-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
10
Blocking regression issue for RMI socket factories that utilize the
SingleOpProtocol
Problem Description
---------------------------------------------------
JavaTM Remote Method Invocation Specification documentation
(https://docs.oracle.com/javase/9/docs/specs/rmi/index.html) describes 3 wire protocols that are supported
StreamProtocol
SingleOpProtocol
MultiplexProtocol
Removal of Proxy support at Java 9, also removed the capability for custom
RMI Socket factories to utilize Single-op protocol, and the RMI connection is
always initiated with MultiplexProtocol. is no longer a RMISocketInfo
interface through which the socket could indicate that it is not reuseable.
Ref Java 9 rel notes:
"core-libs/java.rmi
RMI server-side multiplex protocol has been disabled
The RMI multiplex protocol is disabled by default. It can be re-enabled by
setting the system property "sun.rmi.transport.tcp.enableMultiplexProtocol"
to "true". SeeJDK-8158963"
This doesn't mean that the SingleOpProtocol would be disabled and we strongly
think that it got blocked inadvertently. A client should still be able to use
SingleOpProtocol to be able to connect to the Server through HTTP
Proxies/firewalls etc.
Removal of built-in support for RMI proxying (deprecated in Java 8, removed
in Java 9) is not a problem, but losing the ability to implement RMI socket
factories that utilize the single-op protocol is a regression. If RMI custom
socket factories cannot utilize the single-op protocol, it prevents use of
RMI over half-duplex protocols. Such protocols may be necessary to:
1) Achieve connectivity in environments only allowing connections through
HTTP proxy servers and load-balancers.
2)Leveraging web application Single-Sign-On (SAML 2, OpenID Connect) to
authenticate RMI connections.
Alternatives such as opening firewalls to direct socket connections, or
direct SSL socket connections, will not address these connectivity and
security requirements. Limiting RMI socket factories to the JRMP stream
protocol severely limits their ability to deal with certain network and
security constraints.
SingleOpProtocol
Problem Description
---------------------------------------------------
JavaTM Remote Method Invocation Specification documentation
(https://docs.oracle.com/javase/9/docs/specs/rmi/index.html) describes 3 wire protocols that are supported
StreamProtocol
SingleOpProtocol
MultiplexProtocol
Removal of Proxy support at Java 9, also removed the capability for custom
RMI Socket factories to utilize Single-op protocol, and the RMI connection is
always initiated with MultiplexProtocol. is no longer a RMISocketInfo
interface through which the socket could indicate that it is not reuseable.
Ref Java 9 rel notes:
"core-libs/java.rmi
RMI server-side multiplex protocol has been disabled
The RMI multiplex protocol is disabled by default. It can be re-enabled by
setting the system property "sun.rmi.transport.tcp.enableMultiplexProtocol"
to "true". See
This doesn't mean that the SingleOpProtocol would be disabled and we strongly
think that it got blocked inadvertently. A client should still be able to use
SingleOpProtocol to be able to connect to the Server through HTTP
Proxies/firewalls etc.
Removal of built-in support for RMI proxying (deprecated in Java 8, removed
in Java 9) is not a problem, but losing the ability to implement RMI socket
factories that utilize the single-op protocol is a regression. If RMI custom
socket factories cannot utilize the single-op protocol, it prevents use of
RMI over half-duplex protocols. Such protocols may be necessary to:
1) Achieve connectivity in environments only allowing connections through
HTTP proxy servers and load-balancers.
2)Leveraging web application Single-Sign-On (SAML 2, OpenID Connect) to
authenticate RMI connections.
Alternatives such as opening firewalls to direct socket connections, or
direct SSL socket connections, will not address these connectivity and
security requirements. Limiting RMI socket factories to the JRMP stream
protocol severely limits their ability to deal with certain network and
security constraints.
- relates to
-
-
- Closed
-
-
JDK-8155978 Remove HTTP proxy implementation and tests from RMI (again)
-
- Resolved
-