Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8202602

Removal of RMI HTTP proxy implementation causing issue


    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Not an Issue
    • Affects Version/s: 10
    • Fix Version/s: None
    • Component/s: core-libs
    • Labels:


      Blocking regression issue for RMI socket factories that utilize the

      Problem Description
      JavaTM Remote Method Invocation Specification documentation
      (https://docs.oracle.com/javase/9/docs/specs/rmi/index.html) describes 3 wire protocols that are supported

      Removal of Proxy support at Java 9, also removed the capability for custom
      RMI Socket factories to utilize Single-op protocol, and the RMI connection is
      always initiated with MultiplexProtocol. is no longer a RMISocketInfo
      interface through which the socket could indicate that it is not reuseable.

      Ref Java 9 rel notes:
      RMI server-side multiplex protocol has been disabled
      The RMI multiplex protocol is disabled by default. It can be re-enabled by
      setting the system property "sun.rmi.transport.tcp.enableMultiplexProtocol"
      to "true". See JDK-8158963"

      This doesn't mean that the SingleOpProtocol would be disabled and we strongly
      think that it got blocked inadvertently. A client should still be able to use
      SingleOpProtocol to be able to connect to the Server through HTTP
      Proxies/firewalls etc.

      Removal of built-in support for RMI proxying (deprecated in Java 8, removed
      in Java 9) is not a problem, but losing the ability to implement RMI socket
      factories that utilize the single-op protocol is a regression. If RMI custom
      socket factories cannot utilize the single-op protocol, it prevents use of
      RMI over half-duplex protocols. Such protocols may be necessary to:
      1) Achieve connectivity in environments only allowing connections through
      HTTP proxy servers and load-balancers.
      2)Leveraging web application Single-Sign-On (SAML 2, OpenID Connect) to
      authenticate RMI connections.

      Alternatives such as opening firewalls to direct socket connections, or
      direct SSL socket connections, will not address these connectivity and
      security requirements. Limiting RMI socket factories to the JRMP stream
      protocol severely limits their ability to deal with certain network and
      security constraints.


          Issue Links



              • Assignee:
                rriggs Roger Riggs
                shadowbug Shadow Bug
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: