sun.net.inetaddr.ttl 属性导致 AccessControlException
我们在 Tomcat 托管的 Web 应用程序中使用 ReCaptchas。最近,我们遇到了一些与 ReCaptcha 校准服务器的连接问题,我们研究的一件事是按照 ReCaptcha Wiki 中的建议对 DNS 条目解析设置超时:http://wiki.recaptcha.net/index.php/Overview#Important:_DNS_Caching
添加 sun.net.inetaddr.ttl 后属性(将其设置为 5 分钟开始)现在,当尝试验证验证码时,我们总是会收到 AccessControlException 。
java.security.AccessControlException: access denied (java.net.SocketPermission api-verify.recaptcha.net:80 connect,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:233)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.http.HttpClient.New(HttpClient.java:323)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:860)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:801)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:726)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at net.tanesha.recaptcha.http.SimpleHttpLoader.httpPost(SimpleHttpLoader.java:66)
at net.tanesha.recaptcha.ReCaptchaImpl.checkAnswer(ReCaptchaImpl.java:61)
以下是我们正在使用的 catalina.policy 的摘录:
permission java.net.SocketPermission "*", "resolve";
permission java.net.SocketPermission "api-verify.recaptcha.net:80", "connect,resolve";
现在,我不希望 ReCaptcha 服务器的 DNS 条目发生很大变化(或根本没有变化),但必须重新启动服务器如果发生这种情况也不是一件好事。有什么想法导致这种行为吗?
We're using ReCaptchas in a Tomcat hosted web app. Recently we had a few connectivity issues to the ReCaptcha calidation servers and one thing that we looked into was to put a timeout on the DNS entry resolution as suggested in the ReCaptcha Wiki: http://wiki.recaptcha.net/index.php/Overview#Important:_DNS_Caching
After adding the sun.net.inetaddr.ttl property (set it to 5 mins for a start) we now always get an AccessControlException when trying to validata the captcha.
java.security.AccessControlException: access denied (java.net.SocketPermission api-verify.recaptcha.net:80 connect,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:233)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.http.HttpClient.New(HttpClient.java:323)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:860)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:801)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:726)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at net.tanesha.recaptcha.http.SimpleHttpLoader.httpPost(SimpleHttpLoader.java:66)
at net.tanesha.recaptcha.ReCaptchaImpl.checkAnswer(ReCaptchaImpl.java:61)
Here's an extract of the catalina.policy that we"re using:
permission java.net.SocketPermission "*", "resolve";
permission java.net.SocketPermission "api-verify.recaptcha.net:80", "connect,resolve";
Now, I don't expect the DNS entry of the ReCaptcha servers to change a lot (or at all), but having to reboot the server if it happens is not a good thing either. Any ideas what's causing this behaviour?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论