Multiple Hosts and Security.

Juriy · September 5, 2008, 11:48am

Hello everybody.

I’ve got a little problem running my applet. The reason is: there are several host names registered to a single IP.

So, let’s say I’ve got an IP: 77.120.97.100 and there are two hostnames: a.com and b.com. If you’re typing http://77.120.97.100 in your browser you’ll come to a.com
My applet’s codebase is in b.com. So here’s the problem: when I try to connect from my applet to http://b.com:80/script.php it resolves ip address and goes to a.com, and then denies the connection because codebase is in fact from different host.

Any suggestions how to solve this issue?

Riven · September 5, 2008, 1:04pm

Are you sure it resolves to a.com? Or did it just fail with ‘some’ AccessControlException ?

What is the tracktrace?

Does it work in IE, does it work in FF ?

There are bugs in the FF Java plugin that cause AccessControlExceptions… so be sure to try it in IE.

I have applets on a server with multiple hosts, and it works just fine for me.

Juriy · September 8, 2008, 6:33am

[quote]Are you sure it resolves to a.com? Or did it just fail with ‘some’ AccessControlException ?
[/quote]
Well, I’m not sure. It just resolves IP and then fails with AccessControlException.

[quote]What is the tracktrace?
[/quote]

java.security.AccessControlException: access denied (java.net.SocketPermission 77.120.97.138:80 connect,resolve)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkConnect(Unknown Source)
	at java.net.Socket.connect(Unknown Source)
	at java.net.Socket.connect(Unknown Source)
	at java.net.Socket.<init>(Unknown Source)
	at java.net.Socket.<init>(Unknown Source)
	at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80)
	at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122)
	at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
	at TestHttp1.testHttp(TestHttp1.java:49)
	at TestHttp1.init(TestHttp1.java:31)
	at sun.applet.AppletPanel.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)

It fails in both IE and FF. Could it be due to firewall settings. I’m behind pretty “paranoid” proxy.

Riven · September 8, 2008, 2:27pm

Ensure “www.b.com” is in your browser addressbar (not “www.b.com:80”, not “77.120.97.100:80”)


public class MyApplet extends Applet
{
   public void init()
   {
      try
      {
         new Socket("www.b.com", 80);
         System.out.println("connected!");
      }
      catch(IOException exc)
      {
         exc.printStacktrace();
      }
   }
}

Test without Apache commons. You don’t know what it does under the hood…

blahblahblahh · September 9, 2008, 12:37am

No, this is not a problem. You’ve misunderstood how DNS works, and how applet security works.

No, if you type that IP address you will go to that IP address, you will NEVER go to a textual name (FQDN or etc).

If you type in a textual name, you WILL go to the corresponding IP address, BUT you will also tell the webserver which textual name you typed in, and (if it’s a modern webserver, and a normal one) it will serve you appropriate content. This is a “feature” of HTTP version 1.1. Old servers, and simple ones, may only support version 1.0, in which case they won’t necessarily know (there are ways they could know, but they probably won’t).

The a/b situation you describe cannot cause problems with the applet security.

Juriy · September 9, 2008, 8:43am

blahblahblahh, you’re right. Absolutely. Now I get it.

[quote]Test without Apache commons. You don’t know what it does under the hood…
[/quote]
True! That’s the reason! But instead of new Socket(“www.b.com”, 80) you should use


url = new URL("http://b.com");
URLConnection conn = url.openConnection();

Oh… That’s really strange. Thanks for help guys!

Moderators, could you please delete http://www.java-gaming.org/index.php/topic,19181.0.html I thought they’re not related but they are.

Riven · September 9, 2008, 12:26pm

Well, when you run into problems, it’s best to simplify the testcase.

new Socket(hostname, port) is the simplest way to create a TCP connection

that why I didn’t advice you to use URLConnection, because it does other things un the hood, like caching.