Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8025734

Use literal IP address where possible in SocketPermission generated by HttpURLPermission

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 8
    • 8
    • core-libs
    • None
    • b115
    • generic

      Using a literal IP address (when possible) in the SocketPermission object created from HttpURLPermission in HttpURLConnection would avoid the isUntrusted() logic because the permission check reduces to an IP address comparison. (this.init_with_ip is true)

      Since IP address lookups are cached the check will return quickly.

      In the case of access via proxy:
      a) DNS lookup succeeds. The permission check will be as above since the lookup (of that) is cached

      b) DNS not available (firewall). Literal IP address will not be available. Therefore SocketPermission granted will contain the hostname, and fallsback to current behavior.

      Also using this CR to enable the limited doPrivileged usage in HttpURLPermission

            michaelm Michael McMahon
            michaelm Michael McMahon
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: