O'Reilly logo

Java RMI by William Grosso

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Drawbacks of HTTP Tunneling

HTTP tunneling is often considered a bad idea. There are five major reasons for this:

Security

At its heart, HTTP tunneling involves deliberately circumventing a security mechanism that someone else thought was necessary and worked hard to install. It involves deliberately relaxing the security provisions on a trusted network.

Ordinarily, this isn’t such a big deal. You’re a reasonable person and remote method calls aren’t so big a risk (especially if you use a secure web server to handle the HTTP traffic). However, and this cannot be stressed enough, you should not enable dynamic classloading if your application will use HTTP tunneling. Downloading classes from outside a firewall and executing them inside a firewall constitutes gross negligence. I’d fire anyone who did it.

Bandwidth inefficiency

RMI is already a verbose protocol; it encodes a lot of information in each message request. Taking an RMI message and wrapping it in an HTTP post by inputting the RMI message as the body of the post and then setting five or six message headers just adds insult to injury. Using HTTP tunneling could easily double bandwidth requirements for many remote interfaces. In particular, consider the output of LoggingServletForwardCommand, which simply prints out the HTTP headers from a request.

Connection inefficiency

HTTP tunneling does not support keeping connections open and reusing them. Unlike JRMP, in which sockets may be reused for dozens of method calls, HTTP ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required