• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

com.sun.javaws.security.JavaWebStartSecurity - Odd SocketPermission behavior

 
Ranch Hand
Posts: 69
2
Netbeans IDE C++ Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've been getting some strange results with sites hosted by a specific provider. For all other sites, the security manager asks for permission nearly instantaneously, but for sites hosted by blacklotus (a DDOS migitation provider), it almost seems as though there's a blocking I/O method. For your convenience, I'll paste the (decompiled) source of the internal oracle class that I feel is part of the key to understanding this followed by a SSCCE that should illustrate the problem.



The java class



The JNLP file (note, this uses cross domain policies! Read more at http://www.oracle.com/technetwork/java/javase/plugin2-142482.html#CROSSDOMAINXML )



I can't seem to find a crossdomain.xml file on blacklotus.net's root, so I am half guessing that this is where the issue is stemming from. I have, however, uploaded such a file to a server running on blacklotus's network with the same delay.

Can anyone shed some light on why JWS takes so long to ask permission to connect to blacklotus.net or any other server hosted by them? I've decompiled and stepped through 3 of Oracle's internal jar files, and I'm rather convinced that the issue lies in the cross domain support, but I can't say for 100% sure. Hopefully someone else has had a similar problem and can help me out here!
 
Luke Leber
Ranch Hand
Posts: 69
2
Netbeans IDE C++ Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Posting a follow up.

I've finally tracked down the root cause of this phenomenon by reverse engineering the JRE system libraries with additional debugging information. I was able to trace the cause of the delay down to the native method

java.net.Inet4AddressImpl.getHostByAddr([B)Ljava.lang.String

It turns out resolving the host in question from its IP address fails for an unknown reason and after timing out, the calling method tries another route to return a valid hostname. I have checked this with several web-based reverse lookup tools and it seems that there is most likely an issue with blacklotus.net (or perhaps a feature to prevent reverse lookups?)

Odds are, the host has an invalid rDNS configuration.

I hope this helps anyone else that encounters an odd-ball case like this. T-minus 36 hours, case closed.
 
Sheriff
Posts: 3837
66
Netbeans IDE Oracle Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This one wasn't easy. Thank you for sharing your analysis with us - and have a cow!

And, somewhat belatedly, welcome to the Ranch!
 
Luke Leber
Ranch Hand
Posts: 69
2
Netbeans IDE C++ Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Martin Vajsar wrote:This one wasn't easy. Thank you for sharing your analysis with us - and have a cow!

And, somewhat belatedly, welcome to the Ranch!



You can tell that the documentation sucks when you need to recompile the JRE in order to find the answers you need! I'm already regretting this distribution system and it hasn't even launched yet!

I'm not exactly new here (forgotten credentials from long ago), but thanks for the welcome anyhow.
 
reply
    Bookmark Topic Watch Topic
  • New Topic