java.net.doc-files.net-properties.html Maven / Gradle / Ivy
Show all versions of qbicc-rt-java.base Show documentation
Networking Properties
Networking Properties
There are a few standard system properties used to
alter the mechanisms and behavior of the various classes of the
java.net package. Some are checked only once at startup of the VM,
and therefore are best set using the -D option of the java command,
while others have a more dynamic nature and can also be changed using
the System.setProperty() API.
The purpose of this document is to list
and detail all of these properties.
If there is no special note, a property value is checked every time it is used.
IPv4 / IPv6
{@systemProperty java.net.preferIPv4Stack} (default: false)
If IPv6 is available on the operating system the
underlying native socket will be, by default, an IPv6 socket which
lets applications connect to, and accept connections from, both
IPv4 and IPv6 hosts. However, in the case an application would
rather use IPv4 only sockets, then this property can be set to true.
The implication is that it will not be possible for the application
to communicate with IPv6 only hosts.
{@systemProperty java.net.preferIPv6Addresses} (default: false)
When dealing with a host which has both IPv4
and IPv6 addresses, and if IPv6 is available on the operating
system, the default behavior is to prefer using IPv4 addresses over
IPv6 ones. This is to ensure backward compatibility: for example,
for applications that depend on the representation of an IPv4 address
(e.g. 192.168.1.1). This property can be set to true to
change that preference and use IPv6 addresses over IPv4 ones where
possible, or system to preserve the order of the addresses as
returned by the operating system.
Both of these properties are checked only once, at startup.
Proxies
A proxy server allows indirect connection to network services and
is used mainly for security (to get through firewalls) and
performance reasons (proxies often do provide caching mechanisms).
The following properties allow for configuration of the various type
of proxies.
HTTP
The following proxy settings are used by the HTTP protocol handler.
{@systemProperty http.proxyHost} (default: <none>)
The hostname, or address, of the proxy server.
{@systemProperty http.proxyPort} (default: {@code 80})
The port number of the proxy server.
{@systemProperty http.nonProxyHosts} (default: {@code localhost|127.*|[::1]})
Indicates the hosts that should be accessed without going
through the proxy. Typically this defines internal hosts.
The value of this property is a list of hosts,
separated by the '|' character. In addition, the wildcard
character '*' can be used for pattern matching. For example,
{@code -Dhttp.nonProxyHosts="*.foo.com|localhost"}
will indicate that every host in the foo.com domain and the
localhost should be accessed directly even if a proxy server is
specified.
The default value excludes all common variations of the loopback address.
HTTPS
This is HTTP over SSL, a secure version of HTTP
mainly used when confidentiality (like on payment sites) is needed.
The following proxy settings are used by the HTTPS protocol handler.
{@systemProperty https.proxyHost} (default: <none>)
The hostname, or address, of the proxy server.
{@systemProperty https.proxyPort} (default: {@code 443})
The port number of the proxy server.
The HTTPS protocol handler will use the same nonProxyHosts
property as the HTTP protocol.
FTP
The following proxy settings are used by the FTP protocol handler.
{@systemProperty ftp.proxyHost} (default: <none>)
The hostname, or address, of the proxy server.
{@systemProperty ftp.proxyPort} (default: {@code 80})
The port number of the proxy server.
{@systemProperty ftp.nonProxyHosts} (default: {@code localhost|127.*|[::1]})
Indicates the hosts that should be accessed without going
through the proxy. Typically this defines internal hosts.
The value of this property is a list of hosts, separated by
the '|' character. In addition, the wildcard character
'*' can be used for pattern matching. For example,
{@code -Dhttp.nonProxyHosts="*.foo.com|localhost"}
will indicate that every host in the foo.com domain and the
localhost should be accessed directly even if a proxy server is
specified.
The default value excludes all common variations of the loopback address.
SOCKS
This is another type of proxy. It allows for lower-level
type of tunneling since it works at the TCP level. In effect,
in the Java(tm) platform setting a SOCKS proxy server will result in
all TCP connections to go through that proxy, unless other proxies
are specified. If SOCKS is supported by a Java SE implementation, the
following properties will be used:
{@systemProperty socksProxyHost} (default: <none>)
The hostname, or address, of the proxy server.
{@systemProperty socksProxyPort} (default: {@code 1080})
The port number of the proxy server.
{@systemProperty socksProxyVersion} (default: {@code 5})
The version of the SOCKS protocol supported by the server. The
default is {@code 5} indicating SOCKS V5. Alternatively,
{@code 4} can be specified for SOCKS V4. Setting the property
to values other than these leads to unspecified behavior.
{@systemProperty java.net.socks.username} (default: <none>)
Username to use if the SOCKSv5 server asks for authentication
and no {@link java.net.Authenticator java.net.Authenticator} instance was found.
{@systemProperty java.net.socks.password} (default: <none>)
Password to use if the SOCKSv5 server asks for authentication
and no {@code java.net.Authenticator} instance was found.
Note that if no authentication is provided with either the above
properties or an Authenticator, and the proxy requires one, then
the user.name property will be used with no password.
{@systemProperty java.net.useSystemProxies} (default: {@code false})
On Windows systems, macOS systems, and Gnome systems it is possible to
tell the java.net stack, setting this property to true, to use
the system proxy settings (all these systems let you set proxies
globally through their user interface). Note that this property is
checked only once at startup.
Misc HTTP URL stream protocol handler properties
{@systemProperty http.agent} (default: “Java/<version>”)
Defines the string sent in the User-Agent request header in http
requests. Note that the string “Java/<version>” will
be appended to the one provided in the property (e.g. if
{@code -Dhttp.agent="foobar"} is used, the User-Agent header will
contain “foobar Java/1.5.0” if the version of the VM is
1.5.0). This property is checked only once at startup.
