I've been getting some strange results with sites hosted by a specific provider. For all other sites, the security manager asks for permission nearly instantaneously, but for sites hosted by blacklotus (a DDOS migitation provider), it almost seems as though there's a blocking I/O method. For your convenience, I'll paste the (decompiled) source of the internal oracle class that I feel is part of the key to understanding this followed by a SSCCE that should illustrate the problem.
I can't seem to find a crossdomain.xml file on blacklotus.net's root, so I am half guessing that this is where the issue is stemming from. I have, however, uploaded such a file to a server running on blacklotus's network with the same delay.
Can anyone shed some light on why JWS takes so long to ask permission to connect to blacklotus.net or any other server hosted by them? I've decompiled and stepped through 3 of Oracle's internal jar files, and I'm rather convinced that the issue lies in the cross domain support, but I can't say for 100% sure. Hopefully someone else has had a similar problem and can help me out here!
I've finally tracked down the root cause of this phenomenon by reverse engineering the JRE system libraries with additional debugging information. I was able to trace the cause of the delay down to the native method
It turns out resolving the host in question from its IP address fails for an unknown reason and after timing out, the calling method tries another route to return a valid hostname. I have checked this with several web-based reverse lookup tools and it seems that there is most likely an issue with blacklotus.net (or perhaps a feature to prevent reverse lookups?)
Odds are, the host has an invalid rDNS configuration.
I hope this helps anyone else that encounters an odd-ball case like this. T-minus 36 hours, case closed.