8023862: deprecate HTTP proxying from RMI

Reviewed-by: mchung
2026-05-23 20:07:58 +00:00 · 2013-10-24 10:13:39 -07:00 · 2013-10-24 10:13:39 -07:00 · 2e342ed968
commit 2e342ed968
parent 5db9cc7bed
4 changed files with 90 additions and 10 deletions
--- a/jdk/src/share/classes/java/rmi/server/RMISocketFactory.java
+++ b/jdk/src/share/classes/java/rmi/server/RMISocketFactory.java
@ -41,7 +41,15 @@ import java.net.*;
 * (due to a firewall), the runtime uses HTTP with the explicit port
 * number of the server.  If the firewall does not allow this type of
 * communication, then HTTP to a cgi-bin script on the server is used
- * to POST the RMI call.
+ * to POST the RMI call. The HTTP tunneling mechanisms are disabled by
+ * default. This behavior is controlled by the {@code java.rmi.server.disableHttp}
+ * property, whose default value is {@code true}. Setting this property's
+ * value to {@code false} will enable the HTTP tunneling mechanisms.
+ *
+ * <p><strong>Deprecated: HTTP Tunneling.</strong> <em>The HTTP tunneling mechanisms
+ * described above, specifically HTTP with an explicit port and HTTP to a
+ * cgi-bin script, are deprecated. These HTTP tunneling mechanisms are
+ * subject to removal in a future release of the platform.</em>
 *
 * <p>The default socket factory implementation creates server sockets that
 * are bound to the wildcard address, which accepts requests from all network
--- a/jdk/src/share/classes/java/rmi/server/package.html
+++ b/jdk/src/share/classes/java/rmi/server/package.html
@ -1,5 +1,5 @@
 <!--
- Copyright (c) 1998, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
 DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 This code is free software; you can redistribute it and/or modify it
@ -32,6 +32,10 @@ side of RMI.  A group of classes are used by the stubs and skeletons
 generated by the rmic stub compiler.  Another group of classes
 implements the RMI Transport protocol and HTTP tunneling.

+<p><strong>Deprecated: HTTP Tunneling.</strong> <em>The HTTP tunneling
+mechanism has been deprecated. See {@link java.rmi.server.RMISocketFactory} for
+further information.</em>
+
 <!--
 <h2>Package Specification</h2>

--- a/jdk/src/share/classes/sun/rmi/transport/proxy/RMIMasterSocketFactory.java
+++ b/jdk/src/share/classes/sun/rmi/transport/proxy/RMIMasterSocketFactory.java
@ -34,6 +34,7 @@ import sun.rmi.runtime.Log;
 import sun.rmi.runtime.NewThreadAction;
 import sun.security.action.GetBooleanAction;
 import sun.security.action.GetLongAction;
+import sun.security.action.GetPropertyAction;

 /**
 * RMIMasterSocketFactory attempts to create a socket connection to the
@ -103,22 +104,21 @@ public class RMIMasterSocketFactory extends RMISocketFactory {
        try {
            String proxyHost;
            proxyHost = java.security.AccessController.doPrivileged(
-                new sun.security.action.GetPropertyAction("http.proxyHost"));
+                new GetPropertyAction("http.proxyHost"));

            if (proxyHost == null)
                proxyHost = java.security.AccessController.doPrivileged(
-                    new sun.security.action.GetPropertyAction("proxyHost"));
+                    new GetPropertyAction("proxyHost"));

-            Boolean tmp = java.security.AccessController.doPrivileged(
-                new sun.security.action.GetBooleanAction("java.rmi.server.disableHttp"));
+            boolean disable = java.security.AccessController.doPrivileged(
+                new GetPropertyAction("java.rmi.server.disableHttp", "true"))
+                .equalsIgnoreCase("true");

-            if (!tmp.booleanValue() &&
-                (proxyHost != null && proxyHost.length() > 0)) {
+            if (!disable && proxyHost != null && proxyHost.length() > 0) {
                setFactories = true;
            }
        } catch (Exception e) {
-            // unable to obtain the properties, so assume default behavior.
-            setFactories = true;
+            // unable to obtain the properties, so use the default behavior.
        }

        if (setFactories) {
--- a/jdk/test/sun/rmi/transport/proxy/DisableHttpDefaultValue.java
+++ b/jdk/test/sun/rmi/transport/proxy/DisableHttpDefaultValue.java
@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @bug 8023862
+ * @summary Verify that the default value of the java.rmi.server.disableHttp
+ *          has been changed from false to true.
+ * @compile -XDignore.symbol.file DisableHttpDefaultValue.java
+ *
+ * @run main/othervm                                     DisableHttpDefaultValue true
+ * @run main/othervm -Djava.rmi.server.disableHttp       DisableHttpDefaultValue false
+ * @run main/othervm -Djava.rmi.server.disableHttp=false DisableHttpDefaultValue false
+ * @run main/othervm -Djava.rmi.server.disableHttp=xyzzy DisableHttpDefaultValue false
+ * @run main/othervm -Djava.rmi.server.disableHttp=true  DisableHttpDefaultValue true
+ */
+
+import sun.rmi.transport.proxy.RMIMasterSocketFactory;
+
+public class DisableHttpDefaultValue {
+    /**
+     * Subclass RMIMasterSocketFactory to get access to
+     * protected field altFactoryList. This list has a
+     * zero size if proxying is disabled.
+     */
+    static class SocketFactory extends RMIMasterSocketFactory {
+        boolean proxyDisabled() {
+            return altFactoryList.size() == 0;
+        }
+    }
+
+    /**
+     * Takes a single arg, which is the expected boolean value of
+     * java.rmi.server.disableHttp.
+     */
+    public static void main(String[] args) throws Exception {
+        // Force there to be a proxy host, so that we are able to
+        // tell whether proxying is enabled or disabled.
+        System.setProperty("http.proxyHost", "proxy.example.com");
+
+        String propval = System.getProperty("java.rmi.server.disableHttp");
+        String propdisp = (propval == null) ? "null" : ("\"" + propval + "\"");
+        boolean expected = Boolean.parseBoolean(args[0]);
+        boolean actual = new SocketFactory().proxyDisabled();
+        System.out.printf("### prop=%s exp=%s act=%s%n", propdisp, expected, actual);
+        if (expected != actual)
+            throw new AssertionError();
+    }
+}