发表新帖
发表新帖

How to organize RMI Client-Server architecture

前端 未结
关注
2 1696
名媛妹妹
名媛妹妹 2020-12-01 23:11

I am developing a secured Banking service in RMI with a GUI both for Server and Client.

The Server must be able to log every operations (new User, deleted User, With

相关标签:
2条回答
  • 天命终不由人
    2020-12-01 23:40

    You are misunderstanding how Remote interfaces work. the client does not have the Bank, it only has a reference to a remote instance of a Bank. all the method calls made by the client on the Bank interface are actually turned into remote calls against the remote instance of the Bank (running in the server).

    presumably, the security checking is done inside the Bank methods on every method call.

    0 讨论(0)
  • 野性不改
    2020-12-01 23:51

    You need two remote object classes.

    The first one is obtained via Naming.lookup(); it is a singleton; and it contains a login() method.

    This method returns the second remote object, which is not a singleton, not registered in the Registry, and is created anew for every return value. This object contains all the banking methods and also a logout() method, which unexports it; it probably also implements the Unreferenced interface so it can detect a dead client, and unexport itself. Because it exists once per client, it can hold client state, and because it can only be obtained by a successful login step it solves your security problem.

    public interface Login extends Remote
{
    Session login(String username, char[] password /* or whatever */)
        throws LoginException, RemoteException;
}

public interface Session extends Remote
{
    void logout() throws RemoteException;
    void deposit(...) throws RemoteException;
    void withdraw(...) throws RemoteException;
}

public class LoginImpl extends UnicastRemoteObject implements Login
{
    public Session login(String username, char[] password)
        throws LoginException, RemoteException
    {
        // username/password check; if it fails throw a LoginException
        return new SessionImpl(username); // or whatever
    }
}

public class SessionImpl extends UnicastRemoteObject implements Session, Unreferenced
{
    public void logout() throws RemoteException
    {
        unexportObject(this, true);
    }

    public void unreferenced()
    {
        unexportObject(this, true); // needs to be in a try/catch block of course
    }

    // etc
}

    I described this as the Remote Session pattern in my book in 2001.

    Of course you also need transport layer security: see javax.rmi.ssl.

    0 讨论(0)
 看不清?
提交回复
热议问题