Networking Properties

There are a few standard system properties used to alter the mechanisms and behavior of the various classes of the java.net package. Some are checked only once at startup of the VM, and therefore are best set using the -D option of the java command, while others have a more dynamic nature and can also be changed using the System.setProperty() API. The purpose of this document is to list and detail all of these properties.

If there is no special note, a property value is checked every time it is used.

IPv4 / IPv6

Both of these properties are checked only once, at startup.

Proxies

A proxy server allows indirect connection to network services and is used mainly for security (to get through firewalls) and performance reasons (proxies often do provide caching mechanisms).

Applications may use the ProxySelector.select(URI) method to determine the proxy that should be used for connecting to a given URI.

The following properties are used to configure the JDK default ProxySelector implementation. This is the ProxySelector returned by ProxySelector.getDefault() when no default ProxySelector was installed by ProxySelector.setDefault(ProxySelector)

Misc HTTP URL stream protocol handler properties

All these properties are checked only once at startup.

Address Cache

The java.net package, when doing name resolution, uses an address cache for both security and performance reasons. Any address resolution attempt, be it forward (name to IP address) or reverse (IP address to name), will have its result cached, whether it was successful or not, so that subsequent identical requests will not have to access the naming service. These properties allow for some tuning on how the cache is operating.

Since these 3 properties are part of the security policy, they are not set by either the -D option or the System.setProperty() API, instead they are set as security properties.

Unix domain sockets

Calling ServerSocketChannel.bind with a null address parameter will bind to an automatically assigned socket address. For Unix domain sockets, this means a unique path in some predefined system temporary directory. There are a number of system (and networking) properties that affect this behavior.

Unix domain socket addresses are limited in length to approximately 100 bytes (depending on the platform), it is important to ensure that the temporary directory's name together with the filename used for the socket (currently a name similar to socket_1679697142) does not exceed this limit. The following properties can be used to control the selection of this directory:

More information about the platform specific behavior can be seen in the conf/net.properties configuration file.

Implicit binding of a SocketChannel

If a client socket is connected to a remote destination without calling bind first, then the socket is implicitly bound. In this case, Unix domain sockets are unnamed (ie. their path is empty). This behavior is not affected by any system or networking properties.

Enhanced exception messages

By default, for security reasons, exception messages do not include potentially sensitive security information such as hostnames or Unix domain socket address paths. The following property can be used to relax this restriction, for debugging and other purposes.