diff --git a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java index 790e7ac3d827ba6d1eaf47ec24aec33a2e15d5a4..cb27fa93fd8d2f101f232363c289f0bf44e54832 100644 --- a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java +++ b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java @@ -119,6 +119,11 @@ public class TCPTransport extends Transport { } }); + private static final boolean disableIncomingHttp = + java.security.AccessController.doPrivileged( + new GetPropertyAction("java.rmi.server.disableIncomingHttp", "true")) + .equalsIgnoreCase("true"); + /** total connections handled */ private static final AtomicInteger connectionCount = new AtomicInteger(0); @@ -722,6 +727,10 @@ public class TCPTransport extends Transport { int magic = in.readInt(); if (magic == POST) { + System.err.println("DISABLED: " + disableIncomingHttp); + if (disableIncomingHttp) { + throw new RemoteException("RMI over HTTP is disabled"); + } tcpLog.log(Log.BRIEF, "decoding HTTP-wrapped call"); // It's really a HTTP-wrapped request. Repackage diff --git a/test/sun/rmi/transport/proxy/EagerHttpFallback.java b/test/sun/rmi/transport/proxy/EagerHttpFallback.java index 3879c665d14d1c0b28e43d157568f0b427b895af..7e1507613adb9e364caf8d069b06dcf4a8e77c45 100644 --- a/test/sun/rmi/transport/proxy/EagerHttpFallback.java +++ b/test/sun/rmi/transport/proxy/EagerHttpFallback.java @@ -28,7 +28,7 @@ * * @library ../../../../java/rmi/testlibrary * @build TestLibrary - * @run main/othervm EagerHttpFallback + * @run main/othervm -Djava.rmi.server.disableIncomingHttp=false EagerHttpFallback */ import java.rmi.*; @@ -46,6 +46,8 @@ public class EagerHttpFallback { "true"); LocateRegistry.createRegistry(FALLBACK_PORT); + System.err.println("1-DISABLED: " + System.getProperty("java.rmi.server.disableIncomingHttp")); + /* * The call below should trigger a ConnectException in the * RMIMasterSocketFactory when it attempts a direct connection to diff --git a/test/sun/rmi/transport/tcp/DisableRMIOverHttp/DisableRMIOverHTTPTest.java b/test/sun/rmi/transport/tcp/DisableRMIOverHttp/DisableRMIOverHTTPTest.java new file mode 100644 index 0000000000000000000000000000000000000000..35184d79a6f10b0324926e196b7baccfe2a9ed70 --- /dev/null +++ b/test/sun/rmi/transport/tcp/DisableRMIOverHttp/DisableRMIOverHTTPTest.java @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + * @bug 8158963 + * + * @summary Disable RMI over HTTP by default + * + * @library ../../../../../java/rmi/testlibrary + * @build TestIface TestImpl + * @run main/othervm/timeout=60 DisableRMIOverHTTPTest + * @run main/othervm/timeout=60 -Djava.rmi.server.disableIncomingHttp=false DisableRMIOverHTTPTest + */ + +/* + * This test is an adaptation of ../blockAccept/BlockAcceptTest.java + * + * This test: + * 1. Creates an object and exports it. + * 2. Makes a regular call, using HTTP tunnelling. + * 3. Either throws an exception if RMI over HTTP is disabled or completes + * execution if not. + */ + +import java.rmi.*; +import java.rmi.server.RMISocketFactory; +import java.io.*; +import java.net.*; + +import sun.rmi.transport.proxy.RMIMasterSocketFactory; +import sun.rmi.transport.proxy.RMIHttpToPortSocketFactory; + +public class DisableRMIOverHTTPTest +{ + public static void main(String[] args) + throws Exception + { + // HTTP direct to the server port + System.setProperty("http.proxyHost", "127.0.0.1"); + boolean incomingHttpDisabled = + Boolean.valueOf( + System.getProperty( + "java.rmi.server.disableIncomingHttp", "true") + .equalsIgnoreCase("true")); + + // Set the socket factory. + System.err.println("(installing HTTP-out socket factory)"); + HttpOutFactory fac = new HttpOutFactory(); + RMISocketFactory.setSocketFactory(fac); + + // Create remote object + TestImpl impl = new TestImpl(); + + // Export and get which port. + System.err.println("(exporting remote object)"); + TestIface stub = impl.export(); + try { + int port = fac.whichPort(); + + // Sanity + if (port == 0) + throw new Error("TEST