RMI - Design of the application

Hello,

i have created a Server-Client application with RMI. But there are many questions:

I want, that only clients could connect to the server who have authenticate at the server. By this reason i only bind the Login-Method at the registry. In the Login-Method i check the Name and Password. If the Login is OK then i return a reference of the "secure" methods.

Thats my code, how i try this (only the important parts):

This is the class with the methods i want protect:

publicclass MySaveMethodsImplextends java.rmi.server.UnicastRemoteObjectimplements MySaveMethods, Serializable{

public String sayHello(){

return"Hello, world!";

}

}

The interface to the class:

publicinterface MySaveMethodsextends Remote{

String sayHello()throws RemoteException;

}

This is the Login-class:

publicclass RemoteLoginImplextends java.rmi.server.UnicastRemoteObject

implements RemoteLogin, Serializable{

public MySaveMethodsImpl login(String Kennwort躡ergeben)

throws RemoteException{

MySaveMethodsImpl sm =null;

if (KennwortAmServer == Kennwort躡ergeben){

//Instanz der gesch黷zen Methoden zur點kgeben

sm =new MySaveMethodsImpl();

}

return sm;

}

}

The Login-Interface:

publicinterface RemoteLoginextends Remote

{

MySaveMethods login(String Kennwort躡ergeben)throws RemoteException;

}

This is the server, which only bind the Login-class at the registry:

publicclass Server{

public Server(){

try{

System.setSecurityManager(new RMISecurityManager());

//Registry starten und Objekt an Registry binden

RemoteLogin rl =new RemoteLoginImpl();

Registry registry = LocateRegistry.createRegistry(1099);

registry.bind("RemoteLoginService", rl);

System.err.println("Server ready");

}catch (Exception e){

System.err.println("Server exception: " + e.toString());

e.printStackTrace();

}

}

}

This is the client:

publicclass Clientimplements RemoteLogin{

publicstaticvoid main(String[] args){

try{

System.setSecurityManager(new RMISecurityManager());

Registry registry = LocateRegistry.getRegistry("192.168.0.2");

RemoteLogin stub =null;

stub = (RemoteLogin) registry.lookup("RemoteLoginService");

MySaveMethods server = stub.login("kennwort");

if (server !=null){

//Login am Server erfolgreich

server.sayHello();

}

}

I hope, i posted all the important parts of the code:)

Now the questions:

Can i be safe as houses, that the "secure" methods could only be called from clients who have logged in successfully. Or are there perhabs a posibility that the client could "create" a reference and call the secure methods. Or should i implement in every "secure" method a query, if the server knows the client? I hope you understand the problematic i have:)

More questions:

If the client has logged in successfully, i return a reference of the "secure" methods. When the "return sm" at the server has performed, does the server keep also the reference (i don磘 think so)? Or is the reference only at the client?

How can i detect at the server, which clients lost the connections and which still connected?

Questions about questions... Where can i find tutorials or more infos about such questions? Is there a very good book which everyone should read after a rudimental "RMI-Server-CLient application is standing"?

Best regards

cu

George

[6143 byte] By [soroscha] at [2007-11-27 8:31:05]