cute(?) behavior of SocketPermission
By Weijun on Feb 08, 2006
new Socket("host", 80)
will throw a SecurityException complaining that "host" cannot be resolved. however, if you add a permission like
permission java.net.SocketPermission "10.0.0.2", "connect"
where 10.0.0.2 is the IP address of "host", the line will happily go through. so it's a little strange here: how does it know that "host" is 10.0.0.2, without my explicit permission of resolving it?
it turns out that when dealing with the name/address at security check, java does a secret DNS with check turned off. it silently compares the IP addresses under there. the final result is you can write either IP or hostname in the policy file. this is why we see this line in the standard javadoc:
The action "resolve" refers to host/ip name service lookups.