2

由于两种不同的身份验证方法,我有使用 2 个主机名的 Web 服务器(IBM Domino)。两者都服务于包含将图像上传到 servlet 的 Java 小程序的相同应用程序。

问题是对于一个主机名,即使响应返回到同一台服务器,它也需要 crossdomain.xml。以下是来自 Java 控制台的日志

security: Certificate has been verified with Internet Explorer ROOT certificates successfully
security: Valid certificate from HTTPS server
security: Adding certificate in Deployment session certificate store
security: Added certificate in Deployment session certificate store
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
network: Connecting https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar with cookie "SessionID=DICYCB6XKY; LtpaToken=AAECAzUxQzgzMjJDNTFDOTgzQUNDTj1Ob3RlcyBEZXNpZ24vTz1QTUIvQz1DWi2qxrRR+Cf/ZLIyNcL5C2MYFyO/"
network: ResponseCode for https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar : 304
network: Encoding for https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar : null
network: Disconnect connection to https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar
cache: Reading Signers from 4633 https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar | C:\Documents and Settings\exmartin\Data aplikací\Sun\Java\Deployment\cache\6.0\32\4961f60-2fd2a536.idx
cache:  Read manifest for https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar: read=241 full=241
basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
security: Loading Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loading Deployment certificates from C:\Documents and Settings\exmartin\Data aplikací\Sun\Java\Deployment\security\trusted.certs
security: Loaded Deployment certificates from C:\Documents and Settings\exmartin\Data aplikací\Sun\Java\Deployment\security\trusted.certs
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Loading certificates from Internet Explorer TrustedPublisher certificate store
security: Loaded certificates from Internet Explorer TrustedPublisher certificate store
security: Validate the certificate chain using CertPath API
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: No timestamping info available
security: Found jurisdiction list file
security: Start checking trusted extension for this certificate
security: Start comparing to jurisdiction list with this certificate
security: The CRL support is disabled
security: The OCSP support is disabled
security: This OCSP End Entity validation is disabled
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment permanent certificate store
basic: Applet loaded.s
basic: Applet resized and added to parent container
basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 263251 us, pluginInit dt 4145344 us, TotalTime: 4408595 us
basic: Applet initialized
basic: Removed progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1dff3a2
basic: Applet made visible
basic: Starting applet
basic: completed perf rollup
basic: Applet started
basic: Told clients applet is started
SERVERhttp://v8lnprox1-sso.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DPMB/C%3DCZ
class java.io.InputStream
1
2
3
4
5
network: Connecting http://v8lnprox1-sso.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DXXX/C%3DCZ with proxy=DIRECT
network: Cache entry not found [url: http://172.27.40.228/crossdomain.xml, version: null]
network: Connecting http://172.27.40.228/crossdomain.xml with proxy=DIRECT
network: Connecting http://172.27.40.228:80/ with proxy=DIRECT

如果我添加 crossdomain.xml 文件,它可以正常工作,但我认为它不应该是必需的。

对于这两个主机名,即使应用程序通过 https 运行,我们也会将数据发布到 http 地址,因为过去我们在 applet 和 https 上遇到过问题。

从第二个主机名中剥离的版本在没有 crossdomain.xml 的情况下可以正常工作

network: Connecting https://v8lnprox1.pradny.com/lwf/hd.nsf/test.jar with cookie "SessionID=DICYID8LJR; DomAuthSessId=DC524501EBA6503AB01FC5C61D8DA887"
network: CleanupThread used 3 us
network: Downloading resource: https://v8lnprox1.pradny.com/lwf/hd.nsf/test.jar
    Content-Length: 7 630
    Content-Encoding: null
network: Wrote URL https://v8lnprox1.pradny.com/lwf/hd.nsf/test.jar to File C:\Documents and Settings\exmartin\Data aplikací\Sun\Java\Deployment\cache\6.0\19\537eb3d3-1edda6c2-temp


SERVERhttp://v8lnprox1.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DPMB/C%3DCZ
class java.io.InputStream
1
2
3
4
5
network: Connecting http://v8lnprox1.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DXXX/C%3DCZ with proxy=DIRECT
network: Connecting http://v8lnprox1.pradny.com:80/ with proxy=DIRECT
6
network: Connecting http://v8lnprox1.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DXXX/C%3DCZ with cookie "SessionID=DICYID8LJR; DomAuthSessId=DC524501EBA6503AB01FC5C61D8DA887"
7
Nacteno bytu: 527412

知道什么会导致差异吗?(在 Java 1.6u34 上测试)

4

1 回答 1

0

java 6 update 22的发行说明说:

CVE-2010-3560

CVE-2010-3560 的修复可能会导致在新 Java 插件中运行的某些 Java 小程序停止工作,如果它们嵌入包含调用 Java以执行需要网络安全权限的操作的JavaScript的网页中。在某些情况下,如果解析原始网页 URL 主机名的名称服务未返回匹配的名称作为反向地址查找的结果,这些小程序可能会因网络安全异常而失败。[...]

可能是插件对原始服务器的 IP 地址进行了反向查找,发现了不同的主机名,因此确定它是跨域请求?

于 2014-01-14T21:50:36.593 回答