-Dmydir\&.*\fR or \f3-Da\&.b\&.c=*\fR is valid, but \f3*mydir\fR or \f3-Da*b\fR or \f3ab*\fR is not\&. 171 172 \fIPolicy file for rmid\fR 173 174 When you grant the \f3rmid\fR command permission to execute various commands and options, the permissions \f3ExecPermission\fR and \f3ExecOptionPermission\fR must be granted to all code sources (universally)\&. It is safe to grant these permissions universally because only the \f3rmid\fR command checks these permissions\&. 175 176 An example policy file that grants various execute permissions to the \f3rmid\fR command is: 177 .sp 178 .nf 179 \f3grant {\fP 180 .fi 181 .nf 182 \f3 permission com\&.sun\&.rmi\&.rmid\&.ExecPermission\fP 183 .fi 184 .nf 185 \f3 "/files/apps/java/jdk1\&.7\&.0/solaris/bin/java";\fP 186 .fi 187 .nf 188 \f3\fP 189 .fi 190 .nf 191 \f3 permission com\&.sun\&.rmi\&.rmid\&.ExecPermission\fP 192 .fi 193 .nf 194 \f3 "/files/apps/rmidcmds/*";\fP 195 .fi 196 .nf 197 \f3\fP 198 .fi 199 .nf 200 \f3 permission com\&.sun\&.rmi\&.rmid\&.ExecOptionPermission\fP 201 .fi 202 .nf 203 \f3 "\-Djava\&.security\&.policy=/files/policies/group\&.policy";\fP 204 .fi 205 .nf 206 \f3\fP 207 .fi 208 .nf 209 \f3 permission com\&.sun\&.rmi\&.rmid\&.ExecOptionPermission\fP 210 .fi 211 .nf 212 \f3 "\-Djava\&.security\&.debug=*";\fP 213 .fi 214 .nf 215 \f3\fP 216 .fi 217 .nf 218 \f3 permission com\&.sun\&.rmi\&.rmid\&.ExecOptionPermission\fP 219 .fi 220 .nf 221 \f3 "\-Dsun\&.rmi\&.*";\fP 222 .fi 223 .nf 224 \f3};\fP 225 .fi 226 .nf 227 \f3\fP 228 .fi 229 .sp 230 231 232 The first permission granted allows the \f3rmid\fR tcommand o execute the 1\&.7\&.0 release of the \f3java\fR command, specified by its explicit path name\&. By default, the version of the \f3java\fR command found in \f3java\&.home\fR is used (the same one that the \f3rmid\fR command uses), and does not need to be specified in the policy file\&. The second permission allows the \f3rmid\fR command to execute any command in the directory \f3/files/apps/rmidcmds\fR\&. 233 234 The third permission granted, an \f3ExecOptionPermission\fR, allows the \f3rmid\fR command to start an activation group that defines the security policy file to be \f3/files/policies/group\&.policy\fR\&. The next permission allows the \f3java\&.security\&.debug property\fR to be used by an activation group\&. The last permission allows any property in the \f3sun\&.rmi property\fR name hierarchy to be used by activation groups\&. 235 236 To start the \f3rmid\fR command with a policy file, the \f3java\&.security\&.policy\fR property needs to be specified on the \f3rmid\fR command line, for example: 237 238 \f3rmid -J-Djava\&.security\&.policy=rmid\&.policy\fR\&. 239 .TP 0.2i 240 \(bu 241 <policyClassName> 242 243 If the default behavior is not flexible enough, then an administrator can provide, when starting the \f3rmid\fR command, the name of a class whose \f3checkExecCommand\fR method is executed to check commands to be executed by the \f3rmid\fR command\&. 