Welcome to JGDMS.
What is JGDMS?
Firstly it's a high performance, IPv6 compliant and security focused implementation of Jini, refactored over a number of years to leverage Java concurrency collections and modern Executor frameworks.
Secondly, it's a dynamic micro service architecture, that provides the foundations, or glue code, for building enterprise grade systems, built from simple independent dynamically discovered micro service components.
Some key components are:
- JERI - Jini Extensible Remote Invocation, allows you to export java object's, invoke methods on them, using various secure connection and input validation options.
- net.jini.discovery.LookupDiscovery - Allows clients to discover a net.jini.core.lookup.ServiceRegistrar, this is now possible globally using IPv6 multicast.
- net.jini.core.lookup.ServiceRegistrar - Allows clients to search for services and for services to be registered and found by clients.
- net.jini.lookup.ServiceDiscoveryManager - Provides search and filtering functions that make life easier for client code.
- net.jini.lookup.JoinManager - Provides assistance to services that want to register with a ServiceRegistrar.
- net.jini.config.Configuration - net.jini.config.GroovyConfig allows you to configure the above components using Groovy.
There are many other components, including JavaSpaces, another good place to start is with Rio, which also has excellent documentation on how to structure the dependency relationships between your service components.
Building JGDMS
Instructions for building JGDMS
Documentation
Functionality unique to JGDMS
Serialization with atomic input validation, hardened for reading untrusted stream data
New TLS Unicast discovery providers
The following TLS Unicast discovery providers will automatically grant DeSerializationPermission and DownloadPermission after successful lookup service principal authentication.
Unicast TLS discovery using SHA-224 hash
Unicast TLS discovery using SHA-256 hash
Unicast TLS discovery using SHA-384 hash
Unicast TLS discovery using SHA-512 hash
New lookup service method that allows authentication, to occur prior to downloading code
Using Java 8 interface default methods, a new lookup method has been added to ServiceRegistrar, this allows services to be authenticated using a local bootstrap proxy, and to dynamically grant DeSerializationPermission and DownloadPermission prior to downloading and de-serializing the service implementation.
Proxy advisory permissions
The first proxy jar file in a list of codebase annotations, may now contain a list of Permission's. These permissions may be retrieved from the Proxy's ClassLoader, AdvisoryDynamicPermissions
River-Internet has been refactored internally and takes advantage of recent Java libraries, note how Jini releases use TaskManager, this has been replaced by Executor, which is much faster.
System properties
| System Property | Purpose |
| org.apache.river.activation .enableActivateGrant | This property is interpreted as a boolean value. If true, this implementation invokes Security.grant as defined in the specification. See ActivatableInvocationHandler |
| java.net.preferIPv6Addresses | This property is interpreted as a boolean value. If true, jini-announcement and jini-request protocols will use IPv6 multicast addresses: IANA IPv6 Multicast Addresses |
| net.jini.discovery.GLOBAL_ANNOUNCE | This property is interpreted as a boolean value. If true, jini-announcement will join the global multicast address group FF0X::155. If false the jini-announcement protocol will join the site local multicast address group FF05::155. As defined in RFC4291, IPv6 multicast addresses which are only different in scope represent different groups. Clients joining the global group, will not receive site local announcement packets and vice versa. |
| net.jini.jeri .ONLY_VALIDATE_INPUT_IF_CONSTRAINT_SET | This property is interpreted as a boolean value. If true JERI's BasicInvocationHandler or BasicInvocationDispatcher doesn't perform input validation by default, unless the required InvocationConstraint's contain AtomicInputValidation.YES |
| org.apache.river.jeri .server.suppressStackTraces | If true, removes server-side stack traces before marshalling an exception thrown as a result of a remote call. The default value is false. |
| org.apache.river.jeri .tcp.useNIO | whether or not to use NIO-based sockets if possible |
| java.rmi.server.useCodebaseOnly | Java 7 enhancement It is recommended that default value of true is used. This has no effect on JERI and applies only to Java RMI. Java RMI is not secure and should be avoided. |
| org.apache.river.reggie .enableImplToStubReplacement | This system property is interpreted as a boolean value (see Boolean.getBoolean). If true, then JRMP impl-to-stub replacement will be attempted on the service proxy objects contained in ServiceItems passed to the register method of Reggie's proxy. By default, this behavior is not enabled--it is provided as a transitional measure for services that depend on JRMP impl-to-stub replacement when registering with Reggie. |
