P3
Using a literal IP address (when possible) in the SocketPermission object created from HttpURLPermission in HttpURLConnection would avoid the isUntrusted() logic because the permission check reduces to an IP address comparison. (this.init_with_ip is true)
Since IP address lookups are cached the check will return quickly.
In the case of access via proxy:
a) DNS lookup succeeds. The permission check will be as above since the lookup (of that) is cached
b) DNS not available (firewall). Literal IP address will not be available. Therefore SocketPermission granted will contain the hostname, and fallsback to current behavior.
Also using this CR to enable the limited doPrivileged usage in HttpURLPermission
Since IP address lookups are cached the check will return quickly.
In the case of access via proxy:
a) DNS lookup succeeds. The permission check will be as above since the lookup (of that) is cached
b) DNS not available (firewall). Literal IP address will not be available. Therefore SocketPermission granted will contain the hostname, and fallsback to current behavior.
Also using this CR to enable the limited doPrivileged usage in HttpURLPermission