开发者

Client socket factory in RMI exportObject?

开发者 https://www.devze.com 2023-03-11 12:49 出处:网络
If you want to use custom sockets for RMI (e.g. using SSL), in UnicastRemoteObject.exportObject(4) you need to specify a client 开发者_Go百科socket factory as well as a server socket factory. But the
相关专题:rmiserversocketsocketfactoryssl

If you want to use custom sockets for RMI (e.g. using SSL), in UnicastRemoteObject.exportObject(4) you need to specify a client 开发者_Go百科socket factory as well as a server socket factory. But the exporting of objects is done on the server side. Why is the client socket factory necessary?

Unless...it's serialized and used by client wanting to acquire a connection to that object? I find that unlikely (though it may be the answer); (SSL) Socket factories don't sound like classic examples of serializable objects to me, with keystores being local, and things like that.

Yes, just like you said already in the question:

An RMIClientSocketFactory must be serializable, and will be serialized to the client other side, when used with exportObject or UnicastRemoteObject's constructor.

This means that it must not contain (non-transient) references to objects which are non-serializable, only the necessary information to create a socket on the fly.

(I recently posted an example for a RMISocketFactory, where I needed to take care to be serializable.)

Edit (after the comment from EJP):

Of course, this only applies if you need to use a client socket factory at all. In many circumstances, you simply can use the other exportObject methods (or other constructors), which then use the default server socket factory on the server side, and the default client socket factory at the client side, without serializing anything.

And yes, there is no point of serializing the server's trust store to the client - if the client has to trust the registry or other remote objects for which certificates to accept, we have the point for a man-in-the-middle attack. Thus SslRMIClientSocketFactory, while being Serializable, does not serialize the server's SSL context, but simply uses the client VM's SSL settings.

In UnicastRemoteObject.exportObject(...) you need to specify a client socket factory as well as a server socket factory (if you're using custom sockets at all, of course).

Only if you use that overload of exportObject(), and even then you can supply a null. There is another overload where you only have to specify the port number.

Why is that?

It isn't.

The exporting of objects is done on the server side.

Correct.

Why is the client socket factory necessary?

It isn't.

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9