|
|
|
Introduction |
|
Internetworking |
|
Internet Addresses (and resolving them in Java) |
|
Introduction to Distributed Programming |
|
Distributed Programming Techniques |
|
Distributed Programming Support in Java |
|
Overview of Java Security |
|
|
|
|
|
|
A distributed systems consists of a collection
of computers linked together by a network |
|
|
|
|
|
Distributed system software enables computers to
coordinate activities and share resources (software, hardware, data) |
|
|
|
|
|
Network: a set of computers and peripherals
(printers, modems, etc.) connected together by a medium. (direct or
indirect connection). |
|
Devices communicate with one another through a
protocol |
|
A Protocol is a language or set of rules |
|
Network architecture: |
|
Devices in same room or building (LAN) vs. WAN |
|
|
|
|
|
A protocol: a set of rules that two or more
computers must follow to exchange messages |
|
The key communication protocol is Internet
Protocol (IP) |
|
Messages travel in packets (or datagrams) |
|
Later on we will discuss |
|
TCP (Transmission Control protocol) |
|
UDP (User Datagram Protocol) |
|
|
|
|
A protocol stack with seven layer |
|
|
|
|
|
|
To make datagram delivery possible, each
computer on the net is assigned a unique address |
|
This address could be symbolic (e.g. www.yahoo.com)
or numeric IP (216.32.74.50) |
|
IP
addresses are 32-bit numeric identifiers containing network and host
identifiers |
|
The identifiers uniquely identify the network
and a host on that network |
|
|
|
|
|
|
Translation from symbolic names to IP addresses
is done through a naming service (DNS) |
|
IP addresses are used when a host is sending
packets to other hosts on same (or other) network |
|
The process of locating networks and hosts and
delivering packets to them is called routing |
|
While data is being routed, it may get lost
between networks (the transport protocol is responsible for verification |
|
|
|
|
Five classes of Internet addresses: A, B, C, D,
E |
|
|
|
A |
|
B |
|
C |
|
D |
|
E |
|
|
|
|
|
|
Different classes meet the requirements of
different organizations |
|
Class A for large networks (>65,536 hosts) |
|
Class B for med-size networks
(256<size<65,536) |
|
Class C for networks with up to 256 hosts |
|
Class D is used for multicasts |
|
Class E for future use |
|
|
|
|
|
The java.net.InetAddress class |
|
|
|
|
|
Examples |
|
Reference: (page 28 – 30) from the book |
|
|
|
|
|
Client/Server Model |
|
One program communicates with another program to
exchange information |
|
Both programs speak the same language (protocol) |
|
|
|
Object-based Model |
|
A collection of objects that isolates the
requesters of services (clients) from providers (servers) by interface |
|
|
|
|
|
Sockets |
|
Message destinations are specified as socket
addresses |
|
Messages queued at sending/receiving sockets |
|
Remote Procedure Calls |
|
|
|
|
|
|
|
This figure tries to compare RPC to Agents |
|
|
|
|
|
|
|
|
|
|
Multiuser applications |
|
Resource sharing |
|
Scalability |
|
Efficiency |
|
Fault tolerance and availability |
|
Transparency |
|
|
|
|
Multiple failure modes |
|
Security issues |
|
Use of multiple technologies |
|
Testing and debugging |
|
|
|
|
Sockets |
|
RMI |
|
JavaIDL |
|
JavaSpaces |
|
Jini |
|
|
|
|
|
|
|
The Java security model is composed of three
layers: |
|
The Java language itself |
|
The Java compiler and run-time system |
|
The SecurityManager class |
|
|
|
The three layers provide a restricted
environment known as the “sandbox” |
|
|
|
|
|
|
|
The compiler and runtime system provide a simple
secure execution environment that consists of three sublayers: |
|
|
|
The bytecode interpreter and class format
verifier |
|
A mechanism for loading and checking libraries
at runtime |
|
Automated Garbage Collection |
|
|
|
|
|
|
|
The built-in Java safety features ensures that
the Java system is not subverted by invalid code. |
|
It is not able to protect against malicious code |
|
File f = new File(“path to a sensitive file”); |
|
if (f.delete() == true) { |
|
System.out.println(“file has been deleted”); |
|
} else { |
|
System.out.println(“operation is not allowed”); |
|
} |
|
|
|
|
|
The SecurityManager class (in java.lang)
provides the necessary mechanism for creating a security policy that
defines tasks that an application can and cannot do: |
|
class MySecurityManager extends SecurityManager
{ |
|
private boolean checkDelete
= true; |
|
public void checkDelete(String file) { |
|
if (checkDelete) { |
|
throw new SecurityException(“not allowed”); |
|
} |
|
} |
|
} |
|
|
|
|
|
|
|
How does the Java interpreter’s SecurityManager
actually work? |
|
|
|
public boolean XX(Type arg1) { |
|
SecurityManager sm = System.getSecurityManager(); |
|
if(security != null) { |
|
security.checkXX(arg1); |
|
} |
|
} |
|
|
|
|
A restricted environment in which to run
untrusted code (applets). |
|
JDK1.0 Security Model |
