Implement java security policy using hostname instead of IP address?

Question

I am currently having to do the following to allow mail sending in our java security policy.

permission java.net.SocketPermission "smtp.example.com", "resolve";
permission java.net.SocketPermission "10.0.0.1:25", "connect,resolve";
permission java.net.SocketPermission "10.0.0.2:25", "connect,resolve";
permission java.net.SocketPermission "10.0.0.3:25", "connect,resolve";

However the IP address is subject to change from time to time, and I need to ensure our applications don't break if someone adds a new smtp server.

Is it possible to compromise to allow connections based on hostname rather than IP address?

score 2 · Accepted Answer · answered Oct 08 '13 at 22:58

From the java doc of SocketPermission page:

A SocketPermission consists of a host specification and a set of "actions" specifying ways to connect to that host. The host is specified as

host = (hostname | IPv4address | iPv6reference) [:portrange]

An example of the creation and meaning of SocketPermissions:

new SocketPermission("puffin.eng.sun.com:7777", "connect,accept");

Implement java security policy using hostname instead of IP address?

1 Answers1