SocketPermission's implies() interesting behavior

Charles Lee littlee at linux.vnet.ibm.com
Sun Feb 20 18:36:09 PST 2011 

On 02/19/2011 12:20 AM, Chris Hegarty wrote:
> [ bcc'ing off core-libs-dev and cc'ing (more appropriate) net-dev ]
>
> Hi Charles,
>
> I'm not sure I follow you here. I would not expect '*.java.net' to
> imply 'java.net'. I would however expect it to imply sub domains of
> java.net, i.e. openjdk.java.net
>
> -Chris.
>
> On 17/02/2011 09:19, Charles Lee wrote:
>> Hi guys,
>>
>> I am reading the SocketPermission source code recently and find some
>> thing strange. Below is a simple test case to describe the strange
>> thing:
>>
>> SocketPermission star_All = new SocketPermission("*.java.net",
>> "listen,accept,connect");
>> SocketPermission www_All = new SocketPermission("java.net",
>> "listen,accept,connect");
>> System.out.println(star_All.implies(www_All));
>>
>> star_All = new SocketPermission("java.net", "listen,accept,connect");
>> www_All = new SocketPermission("java.net", "listen,accept,connect");
>> System.out.println(star_All.implies(www_All));
>>
>> Return is false and true.
>>
>> The reason is:
>> SocketPermission treat wildcard special. If the initial string has a
>> wildcard, the cname comes from the substring. For example, the cname of
>> "*.java.net" is ".java.net". (Why the first dot remains?)
>> In my initial idea, "*.java.net" should imply "java.net". Any idea about
>> it?
>>
>> More interestingly, I add "localhost.localdomain" and "mytest" pointing
>> to the "127.0.0.1" in the /etc/hosts (Ubuntu) and rewrite the test
>> case to:
>>
>> SocketPermission star_All = new
>> SocketPermission("localhost.localdomain", "listen,accept,connect");
>> SocketPermission www_All = new SocketPermission("mytest",
>> "listen,accept,connect");
>> System.out.println(star_All.implies(www_All));
>>
>> Return is true.
>>
>> If on a multi-host machine, is it reasonable?
>>
>> By the way, I am curious about the reason why SocketPermission does not
>> use the initial string as its cname, for example:
>>
>> SocketPermission star_All = new SocketPermission("*.blabla.bla",
>> "listen,accept,connect");
>> SocketPermission www_All = new SocketPermission("bla.blabla.bla",
>> "listen,accept,connect");
>> System.out.println(star_All.implies(www_All));
>>
>> In the above test case, the two permission looks similiar. If using the
>> initial string, I expect the return should be true. But it return false,
>> because of the UnknowHostException. Any idea about this?
Thanks Chris. You have answer my first question. I have noticed that IP 
is important when we try to judge the imply. So it comes my other questions:
1. What if the machine is multihost? Two different domains may have the 
same IP. (localhost.localdomain vs mytest)
2. What if the domain name can not be got from the dns? (*.blabla.bla vs 
bla.blabla.bla)

More information about the net-dev mailing list