Skip to main content

Defect - JDK7 Permission Denied with Sockets when using VPN

10 replies [Last post]
atehrani
Offline
Joined: 2004-01-14
Points: 0

For work we use Cisco AnyConnect VPN 2.4.0202 as a way to VPN into our work network. When I am using JDK7 with various tools (such as SOAP UI, SQLuirrel, Netbeans) they all fail to connect to the Internet with "Permission Denied" exceptions when trying to open sockets.

I do NOT get these exceptions when using JDK6.

java version "1.7.0-ea"
Java(TM) SE Runtime Environment (build 1.7.0-ea-b89)
Java HotSpot(TM) 64-Bit Server VM (build 18.0-b02, mixed mode)

Sample exception from SOAP UI

Thu Apr 29 12:21:41 PDT 2010:ERROR:java.net.SocketException: Permission denied: connect
java.net.SocketException: Permission denied: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:69)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:316)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:177)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:164)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:154)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:390)
at java.net.Socket.connect(Socket.java:578)
at java.net.Socket.connect(Socket.java:527)
at java.net.Socket.(Socket.java:424)
at java.net.Socket.(Socket.java:279)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at com.eviware.soapui.impl.wsdl.support.http.SoapUIMultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(SoapUIMultiThreadedHttpConnectionManager.java:1666)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:170)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:122)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:717)

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
jyeung
Offline
Joined: 2012-05-31
Points: 0

Same problem with Cisco VPN 3.0.3054. with Java 7u3

Is there a way to work around this, I need it to work with both IPv6 and IPv4.

garydgregory
Offline
Joined: 2011-08-16
Points: 0

Just got the same issue with AnyConnect 2.5.1025.

alanb
Offline
Joined: 2005-08-08
Points: 0

JDK 7 brings support for IPv6 on Windows. When you attempt to connect to an IPv4 address then under the covers it will use an IPv4-mapped IPv6 address. From the discussion here, it would appear that the Cisco AnyConnect VPN product doesn't support IPv6 sockets. The original post said version 2.4.020, does anyone know if that is the latest and whether it can be configured to support IPv6?

Tigronix
Offline
Joined: 2011-03-23
Points: 0

I get the same issue using JDK1.7 with JavaMail 1.4.4. Connect permission is denied on SMTP port 25.
The code works fine under JDK1.6 and is also fixed under JDK1.7 by using the -Djava.net.preferIPv4Stack=true runtime flag.

atehrani
Offline
Joined: 2004-01-14
Points: 0

More digging around and it seems the VPN client has IPv6 disabled which is causing issues with JDK7.

If I use the following flag -Djava.net.preferIPv4Stack=true I no longer see the errors. Is this workaround expected or is this an issue?

stephen.judd
Offline
Joined: 2011-04-26
Points: 0

I have found the same issue with the Eclipse 3.7.1 'Check for Updates'. This has been resolved by adding '-Djava.net.preferIPv4Stack=true' to the eclipse.ini under -VMARGS:

openFile
-vmargs
-Djava.net.preferIPv4Stack=true

An alternative is to run Eclipse under a 1.6 jvm by adding

-vm
C:/Program Files/Java/<strong>jre6</strong>/bin/javaw.exe

above -VMARGS.

I am also seeing similar issues with Business Objects Java Applet when Java 1.7 is the default install on the client machine.

fexer
Offline
Joined: 2012-07-09
Points: 0

I was having the same problem with NetBeans 7.1

I added ' -J-Djava.net.preferIPv4Stack=true' to the end of the netbeans_default_options in the netbeans.conf which is located in C:\Program Files\NetBeans 7.1\etc.

That fixed the problem.

ChetanTammala
Offline
Joined: 2011-09-27
Points: 0

Hi,

I am also facing the same issue. Could one of you please let me know where to specify the "Djava.net.preferIPv4Stack=true" parameter? Please note that we are getting this error when trying to access Java pages. We don't use Eclipse. I tried adding this value under "C:\WINDOWS\sun\java\deployment\deployment.properties", but that didn't help.

And we can't roll back Java to v6 due to security concerns.

Thanks,
Chetan

SuperMan2000
Offline
Joined: 2012-12-27
Points: 0

Thanks a lot ! I had similar issue using Mule outbound http endpoint

http:outbound-endpoint synchronous="true" method="GET"

it really helped me

Amit1591
Offline
Joined: 2013-09-12
Points: 0

I was getting the same error due to internet connection problem. please check the connection.. and try again.

It worked for me. I installed java-8 on my Amazon EC2 instance.