| net.jini.core.lookup.ServiceRegistrar .portAbitraryIfInUse | This system property is interpreted as a boolean value (see Boolean.getBoolean). If true, then Reggie, will use an ephemeral port to listen for unicast discovery requests, if the configured port is already in use. This property is false by default. |
| org.apache.river.jeri.kerberos .KerberosEndpoint.maxCacheSize | Maximum number of entries allowed in the soft cache of a Kerberos endpoint. The default is 64. |
| org.apache.river.jeri.kerberos .KerberosEndpoint.minGssContextLifetime | Minimum number of seconds of remaining lifetime a GSSContext of an existing connection has to have before it can be considered as a candidate connection to be chosen for a new request. The default is 30. |
| org.apache.river.jeri.kerberos .KerberosEndpoint.maxGssContextRetries | RFC 1510 specifies that if a KDC or server receives two authenticators with the same client and server pair and timestamps of the same microsecond, the second will be considered a replay and will be rejected. This means if multiple session ticket requests of the same client and server principal pair and microsecond timestamps are received at a KDC, only the first one will succeed, and the rest will be considered replays and will be rejected by the KDC. For this reason, the Kerberos provider catches the "replay" exception and retries the corresponding GSSContext initialization handshake. This system property controls the maximum number of retries a KerberosEndpoint will conduct. The default is 3. |
| org.apache.river.jeri.kerberos .KerberosServerEndpoint.maxCacheSize | Maximum size of the soft cache, default is 256. |
| org.apache.river.jeri.connection .mux.client.initialInboundRation | initial inbound ration as client, default is 32768 |
| org.apache.river.jeri.connection .mux.server.initialInboundRation | initial inbound ration as server, default is 32768 |
| java.rmi.activation.port | The activation system port, default 1098, used by ServiceStarter |
| org.apache.river.jeri.connectionTimeout | Time in milliseconds to leave idle client-side connections around before closing them. The default value is 15000 milliseconds (15 seconds). |
| org.apache.river.jeri.handshakeTimeout | Time in milliseconds for client-side connections to wait for the server to acknowledge an opening handshake. The default value is 15000 milliseconds (15 seconds). |
| org.apache.river.jeri.ssl .maxClientSessionDuration | The maximum time a client session should be used before expiring -- non-final to facilitate testing. Use 23.5 hours (in milliseconds) as the default to allow the client to negotiate a new session before the server timeout, which defaults to 24 hours. |
| org.apache.river.jeri.ssl .maxServerSessionDuration | The maximum time a session should be used before expiring -- non-final to facilitate testing. Use 24 hours (in milliseconds) to allow the client, which uses 23.5 hours, to renegotiate a new session before the server timeout. |
| org.apache.river.jeri.dgc.leaseValue | lease duration to request (usually ignored by server), and duration of DGC leases granted by this runtime, default 600000 ( 10 minutes specified in milliseconds). |
| org.apache.river.jeri.dgc.cleanInterval | maximum interval between retries of failed clean calls, default 180000 (3 minutes specified in milliseconds) |
| org.apache.river.jeri.dgc.minimumDuration | minimum lease duration that we bother to honor, default 5000 (5 seconds) |
| org.apache.river.jeri.dgc.checkInterval | period of checking for DGC lease expiration, default 300000 (5 minutes) |
| org.apache.river.jeri.ssl .trustManagerFactoryAlgorithm | The trust manager factory algorithm, TrustManagerFactory default algorithm |
| org.apache.river.jeri.ssl.cipherSuites | The cipher suites specified by the user, or null if not specified. |
| org.apache.river.jeri.ssl.sslProtocol | The secure socket protocol used with JSSE, default: TLSv1.2 |
| net.jini.loader.codebaseAnnotation | Revert SecureClassLoader's CodeSource cache to use URL.equals(java.lang.Object) and URL.hashCode(), when set to URL. |
| java.rmi.server.codebase | codebase annotation for proxy classes. |
| net.jini.loader.ClassLoading.provider | Default: net.jini.loader.pref.PreferredClassProvider, however this should be set to net.jini.loader.pref.RequireDlPermProvider in order to enforce DownloadPermission. |
| java.rmi.server.RMIClassLoaderSpi | Default: net.jini.loader.pref.PreferredClassProvider, however this should be set to net.jini.loader.pref.RequireDlPermProvider in order to enforce DownloadPermission. |