|
|
|
|
|
|
JDK1.1 has introduced the concept of signed
applets. A correctly signed applet is treated as trusted local code. |
|
|
|
|
|
|
In JDK1.1, local and signed code enjoy full
access to the system, but not remote. |
|
This has changed in JDK1.2. All code will get
access to system resources based on a policy file. |
|
If a security manager is not loaded then there
is no need for a security policy |
|
If you load a security manager, you must create
a security policy |
|
|
|
|
Example |
|
grant { |
|
Permission java.io.FilePermission “some path-”, “read”; |
|
Permission java.net.SocketPermission “some port”, “connect, accept”; |
|
} ; |
|
More on security policies later in the course…. |
|
|
|
|
Client-Server Computing |
|
What are Sockets |
|
Sockets Programming in Java |
|
Programming Examples |
|
|
|
|
|
Simple idea: |
|
Some hosts (clients, typically desk top
computers) are specialized to interact with users: |
|
Gather input from users |
|
Present information to users |
|
Other hosts (servers) are specialized to manage
large data, process that data |
|
The Web is a good example: Client (Browser)
& Server (HTTP server) |
|
|
|
|
|
|
1-tier: single program |
|
2-tier: client/server (e.g. the Web) |
|
3-tier: application logic and databases on
different servers (e.g. the Web with CGI and databases) |
|
|
|
|
Two related processes on a single machine may
communicate through a pipe |
|
|
|
|
|
|
|
|
|
|
|
A pipe is a pseudo-file that can be used to
connect two processes together |
|
|
|
|
|
|
Two UNRELATED processes may communicate through
files (process A write to a file and process B reads from it) |
|
|
|
But HOW two processes located on two different
machines communicate? Solution: Berkeley sockets. |
|
|
|
|
|
A socket is an end point of a connection |
|
Or: the interface between user and network |
|
Two sockets must be connected before they can be
used to transfer data (case of TCP) |
|
A number of connections to choose from: |
|
TCP, UDP, Multicast |
|
Types of Sockets |
|
SOCK_STREAM, SOCK_DGRAM, SOCK_RAW |
|
|
|
|
|
|
|
Message destinations are specified as socket
adresses |
|
Each socket address is a communication
identifier: |
|
Internet address |
|
Port number |
|
The port number is an integer that is needed to
distinguish between services running on the same machine |
|
Port numbers between 0 .. 1023 are reserved |
|
|
|
|
|
TCP -- Transmission Control Protocol |
|
UDP -- User Datagram Protocol |
|
What should I use? |
|
TCP is a reliable protocol, UDP is not |
|
TCP is connection-oriented, UDP is connectionless |
|
TCP incurs overheads, UDP incurs fewer overheads |
|
UDP has a size limit of 64k, in TCP no limit |
|
|
|
|
|
|
Sequence of steps normally taken to set up
socket communication and exchange data between C/S |
|
|
|
|
|
|
|
|
Streams |
|
The basic of all I/O in Java is the data stream |
|
A pipeline of data |
|
put info into the pipeline (write) and get it
(read) |
|
Programming with Sockets (TCP) |
|
Opening a Socket |
|
Creating a data input stream |
|
Creating a data output stream |
|
Closing the socket(s) |
|
|
|
|
|
|
|
Client-side: |
|
|
|
Socket myClient = null; |
|
try { |
|
MyClient = new Socket(“host”, PotNumber); |
|
} catch
(UnknownHostException uhe) { |
|
uhe.printStackTrace(); |
|
} |
|
“host” can be symbolic name or IP address |
|
|
|
|
Server-side |
|
ServerSocket
myService = null; |
|
try { |
|
myService = new ServerSocket(portNumber); |
|
}
catch (UnknownHostException uhe) { |
|
uhe.printStackTrace(); |
|
} |
|
Socket serviceSocket; |
|
serviceSocket = myService.accept(); |
|
|
|
|
|
|
Client-side: |
|
|
|
BufferedReader is = null; |
|
try { |
|
is = new BufferedReader(new |
|
InputStreamReader(myClient.getInputStream())); |
|
}
catch (IOException ioe) { |
|
ioe.printStackTrace(); |
|
} |
|
|
|
|
|
|
Server-side: |
|
BufferedReader is = null; |
|
try { |
|
is = new BufferedReader(new |
|
InputStreamReader(serviceClient.getInputStream())); |
|
}
catch(IOException ioe) { |
|
ioe.printStackTrace(); |
|
} |
|
|
|
|
|
|
Client-side: |
|
DataOutputStream os = null; |
|
try { |
|
os = new |
|
DataOutputStream(myClient.getOutputStream()); |
|
}
catch (IOException e) { |
|
e.printStrackTrace(); |
|
} |
|
|
|
|
|
|
Server-side: |
|
DataOutputStream os = null; |
|
try { |
|
os = new |
|
DataOutputStream(serviceClient.getOutputStream()); |
|
}
catch(IOException e) { |
|
e.printStackTrace(); |
|
} |
|
|
|
|
|
|
Client-side: |
|
try { |
|
os.close(); |
|
is.close(); |
|
myClient.close(); |
|
}
catch(IOException e) { |
|
e.printStrackTrace(); |
|
} |
|
|
|
|
|
|
Server-side: |
|
try { |
|
os.close(); |
|
is.close(); |
|
serviceSocket.close(); |
|
myService.close(); |
|
}
catch(IOException e) { |
|
e.printStackTrace(); |
|
} |
|
|
|
|
|
|
|
Clients: |
|
SMTP client |
|
Echo client |
|
Time Client |
|
Clients/Servers: |
|
HiClient, HiServer |
|
MathClient, MathServer |
|