RMI Security Manager

• During serialization of an object, the fields and methods are encoded by the protocol and transmitted as data. For the object to be used on the remote side, the class loader must be called to load the code for the methods of that object. Any java program that calls the class loader must have a security manager to check the classes for the security policy of that application.

  • For example, a security manager must make sure that any calls initiated by a remote client will not perform any “sensitive” operations, such as loading local classes.

• RMISecurityManager is the default for RMI - you can write your own security manager.

Previous slide

Next slide

Back to first slide

View graphic version