| java.security.policy | This property should be set to: -Djava.security.policy=net.jini.security.policy.DynamicPolicyProvider |
| net.jini.security.policy .DynamicPolicyProvider.basePolicyClass | This property is set to "org.apache.river.api.security.ConcurrentPolicyFile" by default. |
| net.jini.security.policy .DynamicPolicyProvider.revocation | This property is interpreted as a boolean value and is true by default. This allows PermissionGrant's to be used in Dynamic grants, this is required to dynamically grant DownloadPermission and DeSerializationPermission prior to performing a codebase download. PermissionGrant's can be implemented to expire, or be revoked. |
| net.jini.security.policy .PolicyFileProvider.basePolicyClass | This property, by default is set to "org.apache.river.api.security.ConcurrentPolicyFile" |
| org.apache.river.discovery .x500.trustStore | The location of the file to load the keystore from can be specified (in order of precedence) by the org.apache.river.discovery.x500.trustStore and javax.net.ssl.trustStore system properties; if no location is specified, then the cacerts file in the lib/security subdirectory of the JDK installation directory is used. If specified, the location is treated as a URL. If no protocol is specified in the URL or it is an unknown protocol, then, the location is treated as a file name. |
| javax.net.ssl.trustStore | See above. |
| org.apache.river.discovery .x500.trustStorePassword | Depending on which system property is used to specify the keystore location, the org.apache.river.discovery.x500.trustStoreType and org.apache.river.discovery.x500.trustStorePassword or javax.net.ssl.trustStoreType and javax.net.ssl.trustStorePassword system properties can be used to specify the type of the keystore and the password to use when loading it. If no keystore type is specified, then the type returned by KeyStore.getDefaultType() is used; if no password is specified, then no password is used when loading the keystore. |
| javax.net.ssl.trustStorePassword | See above. |
| org.apache.river.discovery .x500.trustStoreType | See KeyStore Types |
| javax.net.ssl.trustStoreType | See above. |
| org.apache.river.discovery .x500.ldapCertStores | In addition to the above, if the org.apache.river.discovery.x500.ldapCertStores system property is set, its value is interpreted as a comma-separated list of "host[:port]" elements which are used to obtain references to LDAP-based CertStore instances. |
| java.util.logging.config.file | The logging configuration file is specified by the java.util.logging.config.file system property (which is sampled at every probe), if defined, otherwise it is the logging.properties file in the lib subdirectory of the directory specified by the java.home system property. |
| java.util.logging.manager | Use org.apache.river.logging.LogManager class as the value of the java.util.logging.manager system property to permit specifying the symbolic names for the FAILED and HANDLED logging levels in standard logging configuration files, or to allow changes to the logging configuration file to be noticed. |
| org.apache.river.logging.interval | The org.apache.river.logging.interval logging property (obtained using java.util.logging.LogManager.getProperty) specifies the time interval in milliseconds between probes to see if the logging configuration file has changed; periodic checking only takes place if the value is greater than zero. (If a new logging configuration file is read, this property can be redefined.) |
| org.apache.river.outrigger .maxServerQueryTimeout | Value (as a long) of the org.apache.river.outrigger.maxServerQueryTimeout property in this VM, or a non-positive number if it is not set. Set maxServerQueryTimeout in SpaceProxy2, based on the values of the server's maxServerQueryTimeout and maxServerQueryTimeout system property. If the org.apache.river.outrigger.maxServerQueryTimeout property was set in this VM, override the value set by the server when SpaceProxy2 was created. |
| org.apache.river.jeri.http .idleConnectionTimeout | The number of milliseconds to retain idle client-side HTTP connections before closing them. The default is 15000. See JERI http endpoints |
| org.apache.river.jeri.http .idleServerConnectionTimeout | The number of milliseconds to retain idle server-side HTTP connections before closing them. The default is the idle client-side connection timeout (as specified by the org.apache.river.jeri.http.idleConnectionTimeout system property) plus 10000. See JERI http endpoints |
| org.apache.river.jeri.http .responseAckTimeout | The number of milliseconds to wait for acknowledgments from {@link net.jini.io.context.AcknowledgmentSource} instances. The default is 15000. See JERI http endpoints |
| org.apache.river.jeri.http .disableProxyPersistentConnections | If the value is case-insensitive equal to true, client-side connections through the HTTP proxy are not reused across requests; otherwise, persistent connections are maintained and reused if possible. See JERI http endpoints |