244 245 The \f3policyClassName\fR specifies a public class with a public, no-argument constructor and an implementation of the following \f3checkExecCommand\fR method: 246 .sp 247 .nf 248 \f3 public void checkExecCommand(ActivationGroupDesc desc, String[] command)\fP 249 .fi 250 .nf 251 \f3 throws SecurityException;\fP 252 .fi 253 .nf 254 \f3\fP 255 .fi 256 .sp 257 258 259 Before starting an activation group, the \f3rmid\fR command calls the policy\&'s \f3checkExecCommand\fR method and passes to it the activation group descriptor and an array that contains the complete command to start the activation group\&. If the \f3checkExecCommand\fR throws a \f3SecurityException\fR, then the \f3rmid\fR command does not start the activation group and an \f3ActivationException\fR is thrown to the caller attempting to activate the object\&. 260 .TP 0.2i 261 \(bu 262 none 263 264 If the \f3sun\&.rmi\&.activation\&.execPolicy\fR property value is \f3none\fR, then the \f3rmid\fR command does not perform any validation of commands to start activation groups\&. 265 .RE 266 267 .TP 268 -log \fIdir\fR 269 .br 270 Specifies the name of the directory the activation system daemon uses to write its database and associated information\&. The log directory defaults to creating a log, in the directory in which the \f3rmid\fR command was executed\&. 271 .TP 272 -port \fIport\fR 273 .br 274 Specifies the port the registry uses\&. The activation system daemon binds the \f3ActivationSystem\fR, with the name \f3java\&.rmi\&.activation\&.ActivationSystem\fR, in this registry\&. The \f3ActivationSystem\fR on the local machine can be obtained using the following \f3Naming\&.lookup\fR method call: 275 .sp 276 .nf 277 \f3import java\&.rmi\&.*; \fP 278 .fi 279 .nf 280 \f3 import java\&.rmi\&.activation\&.*;\fP 281 .fi 282 .nf 283 \f3\fP 284 .fi 285 .nf 286 \f3 ActivationSystem system; system = (ActivationSystem)\fP 287 .fi 288 .nf 289 \f3 Naming\&.lookup("//:port/java\&.rmi\&.activation\&.ActivationSystem");\fP 290 .fi 291 .nf 292 \f3\fP 293 .fi 294 .sp 295 296 .TP 297 -stop 298 .br 299 Stops the current invocation of the \f3rmid\fR command for a port specified by the \f3-port\fR option\&. If no port is specified, then this option stops the \f3rmid\fR invocation running on port 1098\&. 300 .SH ENVIRONMENT\ VARIABLES 301 .TP 302 CLASSPATH 303 Used to provide the system a path to user-defined classes\&. Directories are separated by colons, for example: \f3\&.:/usr/local/java/classes\fR\&. 304 .SH SEE\ ALSO 305 .TP 0.2i 306 \(bu 307 java(1) 308 .TP 0.2i 309 \(bu 310 Setting the Class Path 311 .RE 312 .br 313 'pl 8.5i 314 'bp | 1 .\" Copyright (c) 1994, 2019, Oracle and/or its affiliates. All rights reserved. 2 .\" DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3 .\" 4 .\" This code is free software; you can redistribute it and/or modify it 5 .\" under the terms of the GNU General Public License version 2 only, as 6 .\" published by the Free Software Foundation. 7 .\" 8 .\" This code is distributed in the hope that it will be useful, but WITHOUT 9 .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10 .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 11 .\" version 2 for more details (a copy is included in the LICENSE file that 12 .\" accompanied this code). 13 .\" 14 .\" You should have received a copy of the GNU General Public License version 15 .\" 2 along with this work; if not, write to the Free Software Foundation, 16 .\" Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 17 .\" 18 .\" Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 19 .\" or visit www.oracle.com if you need additional information or have any 20 .