JDK-8202602 : Removal of RMI HTTP proxy implementation causing issue
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.rmi
  • Affected Version: 10
  • Priority: P3
  • Status: Closed
  • Resolution: Not an Issue
  • Submitted: 2018-05-03
  • Updated: 2018-05-30
  • Resolved: 2018-05-23
Related Reports
Relates :  
JDK-8188252 - RMI is restricted to reusable sockets as of Java 9
Relates :  
JDK-8155978 - Remove HTTP proxy implementation and tests from RMI (again)
Description
Blocking regression issue for RMI socket factories that utilize the
SingleOpProtocol

Problem Description
---------------------------------------------------
JavaTM Remote Method Invocation Specification documentation
(https://docs.oracle.com/javase/9/docs/specs/rmi/index.html) describes 3 wire protocols that are supported
   StreamProtocol
   SingleOpProtocol
   MultiplexProtocol

Removal of Proxy support at Java 9, also removed the capability for custom
RMI Socket factories to utilize Single-op protocol, and the RMI connection is
always initiated with MultiplexProtocol. is no longer a RMISocketInfo
interface through which the socket could indicate that it is not reuseable.

Ref Java 9 rel notes:
"core-libs/java.rmi
RMI server-side multiplex protocol has been disabled
The RMI multiplex protocol is disabled by default. It can be re-enabled by
setting the system property "sun.rmi.transport.tcp.enableMultiplexProtocol"
to "true". See JDK-8158963"

This doesn't mean that the SingleOpProtocol would be disabled and we strongly
think that it got blocked inadvertently. A client should still be able to use
SingleOpProtocol to be able to connect to the Server through HTTP
Proxies/firewalls etc.

Removal of built-in support for RMI proxying (deprecated in Java 8, removed
in Java 9) is not a problem, but losing the ability to implement RMI socket
factories that utilize the single-op protocol is a regression.  If RMI custom
socket factories cannot utilize the single-op protocol, it prevents use of
RMI over half-duplex protocols. Such protocols may be necessary to:
1) Achieve connectivity in environments only allowing connections through
HTTP proxy servers and load-balancers.
2)Leveraging web application Single-Sign-On (SAML 2, OpenID Connect) to
authenticate RMI connections.

Alternatives such as opening firewalls to direct socket connections, or
direct SSL socket connections, will not address these connectivity and
security requirements.  Limiting RMI socket factories to the JRMP stream
protocol severely limits their ability to deal with certain network and
security constraints.
Comments
Closing this issue out. The functionality referred to was removed in JDK 9. JDK 8u still has this functionality.
23-05-2018
There are no plans to put back the RMI HTTP proxy implementation which was deprecated in JDK 8 and removed in JDK 9. The RMI specification docs do need correction for JDK 9 and later. Thanks for the pointer. The support will remain in JDK 8 Updates for the foreseeable future. RMISocketInfo itself belongs to an internal sun.rmi.transport.proxy package which was removed in JDK 9. Regards other options, this has also been raised in other forums. For example, see https://stackoverflow.com/questions/47362298/is-there-any-replacement-for-http-tunneling-with-rmi-in-java-9 Other commercially supported RMI proxying products may also be available. If submitter can't stay on JDK 8, then they'll need to weigh up options and implement alternative solutions.
08-05-2018
I think this release note from JDK 9 is more relevant to this issue : http://www.oracle.com/technetwork/java/javase/9-removed-features-3745614.html#JDK-8066750 core-libs/java.rmi Remove HTTP proxying from RMI The mechanism of proxying RMI requests through HTTP, which was deprecated in Java SE 8, has been removed in Java SE 9. This mechanism used a web CGI script called java-rmi.cgi. This script has also been removed. The default mechanism for transmitting RMI requests is now simply a direct socket connection. See JDK-8066750 / JDK-8155978
04-05-2018