java.net.SocketPermission - strange behaviour

I was creating a java applet to collect and proces some data from other websites. The applet is unsigned, and, as I understand it, access to other sites is blocked for security reasons.

However, it seems at least one of the other sites is not block开发者_StackOverflowed. I tried this code:

package where;

import java.awt.BorderLayout;
import java.awt.Container;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import javax.swing.JApplet;
import javax.swing.JLabel;
import javax.swing.JTextArea;

public class TestPermissions extends JApplet {
JTextArea txt = new JTextArea();
public void openURL(String site)  {
    txt.append(site+": ");
    try {
        URL url = new URL(site);
        BufferedReader in = new BufferedReader(
                new InputStreamReader(
                        url.openStream()));
        txt.append("Succes\n");
    } catch (Exception e) {
        txt.append("Failed\n");
        txt.append(e.getMessage()+"\n");
        System.err.println(e.getMessage());
    }

}
public void init() {
    openURL("http://www.buienradar.nl/");
    openURL("http://buienradar.nl/");
    openURL("http://www.google.nl/");
    openURL("http://whatismyipaddress.com/");
    openURL("http://www.google.com/");
    openURL("http://www.nrg.eu/");
    openURL("http://www.ecn.nl/");
    Container cp = getContentPane();
    cp.setLayout(new BorderLayout());
    cp.add(BorderLayout.CENTER, txt);
}
}

And the result is:

http://www.buienradar.nl/: Failed
access denied (java.net.SocketPermission www.buienradar.nl:80 connect,resolve)
http://buienradar.nl/: Failed
access denied (java.net.SocketPermission buienradar.nl:80 connect,resolve)
http://www.google.nl/: Failed
access denied (java.net.SocketPermission www.google.nl:80 connect,resolve)
http://whatismyipaddress.com/: Succes
http://www.google.com/: Failed
access denied (java.net.SocketPermission www.google.com:80 connect,resolve)
http://www.nrg.eu/: Failed
access denied (java.net.SocketPermission www.nrg.eu:80 connect,resolve)
http://www.ecn.nl/: Failed
access denied (java.net.SocketPermission www.ecn.nl:80 connect,resolve)

I do understand the "access denied" repsonses, but why was access granted to http://whatismyipaddress.com

I welcome answers or hints or suggestions for reference.

Dear Dacwe,

Thanks for your response.

My server's name is not whatismyipaddress.com.

I put the applet on a server: http://www.vitanova.co.nr/test/TestPermissions.html

the code is at:

http://www.vitanova.co.nr/test/where/TestPermissions.java

In addition put another applet on the server that obtains data from whatismyipaddress.com (actually the estmated location of the PC) and tries to get weather data from buienradar for that location, the latter fails because of the applet security.

http://www.vitanova.co.nr/test/ReadURL.html

the code is at:

http://www.vitanova.co.nr/test/where/ReadURL.java

This is the crossdomain.xml feature since 6u10. Have a look at http://whatismyipaddress.com/crossdomain.xml

<?xml version="1.0"?>
<cross-domain-policy>
  <allow-access-from domain="*" />
</cross-domain-policy>

See What Applets Can and Cannot Do.

I could think of some things that might be wrong:

• Your server's name is whatismyipaddress.com (the applet may "call home")
• Bug in your test code (do you have more code?)
• JVM bug (not likely)

Crossdomain.xml does not resolve your problem. You must sign your applet to make it works with cross-domain.