{@systemProperty http.keepAlive} (default: {@code true})
Indicates if persistent connections should be supported. They improve
performance by allowing the underlying socket connection to be reused
for multiple HTTP requests. If this is set to true then persistent
connections will be requested with HTTP 1.1 servers.
{@systemProperty http.maxConnections} (default: {@code 5})
If HTTP keepalive is enabled (see above) this value determines the
maximum number of idle connections that will be simultaneously kept
alive, per destination.
{@systemProperty http.maxRedirects} (default: {@code 20})
This integer value determines the maximum number, for a given request,
of HTTP redirects that will be automatically followed by the
protocol handler.
{@systemProperty http.auth.digest.validateServer} (default: {@code false})
{@systemProperty http.auth.digest.validateProxy} (default: {@code false})
{@systemProperty http.auth.digest.cnonceRepeat} (default: {@code 5})
These 3 properties modify the behavior of the HTTP digest
authentication mechanism. Digest authentication provides a limited
ability for the server to authenticate itself to the client (i.e.
By proving it knows the user's password). However, not all HTTP
servers support this capability and by default it is turned off. The
first two properties can be set to true to enforce this check for
authentication with either an origin or proxy server, respectively.
It is usually not necessary to change the third property. It
determines how many times a cnonce value is re-used. This can be
useful when the MD5-sess algorithm is being used. Increasing this
value reduces the computational overhead on both client and server
by reducing the amount of material that has to be hashed for each
HTTP request.
{@systemProperty http.auth.ntlm.domain} (default: <none>)
NTLM is another authentication scheme. It uses the
{@code java.net.Authenticator} class to acquire usernames and passwords when
they are needed. However, NTLM also needs the NT domain name. There are
3 options for specifying that domain:
Do not specify it. In some environments the domain is
actually not required and the application does not have to specify
it.
The domain name can be encoded within the username by
prefixing the domain name, followed by a backslash '\' before the
username. With this method existing applications that use the
authenticator class do not need to be modified, as long as users
are made aware that this notation must be used.
If a domain name is not specified as in method 2) and this
property is defined, then its value will be used as the domain
name.
All these properties are checked only once at startup.
Address Cache
The java.net package, when doing name resolution, uses an address
cache for both security and performance reasons. Any address
resolution attempt, be it forward (name to IP address) or reverse (IP
address to name), will have its result cached, whether it was
successful or not, so that subsequent identical requests will not
have to access the naming service. These properties allow for some
tuning on how the cache is operating.
{@systemProperty networkaddress.cache.ttl} (default: see below)
Value is an integer corresponding to the number of seconds successful
name lookups will be kept in the cache. A value of -1, or any other
negative value for that matter, indicates a “cache forever”
policy, while a value of 0 (zero) means no caching. The default value
is -1 (forever) if a security manager is installed, and implementation-specific
when no security manager is installed.
{@systemProperty networkaddress.cache.negative.ttl} (default: {@code 10})
Value is an integer corresponding to the number of seconds an
unsuccessful name lookup will be kept in the cache. A value of -1,
or any negative value, means “cache forever”, while a
value of 0 (zero) means no caching.
Since these 2 properties are part of the security policy, they are
not set by either the -D option or the {@code System.setProperty()} API,
instead they are set as security properties.
Unix domain sockets
Calling {@link java.nio.channels.ServerSocketChannel#bind(SocketAddress,int) ServerSocketChannel.bind}
with a {@code null} address parameter will bind to an automatically assigned socket address.
For Unix domain sockets, this means a unique path in some predefined system temporary directory.
There are a number of system (and networking) properties that affect this behavior.
Unix domain socket addresses are limited in length to approximately 100
bytes (depending on the platform), it is important to ensure that the temporary directory's name
together with the filename used for the socket (currently a name similar to
{@code socket_1679697142}) does not exceed this limit. The following properties
can be used to control the selection of this directory:
{@systemProperty jdk.net.unixdomain.tmpdir} This can be set as
a networking property in {@code conf/net.properties} If set, this specifies the
directory to use for automatically bound server socket addresses. On some platforms,
(eg some Unix systems) this will have a predefined default value. On others,
(eg Windows) there is no default value. Either way, it is always possible
to override the networking property with a system property of the same name
set on the command line. If neither of the networking nor system property
are set, then some systems (eg Windows) may check a commonly used environment
variable as temporary directory.
{@systemProperty java.io.tmpdir} If the previous step fails to locate
a directory to use, then the directory identified by the system property
{@code java.io.tmpdir} is used.
More information about the platform specific behavior can be seen in the
{@code conf/net.properties} configuration file.
Implicit binding of a {@link java.nio.channels.SocketChannel SocketChannel}
If a client socket is connected to a remote destination without calling {@code bind} first,
then the socket is implicitly bound. In this case, Unix domain sockets
are unnamed (ie. their path is empty). This behavior is not affected by any
system or networking properties.
Enhanced exception messages
By default, for security reasons, exception messages do not include potentially sensitive
security information such as hostnames or Unix domain socket address paths.
The following property can be used to relax this restriction, for debugging and other
purposes.
{@systemProperty jdk.includeInExceptions} This is typically set to
a comma separated list of keywords that refer to exception types whose messages
may be enhanced with more detailed information. If the value includes the string
{@code hostInfo} then socket addresses will be included in exception message
texts (eg hostnames, Unix domain socket address paths).