38.

Service Requirements

In order to partake in a Jini federation, a service must become sufficiently visible. The service needs to find a service locator before it can advertise its services, and as explained in Chapter 3, this can be by unicast to particular locations or by multicast.

Unicast discovery does not need any particular permissions to be set. The discovery can be done without any policy file.

For the multicast case, the service must have DiscoveryPermission for each group that it is trying to join. For all groups, the asterisk (*) wildcard can be used. So, to join all groups, the permission granted should be as follows :

 permission net.jini.discovery.DiscoveryPermission "*"; 

For example, to join the printers and toasters groups, the permission would be this:

 permission net.jini.discovery.DiscoveryPermission,            "printers, toasters"; 

Once this permission is given, the service will make a multicast broadcast on 224.0.1.84. This particular address is used by Jini for broadcasts and should be used in your policy files. Socket permission for these requests and announcements must be given as follows:

 permission java.net.SocketPermission "224.0.1.84", "connect,accept"; permission java.net.SocketPermission "224.0.1.85", "connect,accept"; 

The service may export a UnicastRemoteObject , which will need to communicate back to the server, and so the server will need to listen on a port for these remote object requests. Ports are numbered from 1 to 65,000, and the default constructor will assign a random port (greater than 1,024) for this. If desired, this port may be specified by other constructors. This will require further socket permissions, such as the following, to accept connections on any port above 1024 from the localhost or any computer in the dstc.edu.au domain:

 permission java.net.SocketPermission "localhost:1024-", "connect,accept"; permission java.net.SocketPermission "*.dstc.edu.au:1024-", "connect,accept"; 

The reason Jini uses a port greater than 1024 is because the use of lower port numbers is restricted on Unix systems.

A number of parameters may be set by preferences, such as net.jini.discovery.ttl . It does no harm to allow the Jini system to look for these parameters, and this may be allowed by including code like the following in the policy file:

 permission java.util.PropertyPermission "net.jini.discovery.*", "read"; 

A fairly minimal policy file suitable for a service exporting an RMI object could then be as follows:

 grant {     permission net.jini.discovery.DiscoveryPermission "*";     // multicast request address     permission java.net.SocketPermission "224.0.1.85", "connect,accept";     // multicast announcement address     permission java.net.SocketPermission "224.0.1.84", "connect,accept";     // RMI connections     permission java.net.SocketPermission "*.canberra.edu.au:1024-",                                           "connect,accept";     permission java.net.SocketPermission "130.102.176.249:1024-", "connect,accept";     permission java.net.SocketPermission "127.0.0.1:1024-", "connect,accept";     // reading parameters     // like net.jini.discovery.debug!     permission java.util.PropertyPermission "net.jini.discovery.*", "read"; };