10139N/A Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. 10139N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 10139N/A This code is free software; you can redistribute it and/or modify it 10139N/A under the terms of the GNU General Public License version 2 only, as 10139N/A published by the Free Software Foundation. Oracle designates this 17185N/A particular file as subject to the "Classpath" exception as provided 10139N/A by Oracle in the LICENSE file that accompanied this code. 17180N/A This code is distributed in the hope that it will be useful, but WITHOUT 17180N/A ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10139N/A FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 10139N/A version 2 for more details (a copy is included in the LICENSE file that 17570N/A You should have received a copy of the GNU General Public License version 10139N/A 2 along with this work; if not, write to the Free Software Foundation, 10139N/A Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 10139N/A Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 12773N/A<!
DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
10139N/A <
META HTTP-
EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=iso-8859-1">
10139N/A <
TITLE>Networking Properties</
TITLE>
10139N/A<
H1 ALIGN=CENTER>Networking Properties</
H1>
10139N/A<
P ALIGN=LEFT>There are a few standard system properties used to
10139N/Aalter the mechanisms and behavior of the various classes of the
10139N/Aand therefore are best set using the -D option of the java command,
10139N/Awhile others have a more dynamic nature and can also be changed using
10139N/Aand detail all of these properties.</
P>
10139N/A<
P>If there is no special note, a property value is checked every time it is used.</
P>
10139N/A If IPv6 is available on the operating system the
10139N/A underlying native socket will be, by default, an IPv6 socket which
10139N/A lets applications connect to, and accept connections from, both
10139N/A IPv4 and IPv6 hosts. However, in the case an application would
10139N/A rather use IPv4 only sockets, then this property can be set to <
B>true</
B>.
10139N/A The implication is that it will not be possible for the application
10139N/A to communicate with IPv6 only hosts.</
P>
10139N/A When dealing with a host which has both IPv4
10139N/A and IPv6 addresses, and if IPv6 is available on the operating
10139N/A system, the default behavior is to prefer using IPv4 addresses over
10139N/A IPv6 ones. This is to ensure backward compatibility, for example
10139N/A applications that depend on the representation of an IPv4 address
10139N/A (
e.g. 192.168.1.1). This property can be set to <
B>true</
B> to
10139N/A change that preference and use IPv6 addresses over IPv4 ones where
10139N/A<
P>Both of these properties are checked only once, at startup.</
P>
10139N/A<
P>A proxy server allows indirect connection to network services and
12773N/Ais used mainly for security (to get through firewalls) and
12773N/Aperformance reasons (proxies often do provide caching mechanisms).
12773N/AThe following properties allow for configuration of the various type
10139N/A <
P>The following proxy settings are used by the HTTP protocol handler.</
P>
10139N/A The hostname, or address, of the proxy server
10139N/A The port number of the proxy server.</
P>
10139N/A Indicates the hosts that should be accessed without going
10139N/A through the proxy. Typically this defines internal hosts.
10139N/A The value of this property is a list of hosts,
10139N/A separated by the '|' character. In addition the wildcard
10139N/A character '*' can be used for pattern matching. For example
10139N/A localhost should be accessed directly even if a proxy server is
10139N/A <
P>The default value excludes all common variations of the loopback address.</
P>
10139N/A <
LI><
P>HTTPS<
BR>This is HTTP over SSL, a secure version of HTTP
10139N/A mainly used when confidentiality (like on payment sites) is needed.</
P>
10139N/A <
P>The following proxy settings are used by the HTTPS protocol handler.</
P>
10139N/A The hostname, or address, of the proxy server
10139N/A The port number of the proxy server.</
P>
10139N/A <
P>The HTTPS protocol handler will use the same nonProxyHosts
10139N/A property as the HTTP protocol.</
P>
17570N/A <
P>The following proxy settings are used by the FTP protocol handler.</
P>
17394N/A The hostname, or address, of the proxy server
17101N/A The port number of the proxy server.</
P>
16990N/A Indicates the hosts that should be accessed without going
16990N/A through the proxy. Typically this defines internal hosts.
