这个问题让我头疼了几天。对于特定网络上的站点(恰好是DDOS迁移提供商),与其他站点相比,安全管理checkConnect调用似乎需要非常长的时间。
此网络上的网站是否有任何方式可以对安全管理器的访问检查进行编制?有没有我不知道的配置?我(更)疯了吗?
这是一个演示......
的测试用例package com.test;
import java.net.Socket;
import java.util.ArrayList;
import java.util.List;
public class SSCCE
{
static class StatCounter
{
boolean security;
String host;
long avg;
long total;
int iterations;
StatCounter(String host)
{
this.host = host;
}
@Override
public String toString()
{
return host + "\t\titerations (" + iterations + ")\t\tavg (" + avg + ")\t\tsecurity (" + security + ")";
}
void inc(long time)
{
++iterations;
total += time;
}
void avg()
{
avg = total / (long)iterations;
}
void reset()
{
total = 0;
iterations = 0;
}
}
static String[] hosts = new String[]
{
"google.com",
"youtube.com",
"oracle.com",
"random.org",
"phpbb.com",
"staminus.net",
// MUCH Higher Latency with site below (only with security manager enabled?)
"blacklotus.net"
};
public static void main(String[] argv) throws Throwable
{
int iterations = Integer.parseInt(argv[0]);
List<StatCounter> counters = new ArrayList<StatCounter>(hosts.length);
for(String host : hosts)
{
counters.add(new StatCounter(host));
}
System.out.println("Running Without Security");
for(int i = 0; i < iterations; ++i)
{
for(StatCounter counter : counters)
{
long then = System.currentTimeMillis();
new Socket(counter.host, 80).close();
counter.inc(System.currentTimeMillis() - then);
}
}
for(StatCounter counter : counters)
{
counter.avg();
System.out.println(counter);
counter.reset();
counter.security = true;
}
System.setProperty("java.security.policy", "sscce.policy");
System.setSecurityManager(new SecurityManager());
System.out.println("\n\nRunning With Security");
for(int i = 0; i < iterations; ++i)
{
for(StatCounter counter : counters)
{
long then = System.currentTimeMillis();
new Socket(counter.host, 80).close();
counter.inc(System.currentTimeMillis() - then);
}
}
for(StatCounter counter : counters)
{
counter.avg();
System.out.println(counter);
}
}
}
政策文件
grant
{
permission java.net.SocketPermission "google.com:80", "connect";
permission java.net.SocketPermission "youtube.com:80", "connect";
permission java.net.SocketPermission "oracle.com:80", "connect";
permission java.net.SocketPermission "random.org:80", "connect";
permission java.net.SocketPermission "phpbb.com:80", "connect";
permission java.net.SocketPermission "staminus.net:80", "connect";
permission java.net.SocketPermission "blacklotus.net:80", "connect";
};
运行 java com.test.SSCCE
示例输出
Running Without Security
google.com iterations (4) avg (65) security (false)
youtube.com iterations (4) avg (61) security (false)
oracle.com iterations (4) avg (104) security (false)
random.org iterations (4) avg (101) security (false)
phpbb.com iterations (4) avg (143) security (false)
staminus.net iterations (4) avg (137) security (false)
blacklotus.net iterations (4) avg (137) security (false)
Running With Security
google.com iterations (4) avg (261) security (true)
youtube.com iterations (4) avg (64) security (true)
oracle.com iterations (4) avg (103) security (true)
random.org iterations (4) avg (100) security (true)
phpbb.com iterations (4) avg (882) security (true)
staminus.net iterations (4) avg (303) security (true)
blacklotus.net iterations (4) avg (4669) security (true)
我非常感谢任何意见,谢谢。
据我所知,一切看起来都不错(除了看似网络延迟!)
答案 0 :(得分:4)
我通过使用其他调试信息对JRE系统库进行反向工程,最终找出了这种现象的根本原因。我能够将延迟的原因追溯到本机方法
java.net.Inet4AddressImpl.getHostByAddr([B)Ljava.lang.String
事实证明,从其IP地址解析有问题的主机因未知原因失败,并且在超时后,调用方法尝试另一个路由返回有效的主机名。我已经使用几个基于Web的反向查找工具检查了这一点,似乎blacklotus.net很可能存在问题(或者可能是防止反向查找的功能?)
我希望这可以帮助遇到像这样的奇怪球案的其他人。 T-减去36小时,案件结案。