Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8202602

Removal of RMI HTTP proxy implementation causing issue

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Not an Issue
    • Affects Version/s: 10
    • Fix Version/s: None
    • Component/s: core-libs
    • Labels:

      Description

      Blocking regression issue for RMI socket factories that utilize the
      SingleOpProtocol

      Problem Description
      ---------------------------------------------------
      JavaTM Remote Method Invocation Specification documentation
      (https://docs.oracle.com/javase/9/docs/specs/rmi/index.html) describes 3 wire protocols that are supported
         StreamProtocol
         SingleOpProtocol
         MultiplexProtocol

      Removal of Proxy support at Java 9, also removed the capability for custom
      RMI Socket factories to utilize Single-op protocol, and the RMI connection is
      always initiated with MultiplexProtocol. is no longer a RMISocketInfo
      interface through which the socket could indicate that it is not reuseable.

      Ref Java 9 rel notes:
      "core-libs/java.rmi
      RMI server-side multiplex protocol has been disabled
      The RMI multiplex protocol is disabled by default. It can be re-enabled by
      setting the system property "sun.rmi.transport.tcp.enableMultiplexProtocol"
      to "true". See JDK-8158963"

      This doesn't mean that the SingleOpProtocol would be disabled and we strongly
      think that it got blocked inadvertently. A client should still be able to use
      SingleOpProtocol to be able to connect to the Server through HTTP
      Proxies/firewalls etc.

      Removal of built-in support for RMI proxying (deprecated in Java 8, removed
      in Java 9) is not a problem, but losing the ability to implement RMI socket
      factories that utilize the single-op protocol is a regression. If RMI custom
      socket factories cannot utilize the single-op protocol, it prevents use of
      RMI over half-duplex protocols. Such protocols may be necessary to:
      1) Achieve connectivity in environments only allowing connections through
      HTTP proxy servers and load-balancers.
      2)Leveraging web application Single-Sign-On (SAML 2, OpenID Connect) to
      authenticate RMI connections.

      Alternatives such as opening firewalls to direct socket connections, or
      direct SSL socket connections, will not address these connectivity and
      security requirements. Limiting RMI socket factories to the JRMP stream
      protocol severely limits their ability to deal with certain network and
      security constraints.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rriggs Roger Riggs
                Reporter:
                shadowbug Shadow Bug
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: