我们在Tomcat托管的网络应用中使用ReCaptchas。最近我们向ReCaptcha校验服务器提出了一些连接问题,我们研究的一件事就是按照ReCaptcha Wiki中的建议对DNS条目解析进行超时:http://wiki.recaptcha.net/index.php/Overview#Important:_DNS_Caching
添加sun.net.inetaddr.ttl属性(将其设置为5分钟开始)后,我们现在总是在尝试验证验证码时获得AccessControlException。
java.security.AccessControlException: access denied (java.net.SocketPermission api-verify.recaptcha.net:80 connect,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:233)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.http.HttpClient.New(HttpClient.java:323)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:860)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:801)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:726)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at net.tanesha.recaptcha.http.SimpleHttpLoader.httpPost(SimpleHttpLoader.java:66)
at net.tanesha.recaptcha.ReCaptchaImpl.checkAnswer(ReCaptchaImpl.java:61)
以下是我们正在使用的catalina.policy的摘录:
permission java.net.SocketPermission "*", "resolve";
permission java.net.SocketPermission "api-verify.recaptcha.net:80", "connect,resolve";
现在,我不认为ReCaptcha服务器的DNS条目会发生很大变化(或根本不会),但如果发生这种情况,必须重新启动服务器也不是一件好事。是什么导致了这种行为?