3909N/A Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A This code is free software; you can redistribute it and/or modify it 0N/A under the terms of the GNU General Public License version 2 only, as 2362N/A published by the Free Software Foundation. Oracle designates this 0N/A particular file as subject to the "Classpath" exception as provided 2362N/A by Oracle in the LICENSE file that accompanied this code. 0N/A This code is distributed in the hope that it will be useful, but WITHOUT 0N/A ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A version 2 for more details (a copy is included in the LICENSE file that 0N/A accompanied this code). 0N/A You should have received a copy of the GNU General Public License version 0N/A 2 along with this work; if not, write to the Free Software Foundation, 0N/A Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 0N/A<!
DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
0N/A <
META HTTP-
EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=iso-8859-1">
0N/A <
TITLE>Networking Properties</
TITLE>
0N/A<
BODY LANG="en-US" DIR="LTR">
0N/A<
H1 ALIGN=CENTER>Networking Properties</
H1>
0N/A<
P ALIGN=LEFT>There are a few standard system properties used to
0N/Aalter the mechanisms and behavior of the various classes of the
0N/Ajava.net package. Some are checked only once at startup of the VM,
0N/Aand therefore are best set using the -D option of the java command,
0N/Awhile others have a more dynamic nature and can also be changed using
0N/Aand detail all of these properties.</
P>
0N/A<
P>If there is no special note, a property value is checked every time it is used.</
P>
0N/A<
a name="Ipv4IPv6"></
a>
0N/A If IPv6 is available on the operating system the
0N/A underlying native socket will be, by default, an IPv6 socket which
0N/A lets applications connect to, and accept connections from, both
0N/A IPv4 and IPv6 hosts. However, in the case an application would
0N/A rather use IPv4 only sockets, then this property can be set to <
B>true</
B>.
0N/A The implication is that it will not be possible for the application
0N/A to communicate with IPv6 only hosts.</
P>
0N/A When dealing with a host which has both IPv4
0N/A and IPv6 addresses, and if IPv6 is available on the operating
0N/A system, the default behavior is to prefer using IPv4 addresses over
0N/A IPv6 ones. This is to ensure backward compatibility, for example
0N/A applications that depend on the representation of an IPv4 address
0N/A (
e.g. 192.168.1.1). This property can be set to <
B>true</
B> to
0N/A change that preference and use IPv6 addresses over IPv4 ones where
0N/A<
P>Both of these properties are checked only once, at startup.</
P>
0N/A<
a name="Proxies"></
a>
0N/A<
P>A proxy server allows indirect connection to network services and
0N/Ais used mainly for security (to get through firewalls) and
0N/Aperformance reasons (proxies often do provide caching mechanisms).
0N/AThe following properties allow for configuration of the various type
0N/A <
P>The following proxy settings are used by the HTTP protocol handler.</
P>
0N/A The hostname, or address, of the proxy server
0N/A The port number of the proxy server.</
P>
0N/A Indicates the hosts that should be accessed without going
0N/A through the proxy. Typically this defines internal hosts.
0N/A The value of this property is a list of hosts,
0N/A separated by the '|' character. In addition the wildcard
0N/A character '*' can be used for pattern matching. For example
0N/A will indicate that every hosts in the
foo.com domain and the
0N/A localhost should be accessed directly even if a proxy server is
1666N/A <
P>The default value excludes all common variations of the loopback address.</
P>
0N/A <
LI><
P>HTTPS<
BR>This is HTTP over SSL, a secure version of HTTP
0N/A mainly used when confidentiality (like on payment sites) is needed.</
P>
0N/A <
P>The following proxy settings are used by the HTTPS protocol handler.</
P>
0N/A The hostname, or address, of the proxy server
0N/A The port number of the proxy server.</
P>
0N/A <
P>The HTTPS protocol handler will use the same nonProxyHosts
0N/A property as the HTTP protocol.</
P>
0N/A <
P>The following proxy settings are used by the FTP protocol handler.</
P>
0N/A The hostname, or address, of the proxy server
0N/A The port number of the proxy server.</
P>
0N/A Indicates the hosts that should be accessed without going
0N/A through the proxy. Typically this defines internal hosts.