\" questions. 21 .\" 22 .\" Automatically generated by Pandoc 2.3.1 23 .\" 24 .TH "RMID" "1" "2018" "JDK 13" "JDK Commands" 25 .hy 26 .SH NAME 27 .PP 28 rmid \- start the activation system daemon that enables objects to be 29 registered and activated in a Java Virtual Machine (JVM) 30 .SH SYNOPSIS 31 .PP 32 \f[CB]rmid\f[R] [\f[I]options\f[R]] 33 .TP 34 .B \f[I]options\f[R] 35 This represent the command\-line options for the \f[CB]rmid\f[R] command. 36 See \f[B]Options for rmid\f[R]. 37 .RS 38 .RE 39 .SH DESCRIPTION 40 .PP 41 The \f[CB]rmid\f[R] command starts the activation system daemon. 42 The activation system daemon must be started before objects that can be 43 activated are either registered with the activation system or activated 44 in a JVM. 45 .PP 46 Start the daemon by executing the \f[CB]rmid\f[R] command and specifying a 47 security policy file, as follows: 48 .RS 49 .PP 50 \f[CB]rmid\ \-J\-Djava.security.policy=rmid.policy\f[R] 51 .RE 52 .PP 53 When you run Oracle\[aq]s implementation of the \f[CB]rmid\f[R] command, 54 by default you must specify a security policy file so that the 55 \f[CB]rmid\f[R] command can verify whether or not the information in each 56 \f[CB]ActivationGroupDesc\f[R] is allowed to be used to start a JVM for an 57 activation group. 58 Specifically, the command and options specified by the 59 \f[CB]CommandEnvironment\f[R] and any properties passed to an 60 \f[CB]ActivationGroupDesc\f[R] constructor must now be explicitly allowed 61 in the security policy file for the \f[CB]rmid\f[R] command. 62 The value of the \f[CB]sun.rmi.activation.execPolicy\f[R] property 63 dictates the policy that the \f[CB]rmid\f[R] command uses to determine 64 whether or not the information in an \f[CB]ActivationGroupDesc\f[R] can be 65 used to start a JVM for an activation group. 66 For more information see the description of the 67 \f[CB]\-J\-Dsun.rmi.activation.execPolicy=policy\f[R] option. 68 .PP 69 Executing the \f[CB]rmid\f[R] command starts the \f[CB]Activator\f[R] and an 70 internal registry on the default port 1098 and binds an 71 \f[CB]ActivationSystem\f[R] to the name 72 \f[CB]java.rmi.activation.ActivationSystem\f[R] in this internal registry. 73 .PP 74 To specify an alternate port for the registry, you must specify the 75 \f[CB]\-port\f[R] option when you execute the \f[CB]rmid\f[R] command. 76 For example, the following command starts the activation system daemon 77 and a registry on the registry\[aq]s default port, 1099. 78 .RS 79 .PP 80 \f[CB]rmid\ \-J\-Djava.security.policy=rmid.policy\ \-port\ 1099\f[R] 81 .RE 82 .SH START RMID ON DEMAND (ORACLE SOLARIS AND LINUX ONLY) 83 .PP 84 An alternative to starting \f[CB]rmid\f[R] from the command line is to 85 configure \f[CB]inetd\f[R] (Oracle Solaris) or \f[CB]xinetd\f[R] (Linux) to 86 start \f[CB]rmid\f[R] on demand. 87 .PP 88 When RMID starts, it attempts to obtain an inherited channel (inherited 89 from \f[CB]inetd\f[R]/\f[CB]xinetd\f[R]) by calling the 90 \f[CB]System.inheritedChannel\f[R] method. 91 If the inherited channel is null or not an instance of 92 \f[CB]java.nio.channels.ServerSocketChannel\f[R], then RMID assumes that 93 it wasn\[aq]t started by \f[CB]inetd\f[R]/\f[CB]xinetd\f[R], and it starts 94 as previously described. 