net.jini.jeri
Package | Description |
---|---|
net.jini.jeri |
Provides the fundamental abstractions and standard implementation
classes for Jini extensible remote invocation (Jini ERI).
|
net.jini.jeri.connection |
Provides interfaces and classes for implementing connection-based
Jini extensible remote invocation (Jini ERI) transport layer
providers.
|
net.jini.jeri.http |
Provides implementations of the
Endpoint and
ServerEndpoint abstractions that use HTTP
messages sent over TCP sockets as the underlying communication
mechanism. |
net.jini.jeri.kerberos |
Provides implementations of
Endpoint and ServerEndpoint that use Kerberos as the underlying
network security protocol to support security related invocation
constraints for remote requests. |
net.jini.jeri.ssl |
Provides implementations of
Endpoint and ServerEndpoint that use TLS/SSL and HTTPS (HTTP over
TLS/SSL) to support invocation constraints. |
net.jini.jeri.tcp |
Provides implementations of the
Endpoint and
ServerEndpoint abstractions that use TCP sockets
as the underlying communication mechanism. |
org.apache.river.jeri.internal | |
org.apache.river.jeri.internal.connection | |
org.apache.river.jeri.internal.http | |
org.apache.river.jeri.internal.mux | |
org.apache.river.jeri.internal.runtime |
net.jini.jeri
The net.jini.jeri
package and its subpackages provide APIs for Jini extensible remote
invocation (Jini ERI) and several Jini ERI transport layer providers.
SSL and HTTPS providers have been updated to TLSv1.2, insecure ciphers have been removed, strong and weak ciphers have been updated for constraints.
AtomicILFactory has been added to the library to allow failure atomic de-serialization of untrusted data, this allows clients and services to perform some de-serialization prior to authentication, without the vulnerabilities of standard Java Serialization.
As recommended by RFC 1123, the transport endpoints now attempt connections to all the IP addresses that a given host name may resolve to, instead of just the first one.
BasicJeriTrustVerifier
has been changed to trust fewer dynamic proxies. In particular, in addition to
implementing
RemoteMethodControl
,
the dynamic proxy must now implement one or more well-formed remote interfaces
(ones that extend Remote
and for which all methods declare
RemoteException
or a superclass in their throws clause), and
must not implement any other interfaces except
TrustEquivalence
.
BasicJeriTrustVerifier
protected
methods
BasicJeriTrustVerifier
has five new protected
methods to allow for more
convenient implementation of certain behaviors through subclassing:
hasTrustedProxyClass
can be overridden by subclasses to control which dynamic proxy classes for
Jini ERI proxies are considered locally trusted.
hasTrustedClassLoader
can be overridden by subclasses to control the set of class loaders
for which the class of a Jini ERI proxy, when defined by one of those
loaders, is considered locally trusted.
isTrustedProxyInterface
can be overridden by subclasses to control which dynamic proxy interfaces for
Jini ERI proxies are considered locally trusted.
isTrustedInvocationHandler
can be overridden by subclasses to support verification of invocation
handlers that have a locally trusted class other than BasicInvocationHandler
(such as a subclass of BasicInvocationHandler
).
checkInvocationHandlerContent
can be invoked by subclasses that override
isTrustedInvocationHandler
to perform the verification
steps that the default implementation of
isTrustedInvocationHandler
would perform, except that the
class of the invocation handler is not required to be
BasicInvocationHandler
exactly, so that trusted
subclasses can be supported.
Copyright © 2016–2018. All rights reserved.