0N/A The value of this property is a list of hosts, separated by
0N/A the '|' character. In addition the wildcard character
0N/A '*' can be used for pattern matching. For example
0N/A will indicate that every hosts in the
foo.com domain and the
0N/A localhost should be accessed directly even if a proxy server is
1666N/A <
P>The default value excludes all common variations of the loopback address.</
P>
0N/A <
LI><
P>SOCKS<
BR>This is another type of proxy. It allows for lower
0N/A level type of tunneling since it works at the TCP level. In effect,
0N/A in the Java(tm) platform setting a SOCKS proxy server will result in
0N/A all TCP connections to go through that proxy, unless other proxies
0N/A are specified. If SOCKS is supported by a Java SE implementation, the
0N/A following properties will be used:</
P>
3393N/A <
LI><
P><
B>socksProxyHost</
B> (default: <none>)<
BR>
0N/A The hostname, or address, of the proxy server.</
P>
0N/A <
LI><
P><
B>socksProxyPort</
B> (default: 1080)<
BR>
0N/A The port number of the proxy server.</
P>
3393N/A <
LI><
P><
B>socksProxyVersion</
B> (default: 5)<
BR>
3393N/A The version of the SOCKS protocol supported by the server. The
3393N/A default is <
code>5</
code> indicating SOCKS V5, alternatively
3393N/A <
code>4</
code> can be specified for SOCKS V4. Setting the property
3393N/A to values other than these leads to unspecified behavior.</
P>
0N/A Username to use if the SOCKSv5 server asks for authentication
0N/A Password to use if the SOCKSv5 server asks for authentication
0N/A <
P>Note that if no authentication is provided with either the above
0N/A properties or an Authenticator, and the proxy requires one, then
0N/A the <
B>
user.name</
B> property will be used with no password.</
P>
0N/A On recent Windows systems and on Gnome
2.x systems it is possible to
0N/A tell the
java.net stack, setting this property to <
B>true</
B>, to use
0N/A the system proxy settings (both these systems let you set proxies
0N/A globally through their user interface). Note that this property is
0N/A checked only once at startup.</
P>
0N/A<
a name="MiscHTTP"></
a>
0N/A<
H2>Misc HTTP properties</
H2>
0N/A <
LI><
P><
B>
http.agent</
B> (default: “Java/<version>”)<
BR>
0N/A Defines the string sent in the User-Agent request header in http
0N/A requests. Note that the string “Java/<version>” will
0N/A be appended to the one provided in the property (
e.g. if
0N/A contain “foobar
Java/
1.5.0” if the version of the VM is
0N/A 1.5.0). This property is checked only once at startup.</
P>
0N/A Indicates if persistent connections should be supported. They improve
0N/A performance by allowing the underlying socket connection to be reused
0N/A for multiple http requests. If this is set to true then persistent
0N/A connections will be requested with HTTP 1.1 servers.</
P>
0N/A If HTTP keepalive is enabled (see above) this value determines the
0N/A maximum number of idle connections that will be simultaneously kept
0N/A alive, per destination.</
P>
0N/A This integer value determines the maximum number, for a given request,
0N/A of HTTP redirects that will be automatically followed by the
0N/A protocol handler.</
P>
0N/A <
P>These 3 properties modify the behavior of the HTTP digest
0N/A authentication mechanism. Digest authentication provides a limited
0N/A ability for the server to authenticate itself to the client (
i.e. 0N/A By proving it knows the user's password). However not all HTTP
0N/A servers support this capability and by default it is turned off. The
0N/A first two properties can be set to true to enforce this check for
0N/A authentication with either an origin or proxy server, respectively.</
P>
0N/A <
P>It is usually not necessary to change the third property. It
0N/A determines how many times a cnonce value is re-used. This can be
0N/A useful when the MD5-sess algorithm is being used. Increasing this
0N/A value reduces the computational overhead on both client and server
0N/A by reducing the amount of material that has to be hashed for each
0N/A NTLM is another authentication scheme. It uses the
0N/A they are needed. However NTLM also needs the NT domain name. There are
0N/A 3 options for specifying that domain:</
P>
0N/A <
LI><
P>Do not specify it. In some environments the domain is
0N/A actually not required and the application does not have to specify
0N/A <
LI><
P>The domain name can be encoded within the username by
0N/A prefixing the domain name, followed by a back-slash '\' before the
0N/A username. With this method existing applications that use the
0N/A authenticator class do not need to be modified, as long as users
0N/A are made aware that this notation must be used.</
P>
0N/A <
LI><
P>If a domain name is not specified as in method 2) and these
0N/A property is defined, then its value will be used a the domain
0N/A<
P>All these properties are checked only once at startup.</
P>
0N/A<
a name="AddressCache"></
a>
0N/A<
H2>Address Cache</
H2>
0N/A<
P>The
java.net package, when doing name resolution, uses an address
0N/Acache for both security and performance reasons. Any address
0N/Aresolution attempt, be it forward (name to IP address) or reverse (IP
0N/Aaddress to name), will have its result cached, whether it was
0N/Asuccessful or not, so that subsequent identical requests will not
0N/Ahave to access the naming service. These properties allow for some
0N/Atuning on how the cache is operating.</
P>
0N/A Value is an integer corresponding to the number of seconds successful
0N/A name lookups will be kept in the cache. A value of -1, or any other
0N/A negative value for that matter, indicates a “cache forever”
0N/A policy, while a value of 0 (zero) means no caching. The default value
0N/A is -1 (forever) if a security manager is installed, and implementation
0N/A specific when no security manager is installed.</
P>
0N/A Value is an integer corresponding to the number of seconds an
0N/A unsuccessful name lookup will be kept in the cache. A value of -1,
0N/A or any negative value, means “cache forever”, while a
0N/A value of 0 (zero) means no caching.</
P>
0N/A<
P>Since these 2 properties are part of the security policy, they are