There are a few standard system properties used toalter the mechanisms and behavior of the various classes of thejava.net package. Some are checked only once at startup of the VM,and therefore are best set using the -D option of the java command,while others have a more dynamic nature and can also be changed usingtheSystem.setProperty() API. The purpose of this document is to listand detail all of these properties.
If there is no special note, a property value is checked every time it is used.
java.net.preferIPv4Stack (default: false)
If IPv6 is available on the operating system theunderlying native socket will be, by default, an IPv6 socket whichlets applications connect to, and accept connections from, bothIPv4 and IPv6 hosts. However, in the case an application wouldrather use IPv4 only sockets, then this property can be set totrue.The implication is that it will not be possible for the applicationto communicate with IPv6 only hosts.
java.net.preferIPv6Addresses (default: false)
When dealing with a host which has both IPv4and IPv6 addresses, and if IPv6 is available on the operatingsystem, the default behavior is to prefer using IPv4 addresses overIPv6 ones. This is to ensure backward compatibility, for exampleapplications that depend on the representation of an IPv4 address(e.g. 192.168.1.1). This property can be set totrue tochange that preference and use IPv6 addresses over IPv4 ones wherepossible.
Both of these properties are checked only once, at startup.
A proxy server allows indirect connection to network services andis used mainly for security (to get through firewalls) andperformance reasons (proxies often do provide caching mechanisms).The following properties allow for configuration of the various typeof proxies.
HTTP
The following proxy settings are used by the HTTP protocol handler.
http.proxyHost (default: <none>)
The hostname, or address, of the proxy server
http.proxyPort (default: 80)
The port number of the proxy server.
http.nonProxyHosts (default: localhost|127.*|[::1])
Indicates the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The value of this property is a list of hosts,separated by the '|' character. In addition the wildcard character '*' can be used for pattern matching. For example-Dhttp.nonProxyHosts=”*.foo.com|localhost”will indicate that every hosts in the foo.com domain and thelocalhost should be accessed directly even if a proxy server isspecified.
The default value excludes all common variations of the loopback address.
HTTPS
This is HTTP over SSL, a secure version of HTTPmainly used when confidentiality (like on payment sites) is needed.
The following proxy settings are used by the HTTPS protocol handler.
https.proxyHost(default: <none>)
The hostname, or address, of the proxy server
https.proxyPort (default: 443)
The port number of the proxy server.
The HTTPS protocol handler will use the same nonProxyHostsproperty as the HTTP protocol.
FTP
The following proxy settings are used by the FTP protocol handler.
ftp.proxyHost(default: <none>)
The hostname, or address, of the proxy server
ftp.proxyPort (default: 80)
The port number of the proxy server.
ftp.nonProxyHosts (default: localhost|127.*|[::1])
Indicates the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The value of this property is a list of hosts, separated by the '|' character. In addition the wildcard character'*' can be used for pattern matching. For example-Dhttp.nonProxyHosts=”*.foo.com|localhost”will indicate that every hosts in the foo.com domain and thelocalhost should be accessed directly even if a proxy server isspecified.
The default value excludes all common variations of the loopback address.
SOCKS
This is another type of proxy. It allows for lowerlevel type of tunneling since it works at the TCP level. In effect,in the Java(tm) platform setting a SOCKS proxy server will result inall TCP connections to go through that proxy, unless other proxiesare specified. If SOCKS is supported by a Java SE implementation, thefollowing properties will be used:
socksProxyHost (default: <none>)
The hostname, or address, of the proxy server.
socksProxyPort (default: 1080)
The port number of the proxy server.
socksProxyVersion (default: 5)
The version of the SOCKS protocol supported by the server. The default is5 indicating SOCKS V5, alternatively4 can be specified for SOCKS V4. Setting the property to values other than these leads to unspecified behavior.
java.net.socks.username (default: <none>)
Username to use if the SOCKSv5 server asks for authentication and no java.net.Authenticator instance was found.
java.net.socks.password (default: <none>)
Password to use if the SOCKSv5 server asks for authentication and no java.net.Authenticator instance was found.