95 .PP 96 If the inherited channel is a \f[CB]ServerSocketChannel\f[R] instance, 97 then RMID uses the \f[CB]java.net.ServerSocket\f[R] obtained from the 98 \f[CB]ServerSocketChannel\f[R] as the server socket that accepts requests 99 for the remote objects it exports: The registry in which the 100 \f[CB]java.rmi.activation.ActivationSystem\f[R] is bound and the 101 \f[CB]java.rmi.activation.Activator\f[R] remote object. 102 In this mode, RMID behaves the same as when it is started from the 103 command line, except in the following cases: 104 .IP \[bu] 2 105 Output printed to \f[CB]System.err\f[R] is redirected to a file. 106 This file is located in the directory specified by the 107 \f[CB]java.io.tmpdir\f[R] system property (typically \f[CB]/var/tmp\f[R] or 108 \f[CB]/tmp\f[R]) with the prefix \f[CB]rmid\-err\f[R] and the suffix 109 \f[CB]tmp\f[R]. 110 .IP \[bu] 2 111 The \f[CB]\-port\f[R] option isn\[aq]t allowed. 112 If this option is specified, then RMID exits with an error message. 113 .IP \[bu] 2 114 The \f[CB]\-log\f[R] option is required. 115 If this option isn\[aq]t specified, then RMID exits with an error 116 message 117 .SH OPTIONS FOR RMID 118 .TP 119 .B \f[CB]\-C\f[R]\f[I]option\f[R] 120 Specifies an option that\[aq]s passed as a command\-line argument to 121 each child process (activation group) of the \f[CB]rmid\f[R] command when 122 that process is created. 123 For example, you could pass a property to each virtual machine spawned 124 by the activation system daemon: 125 .RS 126 .RS 127 .PP 128 \f[CB]rmid\ \-C\-Dsome.property=value\f[R] 129 .RE 130 .PP 131 This ability to pass command\-line arguments to child processes can be 132 useful for debugging. 133 For example, the following command enables server\-call logging in all 134 child JVMs. 135 .RS 136 .PP 137 \f[CB]rmid\ \-C\-Djava.rmi.server.logCalls=true\f[R] 138 .RE 139 .RE 140 .TP 141 .B \f[CB]\-J\f[R]\f[I]option\f[R] 142 Specifies an option that\[aq]s passed to the Java interpreter running 143 RMID command. 144 For example, to specify that the \f[CB]rmid\f[R] command use a policy file 145 named \f[CB]rmid.policy\f[R], the \f[CB]\-J\f[R] option can be used to 146 define the \f[CB]java.security.policy\f[R] property on the \f[CB]rmid\f[R] 147 command line, for example: 148 .RS 149 .RS 150 .PP 151 \f[CB]rmid\ \-J\-Djava.security.policy\-rmid.policy\f[R] 152 .RE 153 .RE 154 .TP 155 .B \f[CB]\-J\-Dsun.rmi.activation.execPolicy=\f[R]\f[I]policy\f[R] 156 Specifies the policy that the RMID command employs to check commands and 157 command\-line options used to start the JVM in which an activation group 158 runs. 159 This option exists only in Oracle\[aq]s implementation of the Java RMI 160 activation daemon. 161 If this property isn\[aq]t specified on the command line, then the 162 result is the same as though 163 \f[CB]\-J\-Dsun.rmi.activation.execPolicy=default\f[R] were specified. 164 .RS 165 .PP 166 The possible values of \f[I]policy\f[R] can be \f[CB]default\f[R], 167 \f[I]policyClassName\f[R], or \f[CB]none\f[R]. 168 .IP \[bu] 2 169 \f[CB]default\f[R] 170 .RS 2 171 .PP 172 The \f[CB]default\f[R] or unspecified value \f[CB]execPolicy\f[R] allows the 173 \f[CB]rmid\f[R] command to execute commands with specific command\-line 174 options only when the \f[CB]rmid\f[R] command was granted permission to 175 execute those commands and options in the security policy file that the 176 \f[CB]rmid\f[R] command uses. 177 Only the default activation group implementation can be used with the 178 default execution policy. 