JDK-4476239 : (fmspec) Clarification needed on HTTP-tunelling info
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.rmi
  • Affected Version: 1.3_01
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_7
  • CPU: sparc
  • Submitted: 2001-06-29
  • Updated: 2003-12-19
  • Resolved: 2003-12-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
5.0 betaFixed
Related Reports
Relates :  
Description
It would really help customers if the jdk 1.3 RMI specification is clarified
further about HTTP tunnelling and how RMI works in conjunction with
firewalls:
	http://java.sun.com/j2se/1.3/docs/guide/rmi/spec/rmi-arch6.html

The following info from the RMI specification needs updating:
> 3.5.3 Configuring the Client 
>
>    There is no special configuration necessary to enable the client to send 
>    RMI calls through a firewall.
>
>    The client can, however, disable the packaging of RMI calls as HTTP
>    requests by setting the java.rmi.server.disableHttp property to equal 
>    the boolean value true.

Please add info that for HTTP-tunneling to work one needs to use a HTTP proxy.
Also we need to mention that one needs to set HTTP proxy host and HTTP proxy
port properties explicitly, to the client VM to indicate existence of the 
local HTTP proxy (and the proxy's port). It does not hurt to give an
example and mention the exact HTTP proxy property names,
  $ java -Dhttp.proxyHost=webcache.ebay -Dhttp.proxyPort=8080 .... RMIclient

Please state whether -Dhttp.proxySet=yes must also be specified. It would 
immensely help to list all the relevant properties with their default values, 
and state their purpose, in a tabular fashion.

Please state that there is no way to avoid the direct TCP connection attempt.  
That is, even if user knows there's a firewall that will deny the direct 
connection, and client is started with -Dhttp.proxyHost and -Dhttp.proxyPort, 
the direct connection is still attempted, and only when it times out is the HTTP 
tunneling attempted.

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: generic FIXED IN: tiger-beta INTEGRATED IN: tiger-beta
14-06-2004

PUBLIC COMMENTS It would really help customers if the jdk 1.3 RMI specification is clarified further about HTTP tunnelling and how RMI works in conjunction with firewalls: http://java.sun.com/j2se/1.3/docs/guide/rmi/spec/rmi-arch6.html The following info from the RMI specification needs updating: > 3.5.3 Configuring the Client > > There is no special configuration necessary to enable the client to send > RMI calls through a firewall. > > The client can, however, disable the packaging of RMI calls as HTTP > requests by setting the java.rmi.server.disableHttp property to equal > the boolean value true. Please add info that for HTTP-tunneling to work one needs to use a HTTP proxy. Also we need to mention that one needs to set HTTP proxy host and HTTP proxy port properties explicitly, to the client VM to indicate existence of the local HTTP proxy (and the proxy's port). It does not hurt to give an example and mention the exact HTTP proxy property names, $ java -Dhttp.proxyHost=webcache.ebay -Dhttp.proxyPort=8080 .... RMIclient Please state whether -Dhttp.proxySet=yes must also be specified. It would immensely help to list all the relevant properties with their default values, and state their purpose, in a tabular fashion. Please state that there is no way to avoid the direct TCP connection attempt. That is, even if user knows there's a firewall that will deny the direct connection, and client is started with -Dhttp.proxyHost and -Dhttp.proxyPort, the direct connection is still attempted, and only when it times out is the HTTP tunneling attempted.
10-06-2004

EVALUATION The section on HTTP tunnelling should be updated for tiger. ###@###.### 2002-07-16
16-07-2002