| org.apache.river.jeri.http .pingProxyConnections | If the value is case-insensitive equal to true, then if an HTTP proxy is being used, ping the server endpoint to verify whether it is alive and reachable. The ping occurs before the first request and before each subsequent request which follows the expiration of the ping proxy timeout period (below) following the previous ping. When using an HTTP proxy it is often impossible to distinguish between inability to reach the server endpoint (such as because the server process refused a connection by the HTTP proxy) and the lack of response from a delivered request (which might result in an UnmarshalException). The ping increases the likelihood that the inability to reach the server endpoint can be explicitly identified. The default value is false, and no pings are done. See JERI http endpoints |
| org.apache.river.jeri.http .pingProxyConnectionTimeout | The number of milliseconds from the time a server endpoint was last pinged before a ping will precede the next request. The default is Long.MAX_VALUE (essentially meaning, ping only before the first request). See JERI http endpoints |
| org.apache.river.jeri.https .idleConnectionTimeout | The number of milliseconds to retain idle client-side HTTPS connections before closing them. The default is 15000. See JERI https endpoints |
| org.apache.river.jeri.https .idleServerConnectionTimeout | The number of milliseconds to retain idle server-side HTTPS connections before closing them. The default is the idle client-side connection timeout (as specified by the org.apache.river.jeri.https.idleConnectionTimeout system property) plus 30000. See JERI https endpoints |
| org.apache.river.jeri.https .responseAckTimeout | The number of milliseconds to wait for acknowledgments from {@link net.jini.io.context.AcknowledgmentSource} instances, or to keep track of acknowledgements that have not yet been sent. The default is 15000. See JERI https endpoints |
| org.apache.river.jeri.https .pingProxyConnections | If the value is case-insensitive equal to true, then if an HTTP proxy is being used, ping the server endpoint to verify whether it is alive and reachable. The ping occurs before the first request and before each subsequent request which follows the expiration of the ping proxy timeout period (below) following the previous ping. When using an HTTP proxy it is often impossible to distinguish between inability to reach the server endpoint (such as because the server process refused a connection by the HTTP proxy) and the lack of response from a delivered request (which might result in an UnmarshalException). The ping increases the likelihood that the inability to reach the server endpoint can be explicitly identified. The default value is false, and no pings are done. See JERI https endpoints |
| org.apache.river.jeri.https .pingProxyConnectionTimeout | The number of milliseconds from the time a server endpoint was last pinged before a ping will precede the next request. The default is Long.MAX_VALUE (essentially meaning, ping only before the first request). See JERI https endpoints |
| https.proxyHost | The host name for the secure proxy server. The default is to use no proxy server. See JERI https endpoints |
| https.proxyPort | The port for the secure proxy server. The default is 443. See JERI https endpoints |
| http.nonProxyHosts | The names of hosts for which direct connections should be made rather than using the proxy server. Each host name may contain '*' wildcard characters in any position to match zero or more of any characters within the name. Multiple host names may be specified by separating the names with '|' characters. The default is for all connections to use the proxy server if one is specified. See JERI https endpoints and JERI http endpoints. |
| http.proxyHost | if specified, the value of this property is interpreted as the host name of the HTTP proxy to use. If http.proxyHost is not specified, then the proxyHost system property is consulted as a fallback; if it is not specified either, then HTTP proxying is disabled (i.e., all HTTP messages are sent directly to the target host of the given HttpEndpoint). See JERI http endpoints. |
| http.proxyPort | if http.proxyHost or proxyHost is set, then the (integer) value of http.proxyPort system property is used as the port number on which to connect to the HTTP proxy; if unspecified, then the proxyPort property is consulted as a fallback. If neither http.proxyPort nor proxyPort is specified (but http.proxyHost or proxyHost is), then the HTTP proxy port number defaults to 80. See JERI http endpoints. |
| The values of the system properties above are resampled for each new outbound HTTP message. |