FAILED: export didn't reserve a port(?)"); + + // The test itself: make a remote call and see if it's blocked or + // if it works + //Thread.sleep(2000); + System.err.println("(making RMI-through-HTTP call)"); + String result = stub.testCall("dummy load"); + System.err.println(" => " + result); + + if ("OK".equals(result)) { + if (incomingHttpDisabled) { + throw new Error( + "TEST FAILED: should not receive result if incoming http is disabled"); + } + } else { + if (!incomingHttpDisabled) { + throw new Error("TEST FAILED: result not OK"); + } + } + System.err.println("Test passed."); + } catch (UnmarshalException e) { + if (!incomingHttpDisabled) { + throw e; + } else { + System.err.println("Test passed."); + } + } finally { + try { + impl.unexport(); + } catch (Throwable unmatter) { + } + } + + // Should exit here + } + + private static class HttpOutFactory + extends RMISocketFactory + { + private int servport = 0; + + public Socket createSocket(String h, int p) + throws IOException + { + return ((new RMIHttpToPortSocketFactory()).createSocket(h, p)); + } + + /** Create a server socket and remember which port it's on. + * Aborts if createServerSocket(0) is called twice, because then + * it doesn't know whether to remember the first or second port. + */ + public ServerSocket createServerSocket(int p) + throws IOException + { + ServerSocket ss; + ss = (new RMIMasterSocketFactory()).createServerSocket(p); + if (p == 0) { + if (servport != 0) { + System.err.println("TEST FAILED: " + + "Duplicate createServerSocket(0)"); + throw new Error("Test aborted (createServerSocket)"); + } + servport = ss.getLocalPort(); + } + return (ss); + } + + /** Return which port was reserved by createServerSocket(0). + * If the return value was 0, createServerSocket(0) wasn't called. + */ + public int whichPort() { + return (servport); + } + } // end class HttpOutFactory +} diff --git a/test/sun/rmi/transport/tcp/DisableRMIOverHttp/TestIface.java b/test/sun/rmi/transport/tcp/DisableRMIOverHttp/TestIface.java new file mode 100644 index 0000000000000000000000000000000000000000..85bab51483dcd43aafad8bc5cc0335cb46b7a8da --- /dev/null +++ b/test/sun/rmi/transport/tcp/DisableRMIOverHttp/TestIface.java @@ -0,0 +1,31 @@ +/* + * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.rmi.*; + +public interface TestIface + extends Remote +{ + public String testCall(String ign) + throws RemoteException; +} diff --git a/test/sun/rmi/transport/tcp/DisableRMIOverHttp/TestImpl.java b/test/sun/rmi/transport/tcp/DisableRMIOverHttp/TestImpl.java new file mode 100644 index 0000000000000000000000000000000000000000..4e33b91330c43c0689ab0680f2369763fa43a653 --- /dev/null +++ b/test/sun/rmi/transport/tcp/DisableRMIOverHttp/TestImpl.java @@ -0,0 +1,49 @@ +/* + * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.rmi.*; +import java.rmi.server.*; + +public class TestImpl + extends Object + implements TestIface +{ + public TestImpl() { + } + + public TestIface export() + throws RemoteException + { + return (TestIface)UnicastRemoteObject.exportObject(this, 0); + } + + public void unexport() + throws NoSuchObjectException + { + UnicastRemoteObject.unexportObject(this, true); + } + + public String testCall(String ign) { + return ("OK"); + } +} diff --git a/test/sun/rmi/transport/tcp/blockAccept/BlockAcceptTest.java b/test/sun/rmi/transport/tcp/blockAccept/BlockAcceptTest.java index 2f5002d323e0c38d539c913f3cf33bd7b030214e..95da5864fc217bdaf4bd33f5b369041a8c0b2b56 100644 --- a/test/sun/rmi/transport/tcp/blockAccept/BlockAcceptTest.java +++ b/test/sun/rmi/transport/tcp/blockAccept/BlockAcceptTest.java @@ -29,7 +29,7 @@ * * @library ../../../../../java/rmi/testlibrary * @build TestIface TestImpl TestImpl_Stub - * @run main/othervm/policy=security.policy/timeout=60 BlockAcceptTest + * @run main/othervm/policy=security.policy/timeout=60 -Djava.rmi.server.disableIncomingHttp=false BlockAcceptTest */ /* This test attempts to stymie the RMI accept loop. The accept loop in