Java安全log4j漏洞前置知识RMI
RMI是什么
RMI远程方法调用,允许运行在一个java虚拟机上的对象调用运行另外一个远程java虚拟机上的对象的方法,
RMI的使用
下面以一个示例进行演示:
hello 代码
import java.rmi.Remote;import java.rmi.RemoteException;public interface Hello extends Remote {public String welcome(String name) throws RemoteException;}
HelloImpl代码
import java.rmi.RemoteException;import java.rmi.server.UnicastRemoteObject;public class HelloImpl extends UnicastRemoteObject implements Hello{public HelloImpl() throws RemoteException {}public String welcome(String name) throws RemoteException {return "Hello, " + name;}}
Server代码(192.168.177.150):
1.本次测试 server代码部分放在(192.168.177.150) Server的作用开启RMI服务
import java.rmi.RemoteException;import java.rmi.registry.LocateRegistry;import java.rmi.registry.Registry;public class Server {public Server() {}public static void main(String[] args) throws RemoteException {// 创建对象Hello hello = new HelloImpl();// 创建注册表 创建rmi映射表Registry registry = LocateRegistry.createRegistry(10999);//绑定对象到注册表,并给他取名为helloregistry.rebind("hello", hello);System.out.println("创建服务端成功!");}}
Client代码(192.168.177.152)
1.在客户端进行远程调用
2.尝试调用远程的hello
3.为了方便测试可以放在同一台机器上 (在client代码种把192.168.177.150改为localhost即可)
import java.rmi.NotBoundException;import java.rmi.RemoteException;import java.rmi.registry.LocateRegistry;import java.rmi.registry.Registry;public class Client {public Client() {}public static void main(String[] args) throws RemoteException, NotBoundException {//获取到注册表的代理 要求必须与服务器端对等的Remote子接口保持一致,即有相同的接口名称、包路径和方法列表等Registry registry = LocateRegistry.getRegistry("192.168.177.150", 10999);// 利用注册表的代理去查询远程注册表中名为hello的对象Hello hello = (Hello)registry.lookup("hello");// 调用远程方法System.out.println(hello.welcome("tridentj"));}}
源码下载
链接:https://pan.baidu.com/s/1b1F2OsqqwPmsyKmt-bF3RA 提取码:1234
视频演示