Java安全管理器SocketPermission非常慢解析、连接
这件事已经让我挠头好几天了。对于某个网络上的站点(碰巧是DDOS混合提供商),与其他站点相比,安全管理checkConnect调用似乎花费了非常非常长的时间 此网络上的站点是否可以通过安全管理器的访问检查?是否有我不知道的配置?我是不是疯了 下面是一个测试用例,它演示了Java安全管理器SocketPermission非常慢解析、连接,java,security,Java,Security,这件事已经让我挠头好几天了。对于某个网络上的站点(碰巧是DDOS混合提供商),与其他站点相比,安全管理checkConnect调用似乎花费了非常非常长的时间 此网络上的站点是否可以通过安全管理器的访问检查?是否有我不知道的配置?我是不是疯了 下面是一个测试用例,它演示了 package com.test; import java.net.Socket; import java.util.ArrayList; import java.util.List; public class SSCCE
package com.test;
import java.net.Socket;
import java.util.ArrayList;
import java.util.List;
public class SSCCE
{
static class StatCounter
{
boolean security;
String host;
long avg;
long total;
int iterations;
StatCounter(String host)
{
this.host = host;
}
@Override
public String toString()
{
return host + "\t\titerations (" + iterations + ")\t\tavg (" + avg + ")\t\tsecurity (" + security + ")";
}
void inc(long time)
{
++iterations;
total += time;
}
void avg()
{
avg = total / (long)iterations;
}
void reset()
{
total = 0;
iterations = 0;
}
}
static String[] hosts = new String[]
{
"google.com",
"youtube.com",
"oracle.com",
"random.org",
"phpbb.com",
"staminus.net",
// MUCH Higher Latency with site below (only with security manager enabled?)
"blacklotus.net"
};
public static void main(String[] argv) throws Throwable
{
int iterations = Integer.parseInt(argv[0]);
List<StatCounter> counters = new ArrayList<StatCounter>(hosts.length);
for(String host : hosts)
{
counters.add(new StatCounter(host));
}
System.out.println("Running Without Security");
for(int i = 0; i < iterations; ++i)
{
for(StatCounter counter : counters)
{
long then = System.currentTimeMillis();
new Socket(counter.host, 80).close();
counter.inc(System.currentTimeMillis() - then);
}
}
for(StatCounter counter : counters)
{
counter.avg();
System.out.println(counter);
counter.reset();
counter.security = true;
}
System.setProperty("java.security.policy", "sscce.policy");
System.setSecurityManager(new SecurityManager());
System.out.println("\n\nRunning With Security");
for(int i = 0; i < iterations; ++i)
{
for(StatCounter counter : counters)
{
long then = System.currentTimeMillis();
new Socket(counter.host, 80).close();
counter.inc(System.currentTimeMillis() - then);
}
}
for(StatCounter counter : counters)
{
counter.avg();
System.out.println(counter);
}
}
}
Running Without Security
google.com iterations (4) avg (65) security (false)
youtube.com iterations (4) avg (61) security (false)
oracle.com iterations (4) avg (104) security (false)
random.org iterations (4) avg (101) security (false)
phpbb.com iterations (4) avg (143) security (false)
staminus.net iterations (4) avg (137) security (false)
blacklotus.net iterations (4) avg (137) security (false)
Running With Security
google.com iterations (4) avg (261) security (true)
youtube.com iterations (4) avg (64) security (true)
oracle.com iterations (4) avg (103) security (true)
random.org iterations (4) avg (100) security (true)
phpbb.com iterations (4) avg (882) security (true)
staminus.net iterations (4) avg (303) security (true)
blacklotus.net iterations (4) avg (4669) security (true)
- 控制台输出,java.security.debug=all
就我所见,一切看起来都很好(除了表面上的网络延迟!)我终于通过使用额外的调试信息对JRE系统库进行反向工程,找到了这种现象的根本原因。我能够找到延迟的原因,可以追溯到本机方法
java.net.Inet4AddressImpl.getHostByAddr([B)Ljava.lang.String
我希望这能帮助其他遇到这种奇怪情况的人。减去36小时,案件结案。你能查一下你的错误日志吗?我想代码是对的,没有错误。连接正在发生,但对于blacklotus.net,延迟至少增加了4倍(但仅在安装了安全管理器的情况下)。如果愿意,请运行示例并确认我的数据能够被复制。谢谢
java.net.Inet4AddressImpl.getHostByAddr([B)Ljava.lang.String