Due to the RSA patent and US government export restrictions, this example should probably be rewritten to use the Diffie-Hellman key exchange protocol and a symmetric key encryption algorithm. See dh.html for some Diffie-Hellman/Java-RMI experiments.
For each client connection, the server generates a random RSA key pair, makes the public key available to the client, and starts up login and "service" servers with RMI names based on the hex representation of the public key. The login server has a copy of the RSA private key which it uses to decrypt the login message from the client.
A possible problem is that, after authentication, the RMI server address could be used by other non-authenticated clients. To avoid this, the initial client sends a randomly generated 20-byte SecureRandom seed encrypted along with the login username:password string. Each client request for service then includes a sequence number generated from the Sequence interface to SecureRandom; the server verifies the sequence number on each service call. Since the client and server SecureRandom sequence generators must always be synchronized, this approach will not work if the client makes multithreaded calls in non-deterministic order.
In this example, the main client is in AddClient.java which uses the services of KeyClient.java to set up the connection with the Login and Add servers. The Add server just performs addition of two integers. The service, "AddServer", is specified as a string to the Key client and server; KeyServer.java uses the reflection API to instantiate the service class.
Some functions may need to be `synchronized' to handle multi-threaded abuse.
example.script - sample runs
Source files: