SocketPermission's implies() interesting behavior

Chris Hegarty chris.hegarty at oracle.com
Fri Feb 18 16:20:14 UTC 2011 

[ bcc'ing off core-libs-dev and cc'ing (more appropriate) net-dev ]

Hi Charles,

I'm not sure I follow you here. I would not expect '*.java.net' to imply 
'java.net'. I would however expect it to imply sub domains of java.net, 
i.e. openjdk.java.net

-Chris.

On 17/02/2011 09:19, Charles Lee wrote:
> Hi guys,
>
> I am reading the SocketPermission source code recently and find some
> thing strange. Below is a simple test case to describe the strange thing:
>
> SocketPermission star_All = new SocketPermission("*.java.net",
> "listen,accept,connect");
> SocketPermission www_All = new SocketPermission("java.net",
> "listen,accept,connect");
> System.out.println(star_All.implies(www_All));
>
> star_All = new SocketPermission("java.net", "listen,accept,connect");
> www_All = new SocketPermission("java.net", "listen,accept,connect");
> System.out.println(star_All.implies(www_All));
>
> Return is false and true.
>
> The reason is:
> SocketPermission treat wildcard special. If the initial string has a
> wildcard, the cname comes from the substring. For example, the cname of
> "*.java.net" is ".java.net". (Why the first dot remains?)
> In my initial idea, "*.java.net" should imply "java.net". Any idea about
> it?
>
> More interestingly, I add "localhost.localdomain" and "mytest" pointing
> to the "127.0.0.1" in the /etc/hosts (Ubuntu) and rewrite the test case to:
>
> SocketPermission star_All = new
> SocketPermission("localhost.localdomain", "listen,accept,connect");
> SocketPermission www_All = new SocketPermission("mytest",
> "listen,accept,connect");
> System.out.println(star_All.implies(www_All));
>
> Return is true.
>
> If on a multi-host machine, is it reasonable?
>
> By the way, I am curious about the reason why SocketPermission does not
> use the initial string as its cname, for example:
>
> SocketPermission star_All = new SocketPermission("*.blabla.bla",
> "listen,accept,connect");
> SocketPermission www_All = new SocketPermission("bla.blabla.bla",
> "listen,accept,connect");
> System.out.println(star_All.implies(www_All));
>
> In the above test case, the two permission looks similiar. If using the
> initial string, I expect the return should be true. But it return false,
> because of the UnknowHostException. Any idea about this?

More information about the core-libs-dev mailing list