United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8023862 : deprecate HTTP proxying from RMI

Details
Type:
Enhancement
Submit Date:
2013-08-27
Status:
Resolved
Updated Date:
2017-03-09
Project Name:
JDK
Resolved Date:
2013-10-24
Component:
core-libs
OS:
Sub-Component:
java.rmi
CPU:
Priority:
P3
Resolution:
Fixed
Affected Versions:
8
Fixed Versions:

Related Reports
Relates:
Relates:
Relates:
Relates:
Relates:
Relates:
Relates:

Sub Tasks

Description
Deprecate the HTTP proxying feature from RMI/JRMP, and disable HTTP proxying by default.

There are two phases of HTTP proxying in RMI/JRMP, each with a client side and a server side component.

1) RMI/JRMP first attempts a direct socket connection. If the direct socket connection fails in certain specific ways,
and if the http proxying properties are set, an attempt is made to make an HTTP connection using the proxy specified
by the httpProxy properties. If connection is successful, the RMI request is then tunneled through the HTTP connection.

2) If the proxied HTTP connection fails, an HTTP connection is attempted using a URL of the form:

    http://hostname/cgi-bin/java-rmi.cgi

and if this connection is successful, the RMI request is then tunneled through that connection.

Both of these phases of HTTP proxying of RMI/JRMP are to be deprecated, including both
client side and server side implementations.

Along with deprecation of this mechanism, they are to be disabled by default.
A system property java.rmi.server.disableHttp exists, whose default value is false. The default
value will be set to true, disabling the HTTP proxying.

This does not deprecate any actual classes or APIs. It will affect a number of documents, including a few places in the specification:

java.rmi.server package doc
java.rmi.server.RMISocketFactory
java.rmi properties (the disableHttp property)
sun.rmi properties (sun.rmi.transport.proxy.* properties)
RMI Specification, section 3.5 (primary), 10.2 and 10.4 (secondary)
RMI FAQ questions C.9 - C.13

                                    

Comments
URL:   http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/808b9ef4f667
User:  lana
Date:  2013-11-05 21:09:17 +0000

                                     
2013-11-05
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/808b9ef4f667
User:  smarks
Date:  2013-10-24 17:14:14 +0000

                                     
2013-10-24
Text for release notes:

The default RMI socket factory will initially attempt a direct socket connection from the client to the server. If this attempt fails, under certain circumstances, the socket factory will attempt to tunnel the RMI request through an HTTP connection, and if that fails, the socket factory will then attempt to tunnel the request through by connecting to an HTTP/CGI URL. The latter two tunneling mechanisms are deprecated and may be removed in a future release. In addition, the tunneling is controlled by a system property java.rmi.server.disableHttp. Its default value is now true, meaning that HTTP tunneling is disabled by default. To re-enable HTTP tunneling, this property must be set to false.
                                     
2013-10-08



Hardware and Software, Engineered to Work Together