Skip to main content

A question about SocketPermissions

Posted by joshy on September 20, 2007 at 10:44 AM PDT

I'm going to abuse my celebrity and world renowned fame today (world renowned means the 5 mile radius around my house, right?). I have a technical question to ask my wonderful audience of readers (who are all beautiful, smart, and above average). I've looked through the Javadocs and some tutorials without understanding a few details, so here goes.

How do SocketPermissions imply each other?

Some background. I have code which opens a connection to a URL. When the connection is opened I am using security managers to catch it and approve certain URLs and deny others. The user should be able to specify at init or on the fly what URLs they want to approve using a dialog box. The security manager is getting requests for SocketPermissions like this: www.yahoo.com connect,resolve. So far so good.

The problem is that opening the URL actually produces multiple requests. For example yahoo.com will request yahoo.com, www.yahoo.com, yahoo.com:80, www.yahoo.com:80, 192.168.1.1 and 192.168.1.1:80. (or whatever the ip address for yahoo really is). That's all fine and dandy, except that I don't want to have to ask the user multiple times for permission. They should be able to say: Allow yahoo.com and all other requests should be allowed from that. So how can I do this?

I have looked at the docs for SocketPermission.implies() and run a few tests. It seems that foo.com implies foo.com:80, but not the reverse. And the ip address does not imply the domain and vice versa. So how can I do approve a full URL connection to foo.com without bombarding the user with requests?

Thanks guys. I know my readership is smart and talented enough to answer this question with one hand tied behind their backs, hanging upside down, over a lake of fire, and with a mouth full of peanut butter. :)