179 .PP 180 The \f[CB]rmid\f[R] command starts a JVM for an activation group with the 181 information in the group\[aq]s registered activation group descriptor, 182 \f[CB]ActivationGroupDesc\f[R]. 183 The group descriptor specifies an optional 184 \f[CB]ActivationGroupDesc.CommandEnvironment\f[R] that includes the 185 command to execute to start the activation group and any command\-line 186 options to be added to the command line. 187 By default, the \f[CB]rmid\f[R] command uses the \f[CB]java\f[R] command 188 found in \f[CB]java.home\f[R]. 189 The group descriptor also contains properties overrides that are added 190 to the command line as options defined as: 191 \f[CB]\-D\f[R]\f[I]property\f[R]\f[CB]=\f[R]\f[I]value\f[R]. 192 The \f[CB]com.sun.rmi.rmid.ExecPermission\f[R] permission grants the 193 \f[CB]rmid\f[R] command permission to execute a command that\[aq]s 194 specified in the group descriptor\[aq]s \f[CB]CommandEnvironment\f[R] to 195 start an activation group. 196 The \f[CB]com.sun.rmi.rmid.ExecOptionPermission\f[R] permission enables 197 the \f[CB]rmid\f[R] command to use command\-line options, specified as 198 properties overrides in the group descriptor or as options in the 199 \f[CB]CommandEnvironment\f[R] when starting the activation group. 200 When granting the \f[CB]rmid\f[R] command permission to execute various 201 commands and options, the permissions \f[CB]ExecPermission\f[R] and 202 \f[CB]ExecOptionPermission\f[R] must be granted to all code sources. 203 .PP 204 \f[CB]ExecPermission\f[R] class: Represents permission for the 205 \f[CB]rmid\f[R] command to execute a specific command to start an 206 activation group. 207 .PP 208 \f[CB]ExecPermission\f[R] syntax: The name of \f[CB]ExecPermission\f[R] is 209 the path name of a command to grant the \f[CB]rmid\f[R] command permission 210 to execute. 211 .PP 212 A path name that ends in a slash (\f[CB]/\f[R]) and an asterisk 213 (\f[CB]*\f[R]) indicates that all of the files are contained in that 214 directory where the slash is the file\-separator character, 215 \f[CB]File.separatorChar\f[R]. 216 .PP 217 A path name that ends in a slash (\f[CB]/\f[R]) and a minus sign 218 (\f[CB]\-\f[R]) indicates that all files and subdirectories are contained 219 in that directory (recursively). 220 .PP 221 A path name that consists of the special token \f[CB]<<ALL\ FILES>>\f[R] 222 matches any file. 223 .PP 224 A path name that consists of an asterisk (\f[CB]*\f[R]) indicates that all 225 the files are in the current directory. 226 .PP 227 A path name that consists of a minus sign (\f[CB]\-\f[R]) indicates that 228 all the files are in the current directory and (recursively) all files 229 and subdirectories are contained in the current directory. 230 .PP 231 \f[CB]ExecOptionPermission\f[R] class: Represents permission for the 232 \f[CB]rmid\f[R] command to use a specific command\-line option when 233 starting an activation group. 234 The name of \f[CB]ExecOptionPermission\f[R] is the value of a 235 command\-line option. 236 .PP 237 \f[CB]ExecOptionPermission\f[R] syntax: Options support a limited wild 238 card scheme. 