这个问题已经让我摸不着头脑好几天了。对于某个网络上的站点(恰好是 DDOS 迁移提供商),与其他站点相比,安全管理 checkConnect 调用似乎需要非常非常长的时间。
该网络上的站点是否可以通过任何方式破坏安全管理器的访问检查?是否有我不知道的配置?我会(更多)疯狂吗?
这是一个测试用例,演示...
package com.test;
import java.net.Socket;
import java.util.ArrayList;
import java.util.List;
public class SSCCE
{
static class StatCounter
{
boolean security;
String host;
long avg;
long total;
int iterations;
StatCounter(String host)
{
this.host = host;
}
@Override
public String toString()
{
return host + "\t\titerations (" + iterations + ")\t\tavg (" + avg + ")\t\tsecurity (" + security + ")";
}
void inc(long time)
{
++iterations;
total += time;
}
void avg()
{
avg = total / (long)iterations;
}
void reset()
{
total = 0;
iterations = 0;
}
}
static String[] hosts = new String[]
{
"google.com",
"youtube.com",
"oracle.com",
"random.org",
"phpbb.com",
"staminus.net",
// MUCH Higher Latency with site below (only with security manager enabled?)
"blacklotus.net"
};
public static void main(String[] argv) throws Throwable
{
int iterations = Integer.parseInt(argv[0]);
List<StatCounter> counters = new ArrayList<StatCounter>(hosts.length);
for(String host : hosts)
{
counters.add(new StatCounter(host));
}
System.out.println("Running Without Security");
for(int i = 0; i < iterations; ++i)
{
for(StatCounter counter : counters)
{
long then = System.currentTimeMillis();
new Socket(counter.host, 80).close();
counter.inc(System.currentTimeMillis() - then);
}
}
for(StatCounter counter : counters)
{
counter.avg();
System.out.println(counter);
counter.reset();
counter.security = true;
}
System.setProperty("java.security.policy", "sscce.policy");
System.setSecurityManager(new SecurityManager());
System.out.println("\n\nRunning With Security");
for(int i = 0; i < iterations; ++i)
{
for(StatCounter counter : counters)
{
long then = System.currentTimeMillis();
new Socket(counter.host, 80).close();
counter.inc(System.currentTimeMillis() - then);
}
}
for(StatCounter counter : counters)
{
counter.avg();
System.out.println(counter);
}
}
}
政策文件
grant
{
permission java.net.SocketPermission "google.com:80", "connect";
permission java.net.SocketPermission "youtube.com:80", "connect";
permission java.net.SocketPermission "oracle.com:80", "connect";
permission java.net.SocketPermission "random.org:80", "connect";
permission java.net.SocketPermission "phpbb.com:80", "connect";
permission java.net.SocketPermission "staminus.net:80", "connect";
permission java.net.SocketPermission "blacklotus.net:80", "connect";
};
使用 java com.test.SSCCE 运行
示例输出
Running Without Security
google.com iterations (4) avg (65) security (false)
youtube.com iterations (4) avg (61) security (false)
oracle.com iterations (4) avg (104) security (false)
random.org iterations (4) avg (101) security (false)
phpbb.com iterations (4) avg (143) security (false)
staminus.net iterations (4) avg (137) security (false)
blacklotus.net iterations (4) avg (137) security (false)
Running With Security
google.com iterations (4) avg (261) security (true)
youtube.com iterations (4) avg (64) security (true)
oracle.com iterations (4) avg (103) security (true)
random.org iterations (4) avg (100) security (true)
phpbb.com iterations (4) avg (882) security (true)
staminus.net iterations (4) avg (303) security (true)
blacklotus.net iterations (4) avg (4669) security (true)
我真的很感激任何意见,谢谢。
- 控制台输出 java.security.debug=all http://pastebin.com/wNcAhSy2
据我所知,一切看起来都不错(除了看似网络延迟!)