Why does IntelliJ want to accept incoming network connections?

Question

➠ What feature in IntelliJ is acting as a server to accept incoming connections?

When first running IntelliJ 2017.1.1 I get a dialog box asking permission for incoming network connections.

Do you want the application “java” to accept incoming network connections?

Clicking Deny may limit the application’s behavior. This setting can be changed in the Firewall pane of Security & Privacy preferences.

[Deny] [Allow]

Example of dialog appearing on a fresh install of IntelliJ 2017.2 Ultimate edition, in the New Project wizard, when clicking on the Maven tab.

Why is IntelliJ causing this prompt? I got no such event when running NetBeans.

What exactly is the effect of denying or accepting? I am concerned about letting a Java process accept outside network connections as doing so is a serious security risk.

Possibly related to:

• Question: How to bind IntelliJ IDEA random open ports to localhost only?
• Issue IDEA-175889: IDE opens random ports on wildcard interface in some configurations

---

This Question is not about the source of the message. The source is the Apple macOS app-level firewall. You can allow or block an app from listening for incoming network connections. Allowing this is a security risk.

IntelliJ is asking to be added to the list of apps allowed to listen for incoming messages. My Question is, "Why does IntelliJ need to accept incoming network connections?".

Answer 1

Problably it is linked to the below.

If you click on http://localhost:63342/ you should be able to access the built-in server. Which by default should listen only on the local interface.

Open port in range 6942-6992 seems to be linked to SocketLock.java

myServer = BuiltInServer.startNioOrOio(workerCount, 6942, 50, false, handler);

note: Ports 6953, 6969, 6970 are excluded from that range. See BuiltInServer.java

private static final int[] FORBIDDEN_PORTS = {6953, 6969, 6970};

Another open port is linked to a process org.jetbrains.idea.maven.server.RemoteMavenServer

jps -l | grep jetbrains
24628 org.jetbrains.idea.maven.server.RemoteMavenServer

You could find out open port with netstat

on Linux: `netstat -ltupne`
on OSX (something like): nettop -np java

and the related java processes with jps (as show above)