Note that if no authentication is provided with either the aboveproperties or an Authenticator, and the proxy requires one, thentheuser.name property will be used with no password.
java.net.useSystemProxies (default: false)
On recent Windows systems and on Gnome 2.x systems it is possible totell the java.net stack, setting this property totrue, to usethe system proxy settings (boththese systems let you set proxiesglobally through their user interface). Note that this property ischecked only once at startup.
http.agent (default: “Java/<version>”)
Defines the string sent in the User-Agent request header in httprequests. Note that the string “Java/<version>” willbe appended to the one provided in the property (e.g. if -Dhttp.agent=”foobar” is used, the User-Agent header willcontain “foobar Java/1.5.0” if the version of the VM is1.5.0). This property is checked only once at startup.
http.keepalive (default: true)
Indicates if persistent connections should be supported. They improveperformance by allowing the underlying socket connection to be reusedfor multiple http requests. If this is set to true then persistentconnections will be requested with HTTP 1.1 servers.
http.maxConnections (default: 5)
If HTTP keepalive is enabled (see above) this value determines themaximum number of idle connections that will be simultaneously keptalive, per destination.
http.maxRedirects (default: 20)
This integer value determines the maximum number, for a given request,of HTTP redirects that will be automatically followed by theprotocol handler.
http.auth.digest.validateServer (default: false)
http.auth.digest.validateProxy (default: false)
http.auth.digest.cnonceRepeat (default: 5)
These 3 properties modify the behavior of the HTTP digestauthentication mechanism. Digest authentication provides a limitedability for the server to authenticate itself to the client (i.e.By proving it knows the user's password). However not all HTTPservers support this capability and by default it is turned off. Thefirst two properties can be set to true to enforce this check forauthentication with either an origin or proxy server, respectively.
It is usually not necessary to change the third property. Itdetermines how many times a cnonce value is re-used. This can beuseful when the MD5-sess algorithm is being used. Increasing thisvalue reduces the computational overhead on both client and serverby reducing the amount of material that has to be hashed for eachHTTP request.
http.auth.ntlm.domain (default: <none>)
NTLM is another authentication scheme. It uses thejava.net.Authenticator class to acquire usernames and passwords whenthey are needed. However NTLM also needs the NT domain name. There are3 options for specifying that domain:
Do not specify it. In some environments the domain is actually not required and the application does not have to specify it.
The domain name can be encoded within the username by prefixing the domain name, followed by a back-slash '\' before the username. With this method existing applications that use the authenticator class do not need to be modified, as long as users are made aware that this notation must be used.
If a domain name is not specified as in method 2) and these property is defined, then its value will be used a the domain name.
All these properties are checked only once at startup.
The java.net package, when doing name resolution, uses an addresscache for both security and performance reasons. Any addressresolution attempt, be it forward (name to IP address) or reverse (IPaddress to name), will have its result cached, whether it wassuccessful or not, so that subsequent identical requests will nothave to access the naming service. These properties allow for sometuning on how the cache is operating.
networkaddress.cache.ttl (default: see below)
Value is an integer corresponding to the number of seconds successfulname lookups will be kept in the cache. A value of -1, or any othernegative value for that matter,indicates a “cache forever”policy, while a value of 0 (zero) means no caching. The default valueis -1 (forever) if a security manager is installed, and implementationspecific when no security manager is installed.
networkaddress.cache.negative.ttl(default: 10)
Value is an integer corresponding to the number of seconds anunsuccessful name lookup will be kept in the cache. A value of -1,or any negative value, means “cache forever”, while avalue of 0 (zero) means no caching.
Since these 2 properties are part of the security policy, they arenot set by either the -D option or the System.setProperty() API,instead they are set in the JRE security policy filelib/security/java.security.