由于有两种不同的身份验证方法,我有一个web服务器(IBMDomino),它使用两个主机名。两者都服务于同一个应用程序,该应用程序包含一个Java小应用程序,用于将图像上传到servlet。
问题是,对于一个主机名,即使响应返回到同一服务器,它也需要crossdomain.xml。以下是Java控制台的日志
security: Certificate has been verified with Internet Explorer ROOT certificates successfully
security: Valid certificate from HTTPS server
security: Adding certificate in Deployment session certificate store
security: Added certificate in Deployment session certificate store
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
network: Connecting https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar with cookie "SessionID=DICYCB6XKY; LtpaToken=AAECAzUxQzgzMjJDNTFDOTgzQUNDTj1Ob3RlcyBEZXNpZ24vTz1QTUIvQz1DWi2qxrRR+Cf/ZLIyNcL5C2MYFyO/"
network: ResponseCode for https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar : 304
network: Encoding for https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar : null
network: Disconnect connection to https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar
cache: Reading Signers from 4633 https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar | C:Documents and SettingsexmartinData aplikacíSunJavaDeploymentcache6.0324961f60-2fd2a536.idx
cache: Read manifest for https://v8lnprox1-sso.pradny.com/lwf/hd.nsf/test.jar: read=241 full=241
basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
security: Loading Root CA certificates from C:Program FilesJavajre6libsecuritycacerts
security: Loaded Root CA certificates from C:Program FilesJavajre6libsecuritycacerts
security: Loading Deployment certificates from C:Documents and SettingsexmartinData aplikacíSunJavaDeploymentsecuritytrusted.certs
security: Loaded Deployment certificates from C:Documents and SettingsexmartinData aplikacíSunJavaDeploymentsecuritytrusted.certs
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Loading certificates from Internet Explorer TrustedPublisher certificate store
security: Loaded certificates from Internet Explorer TrustedPublisher certificate store
security: Validate the certificate chain using CertPath API
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: No timestamping info available
security: Found jurisdiction list file
security: Start checking trusted extension for this certificate
security: Start comparing to jurisdiction list with this certificate
security: The CRL support is disabled
security: The OCSP support is disabled
security: This OCSP End Entity validation is disabled
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment permanent certificate store
basic: Applet loaded.s
basic: Applet resized and added to parent container
basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 263251 us, pluginInit dt 4145344 us, TotalTime: 4408595 us
basic: Applet initialized
basic: Removed progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1dff3a2
basic: Applet made visible
basic: Starting applet
basic: completed perf rollup
basic: Applet started
basic: Told clients applet is started
SERVERhttp://v8lnprox1-sso.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DPMB/C%3DCZ
class java.io.InputStream
1
2
3
4
5
network: Connecting http://v8lnprox1-sso.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DXXX/C%3DCZ with proxy=DIRECT
network: Cache entry not found [url: http://172.27.40.228/crossdomain.xml, version: null]
network: Connecting http://172.27.40.228/crossdomain.xml with proxy=DIRECT
network: Connecting http://172.27.40.228:80/ with proxy=DIRECT
如果我添加crossdomain.xml文件,它可以正常工作,但我认为不应该是必需的。
对于这两个主机名,即使应用程序通过https工作,我们也会将数据发布到http地址,因为我们过去在applet和https方面遇到过问题。
从第二个主机名中删除了适用于ou crossdomain.xml 的版本
network: Connecting https://v8lnprox1.pradny.com/lwf/hd.nsf/test.jar with cookie "SessionID=DICYID8LJR; DomAuthSessId=DC524501EBA6503AB01FC5C61D8DA887"
network: CleanupThread used 3 us
network: Downloading resource: https://v8lnprox1.pradny.com/lwf/hd.nsf/test.jar
Content-Length: 7 630
Content-Encoding: null
network: Wrote URL https://v8lnprox1.pradny.com/lwf/hd.nsf/test.jar to File C:Documents and SettingsexmartinData aplikacíSunJavaDeploymentcache6.019537eb3d3-1edda6c2-temp
SERVERhttp://v8lnprox1.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DPMB/C%3DCZ
class java.io.InputStream
1
2
3
4
5
network: Connecting http://v8lnprox1.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DXXX/C%3DCZ with proxy=DIRECT
network: Connecting http://v8lnprox1.pradny.com:80/ with proxy=DIRECT
6
network: Connecting http://v8lnprox1.pradny.com/servlet/imgPaste?lnid=C12579B50053D943@F3B5BDE9E7B4E2F4C1257B94003D0AEB10eyr0f4mw4cg&category=imgPozadavek&userName=CN%3DNotes%20Design/O%3DXXX/C%3DCZ with cookie "SessionID=DICYID8LJR; DomAuthSessId=DC524501EBA6503AB01FC5C61D8DA887"
7
Nacteno bytu: 527412
你知道是什么导致了这种差异吗?(在Java 1.6u34上测试)
java6更新22的发布说明说:
CVE-2010-3560
CVE-2010-3560的修复可能会导致某些Java小程序在如果新的Java插件嵌入到网页中,它们将停止工作其中包含JavaScript,该JavaScript调用Java以执行需要网络安全权限的操作。这些小程序可能如果解析原始网页URL主机名的名称服务不作为反向地址查找的结果返回匹配的名称[…]
插件是否会反向查找始发服务器的IP地址,发现不同的主机名,从而决定这是一个跨域请求?