239 An asterisk signifies a wild card match, and it can appear as the option 240 name itself (matches any option), or an asterisk (*) can appear at the 241 end of the option name only when the asterisk (\f[CB]*\f[R]) follows a dot 242 (\f[CB]\&.\f[R]) or an equals sign (\f[CB]=\f[R]). 243 .PP 244 For example: \f[CB]*\f[R] or \f[CB]\-Dmydir.*\f[R] or \f[CB]\-Da.b.c=*\f[R] is 245 valid, but \f[CB]*mydir\f[R] or \f[CB]\-Da*b\f[R] or \f[CB]ab*\f[R] isn\[aq]t 246 valid. 247 .PP 248 \f[B]Policy file for rmid\f[R] 249 .PP 250 When you grant the \f[CB]rmid\f[R] command permission to execute various 251 commands and options, the permissions \f[CB]ExecPermission\f[R] and 252 \f[CB]ExecOptionPermission\f[R] must be granted to all code sources 253 (universally). 254 It is safe to grant these permissions universally because only the 255 \f[CB]rmid\f[R] command checks these permissions. 256 .PP 257 An example policy file that grants various execute permissions to the 258 \f[CB]rmid\f[R] command is: 259 .IP \[bu] 2 260 \f[B]Oracle Solaris:\f[R] 261 .RS 2 262 .IP 263 .nf 264 \f[CB] 265 grant\ { 266 \ \ \ \ permission\ com.sun.rmi.rmid.ExecPermission 267 \ \ \ \ \ \ \ \ "/files/apps/java/jdk1.7.0/solaris/bin/java"; 268 269 \ \ \ \ permission\ com.sun.rmi.rmid.ExecPermission 270 \ \ \ \ \ \ \ \ "/files/apps/rmidcmds/*"; 271 272 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 273 \ \ \ \ \ \ \ \ "\-Djava.security.policy=/files/policies/group.policy"; 274 275 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 276 \ \ \ \ \ \ \ \ "\-Djava.security.debug=*"; 277 278 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 279 \ \ \ \ \ \ \ \ "\-Dsun.rmi.*"; 280 }; 281 \f[R] 282 .fi 283 .RE 284 .IP \[bu] 2 285 \f[B]Windows:\f[R] 286 .RS 2 287 .IP 288 .nf 289 \f[CB] 290 grant\ { 291 \ \ \ \ permission\ com.sun.rmi.rmid.ExecPermission 292 \ \ \ \ \ \ \ \ "c:\\\\files\\\\apps\\\\java\\\\jdk1.7.0\\\\win\\\\bin\\\\java"; 293 294 \ \ \ \ permission\ com.sun.rmi.rmid.ExecPermission 295 \ \ \ \ \ \ \ \ "c:\\\\files\\\\apps\\\\rmidcmds\\\\*"; 296 297 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 298 \ \ \ \ \ \ \ \ "\-Djava.security.policy=c:\\\\files\\\\policies\\\\group.policy"; 299 300 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 301 \ \ \ \ \ \ \ \ "\-Djava.security.debug=*"; 302 303 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 304 \ \ \ \ \ \ \ \ "\-Dsun.rmi.*"; 305 }; 306 \f[R] 307 .fi 308 .RE 309 .PP 310 The first permission granted allows the \f[CB]rmid\f[R] command to execute 311 the 1.7.0 release of the \f[CB]java\f[R] command, specified by its 312 explicit path name. 313 By default, the version of the \f[CB]java\f[R] command found in 314 \f[CB]java.home\f[R] is used (the same one that the \f[CB]rmid\f[R] command 315 uses), and doesn\[aq]t need to be specified in the policy file. 316 The second permission allows the \f[CB]rmid\f[R] command to execute any 317 command in either the directory \f[CB]/files/apps/rmidcmds\f[R] (Oracle 318 Solaris, Linux, and macOS) or the directory 319 \f[CB]c:\\files\\apps\\rmidcmds\\\f[R] (Windows). 320 .PP 321 The third permission granted, \f[CB]ExecOptionPermission\f[R], allows the 322 \f[CB]rmid\f[R] command to start an activation group that defines the 323 security policy file to be either \f[CB]/files/policies/group.policy\f[R] 324 (Oracle Solaris) or \f[CB]c:\\files\\policies\\group.policy\f[R] 325 (Windows). 