aspose file tools*
The moose likes JNLP and Web Start and the fly likes com.sun.javaws.security.JavaWebStartSecurity - Odd SocketPermission behavior Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "com.sun.javaws.security.JavaWebStartSecurity - Odd SocketPermission behavior" Watch "com.sun.javaws.security.JavaWebStartSecurity - Odd SocketPermission behavior" New topic
Author

com.sun.javaws.security.JavaWebStartSecurity - Odd SocketPermission behavior

Luke Leber
Ranch Hand

Joined: Sep 20, 2013
Posts: 41
    
    2

I've been getting some strange results with sites hosted by a specific provider. For all other sites, the security manager asks for permission nearly instantaneously, but for sites hosted by blacklotus (a DDOS migitation provider), it almost seems as though there's a blocking I/O method. For your convenience, I'll paste the (decompiled) source of the internal oracle class that I feel is part of the key to understanding this followed by a SSCCE that should illustrate the problem.



The java class



The JNLP file (note, this uses cross domain policies! Read more at http://www.oracle.com/technetwork/java/javase/plugin2-142482.html#CROSSDOMAINXML )



I can't seem to find a crossdomain.xml file on blacklotus.net's root, so I am half guessing that this is where the issue is stemming from. I have, however, uploaded such a file to a server running on blacklotus's network with the same delay.

Can anyone shed some light on why JWS takes so long to ask permission to connect to blacklotus.net or any other server hosted by them? I've decompiled and stepped through 3 of Oracle's internal jar files, and I'm rather convinced that the issue lies in the cross domain support, but I can't say for 100% sure. Hopefully someone else has had a similar problem and can help me out here!
Luke Leber
Ranch Hand

Joined: Sep 20, 2013
Posts: 41
    
    2

Posting a follow up.

I've finally tracked down the root cause of this phenomenon by reverse engineering the JRE system libraries with additional debugging information. I was able to trace the cause of the delay down to the native method

java.net.Inet4AddressImpl.getHostByAddr([B)Ljava.lang.String

It turns out resolving the host in question from its IP address fails for an unknown reason and after timing out, the calling method tries another route to return a valid hostname. I have checked this with several web-based reverse lookup tools and it seems that there is most likely an issue with blacklotus.net (or perhaps a feature to prevent reverse lookups?)

Odds are, the host has an invalid rDNS configuration.

I hope this helps anyone else that encounters an odd-ball case like this. T-minus 36 hours, case closed.
Martin Vajsar
Sheriff

Joined: Aug 22, 2010
Posts: 3610
    
  60

This one wasn't easy. Thank you for sharing your analysis with us - and have a cow!

And, somewhat belatedly, welcome to the Ranch!
Luke Leber
Ranch Hand

Joined: Sep 20, 2013
Posts: 41
    
    2

Martin Vajsar wrote:This one wasn't easy. Thank you for sharing your analysis with us - and have a cow!

And, somewhat belatedly, welcome to the Ranch!


You can tell that the documentation sucks when you need to recompile the JRE in order to find the answers you need! I'm already regretting this distribution system and it hasn't even launched yet!

I'm not exactly new here (forgotten credentials from long ago), but thanks for the welcome anyhow.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: com.sun.javaws.security.JavaWebStartSecurity - Odd SocketPermission behavior