16783N/A The value of this property is a list of hosts, separated by
16783N/A the '|' character. In addition the wildcard character
16657N/A '*' can be used for pattern matching. For example
16657N/A localhost should be accessed directly even if a proxy server is
16630N/A <
P>The default value excludes all common variations of the loopback address.</
P>
16630N/A <
LI><
P>SOCKS<
BR>This is another type of proxy. It allows for lower
16183N/A level type of tunneling since it works at the TCP level. In effect,
16630N/A in the Java(tm) platform setting a SOCKS proxy server will result in
16137N/A all TCP connections to go through that proxy, unless other proxies
16630N/A are specified. If SOCKS is supported by a Java SE implementation, the
15870N/A following properties will be used:</
P>
15870N/A <
LI><
P><
B>socksProxyHost</
B> (default: <none>)<
BR>
15448N/A The hostname, or address, of the proxy server.</
P>
16630N/A <
LI><
P><
B>socksProxyPort</
B> (default: 1080)<
BR>
14525N/A The port number of the proxy server.</
P>
14525N/A <
LI><
P><
B>socksProxyVersion</
B> (default: 5)<
BR>
14251N/A The version of the SOCKS protocol supported by the server. The
14251N/A default is <
code>5</
code> indicating SOCKS V5, alternatively
14107N/A <
code>4</
code> can be specified for SOCKS V4. Setting the property
14107N/A to values other than these leads to unspecified behavior.</
P>
16630N/A Username to use if the SOCKSv5 server asks for authentication
13624N/A Password to use if the SOCKSv5 server asks for authentication
13420N/A <
P>Note that if no authentication is provided with either the above
13420N/A properties or an Authenticator, and the proxy requires one, then
13262N/A On recent Windows systems and on Gnome
2.x systems it is possible to
13114N/A the system proxy settings (both these systems let you set proxies
12575N/A globally through their user interface). Note that this property is
12575N/A checked only once at startup.</
P>
12219N/A Defines the string sent in the User-Agent request header in http
11922N/A requests. Note that the string “Java/<version>” will
11922N/A be appended to the one provided in the property (
e.g. if
11416N/A 1.5.0). This property is checked only once at startup.</
P>
11273N/A Indicates if persistent connections should be supported. They improve
11273N/A performance by allowing the underlying socket connection to be reused
11174N/A for multiple http requests. If this is set to true then persistent
11174N/A connections will be requested with HTTP 1.1 servers.</
P>
11128N/A If HTTP keepalive is enabled (see above) this value determines the
11067N/A maximum number of idle connections that will be simultaneously kept
10973N/A This integer value determines the maximum number, for a given request,
10912N/A of HTTP redirects that will be automatically followed by the
10651N/A <
P>These 3 properties modify the behavior of the HTTP digest
10592N/A authentication mechanism. Digest authentication provides a limited
10592N/A ability for the server to authenticate itself to the client (
i.e. 10476N/A By proving it knows the user's password). However not all HTTP
10476N/A servers support this capability and by default it is turned off. The
10287N/A first two properties can be set to true to enforce this check for
10287N/A authentication with either an origin or proxy server, respectively.</
P>
10287N/A <
P>It is usually not necessary to change the third property. It
10285N/A determines how many times a cnonce value is re-used. This can be
10285N/A useful when the MD5-sess algorithm is being used. Increasing this
10179N/A value reduces the computational overhead on both client and server
10179N/A by reducing the amount of material that has to be hashed for each
10139N/A NTLM is another authentication scheme. It uses the
10139N/A they are needed. However NTLM also needs the NT domain name. There are
10139N/A 3 options for specifying that domain:</
P>
10139N/A <
LI><
P>Do not specify it. In some environments the domain is
10139N/A actually not required and the application does not have to specify
10139N/A <
LI><
P>The domain name can be encoded within the username by
10139N/A prefixing the domain name, followed by a back-slash '\' before the
10139N/A username. With this method existing applications that use the
10139N/A authenticator class do not need to be modified, as long as users
10139N/A are made aware that this notation must be used.</
P>
10139N/A <
LI><
P>If a domain name is not specified as in method 2) and these
10139N/A property is defined, then its value will be used a the domain
10139N/A<
P>All these properties are checked only once at startup.</
P>
10139N/Acache for both security and performance reasons. Any address
10139N/Aresolution attempt, be it forward (name to IP address) or reverse (IP
10139N/Aaddress to name), will have its result cached, whether it was
10139N/Asuccessful or not, so that subsequent identical requests will not
10139N/Ahave to access the naming service. These properties allow for some
10139N/Atuning on how the cache is operating.</
P>
10139N/A Value is an integer corresponding to the number of seconds successful
10139N/A name lookups will be kept in the cache. A value of -1, or any other
10139N/A negative value for that matter, indicates a “cache forever”
10139N/A policy, while a value of 0 (zero) means no caching. The default value
10139N/A is -1 (forever) if a security manager is installed, and implementation
10139N/A specific when no security manager is installed.</
P>
10139N/A Value is an integer corresponding to the number of seconds an
10139N/A unsuccessful name lookup will be kept in the cache. A value of -1,
10139N/A or any negative value, means “cache forever”, while a
10139N/A value of 0 (zero) means no caching.</
P>
10139N/A<
P>Since these 2 properties are part of the security policy, they are