326 The next permission allows the \f[CB]java.security.debug\ property\f[R] to 327 be used by an activation group. 328 The last permission allows any property in the 329 \f[CB]sun.rmi\ property\f[R] name hierarchy to be used by activation 330 groups. 331 .PP 332 To start the \f[CB]rmid\f[R] command with a policy file, the 333 \f[CB]java.security.policy\f[R] property needs to be specified on the 334 \f[CB]rmid\f[R] command line, for example: 335 .PP 336 \f[CB]rmid\ \-J\-Djava.security.policy=rmid.policy\f[R]. 337 .RE 338 .IP \[bu] 2 339 \f[I]policyClassName\f[R] 340 .RS 2 341 .PP 342 If the default behavior isn\[aq]t flexible enough, then an administrator 343 can provide, when starting the \f[CB]rmid\f[R] command, the name of a 344 class whose \f[CB]checkExecCommand\f[R] method is executed to check 345 commands to be executed by the \f[CB]rmid\f[R] command. 346 .PP 347 The \f[CB]policyClassName\f[R] specifies a public class with a public, 348 no\-argument constructor and an implementation of the following 349 \f[CB]checkExecCommand\f[R] method: 350 .IP 351 .nf 352 \f[CB] 353 \ public\ void\ checkExecCommand(ActivationGroupDesc\ desc,\ String[]\ command) 354 \ \ \ \ \ \ \ \ throws\ SecurityException; 355 \f[R] 356 .fi 357 .PP 358 Before starting an activation group, the \f[CB]rmid\f[R] command calls the 359 policy\[aq]s \f[CB]checkExecCommand\f[R] method and passes to it the 360 activation group descriptor and an array that contains the complete 361 command to start the activation group. 362 If the \f[CB]checkExecCommand\f[R] throws a \f[CB]SecurityException\f[R], 363 then the \f[CB]rmid\f[R] command doesn\[aq]t start the activation group 364 and an \f[CB]ActivationException\f[R] is thrown to the caller attempting 365 to activate the object. 366 .RE 367 .IP \[bu] 2 368 \f[CB]none\f[R] 369 .RS 2 370 .PP 371 If the \f[CB]sun.rmi.activation.execPolicy\f[R] property value is 372 \f[CB]none\f[R], then the \f[CB]rmid\f[R] command doesn\[aq]t perform any 373 validation of commands to start activation groups. 374 .RE 375 .RE 376 .TP 377 .B \f[CB]\-log\f[R] \f[I]dir\f[R] 378 Specifies the name of the directory that the activation system daemon 379 uses to write its database and associated information. 380 The log directory defaults to creating a log, in the directory in which 381 the \f[CB]rmid\f[R] command was executed. 382 .RS 383 .RE 384 .TP 385 .B \f[CB]\-port\f[R] \f[I]port\f[R] 386 Specifies the port that the registry uses. 387 The activation system daemon binds \f[CB]ActivationSystem\f[R], with the 388 name \f[CB]java.rmi.activation.ActivationSystem\f[R], in this registry. 389 The \f[CB]ActivationSystem\f[R] on the local machine can be obtained using 390 the following \f[CB]Naming.lookup\f[R] method call: 391 .RS 392 .IP 393 .nf 394 \f[CB] 395 import\ java.rmi.*; 396 import\ java.rmi.activation.*; 397 398 ActivationSystem\ system;\ system\ =\ (ActivationSystem) 399 Naming.lookup("//:port/java.rmi.activation.ActivationSystem"); 400 \f[R] 401 .fi 402 .RE 403 .TP 404 .B \f[CB]\-stop\f[R] 405 Stops the current invocation of the \f[CB]rmid\f[R] command for a port 406 specified by the \f[CB]\-port\f[R] option. 407 If no port is specified, then this option stops the \f[CB]rmid\f[R] 408 invocation running on port 1098. 409 .RS 410 .RE |