1. 首頁
  2. 問答
  3. 在HTML中部署具有安全許可權的Java Applet

在HTML中部署具有安全許可權的Java Applet

2011-04-18 21 views
1

我有一個非常困難的時間才能使其工作。在HTML中部署具有安全許可權的Java Applet

該小程序嵌入在我的web page中,它試圖連接到Java Servlet here

在某些電腦上它連接正常,在其他電腦上我得到一個無法連接的錯誤,我相信這是由java安全權限造成的。

Custom 1: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve)

java.security.AccessControlException: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve) 
    at java.security.AccessControlContext.checkPermission(Unknown Source) 
    at java.security.AccessController.checkPermission(Unknown Source) 
    at java.lang.SecurityManager.checkPermission(Unknown Source) 
    at java.lang.SecurityManager.checkConnect(Unknown Source) 
    at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source) 
    at java.net.Socket.connect(Unknown Source) 
    at sun.net.NetworkClient.doConnect(Unknown Source) 
    at sun.net.www.http.HttpClient.openServer(Unknown Source) 
    at sun.net.www.http.HttpClient.openServer(Unknown Source) 
    at sun.net.www.http.HttpClient.<init>(Unknown Source) 
    at sun.net.www.http.HttpClient.New(Unknown Source) 
    at sun.net.www.http.HttpClient.New(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) 
    at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789) 
    at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773) 
    at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
    at java.lang.reflect.Method.invoke(Unknown Source) 
    at sun.plugin.javascript.JSInvoke.invoke(Unknown Source) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
    at java.lang.reflect.Method.invoke(Unknown Source) 
    at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source) 
    at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source) 
    at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source) 
    at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source) 
    at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source) 
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source) 
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source) 
    at java.security.AccessController.doPrivileged(Native Method) 
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source) 
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source) 
    at java.lang.Thread.run(Unknown Source)

我已簽署的jar文件,但它仍然不能解決問題。 這是我如何生成密鑰文件並簽署了jar。

keytool -genkey -alias cal -keystore keys -keypass #### -dname "cn=feldman" -storepass #### 

jarsigner -keystore keys -storepass #### -keypass #### -signedjar CalSigned.jar Cal.jar cal

這是我如何我將它嵌入到HTML頁面:

<script src="http://java.com/js/deployJava.js"></script> 

    <script> 
     var attributes = {code:'Calendar_Algorithm.class', 
         archive:'Cal39.jar', 
         width:150, height:50, 
         id:"ClientApp", 
         name:"ClientApp" 
         } ; 
     var parameters = {fontSize:16} ; 
     var version = '1.6' ; 
     deployJava.runApplet(attributes, parameters, version); 
    </script>

我也試圖做一個JNLP文件,我甚至不能說開始罐子,這裏是我的JNLP文件內容:

<?xml version="1.0" encoding="utf-8"?> 
<jnlp spec="1.5+" codebase="" href=""> 
    <security> 
     <all-permissions/> 
    </security> 
    <information> 
     <title>Easy Course Selector</title> 
     <vendor>Group Boba</vendor> 
     <homepage href="index.html"/> 
     <description>Easy Course Selector</description> 
     <description kind="short">Easy Course Selector</description> 
     <icon href="mouseguard-small-jpg3.jpg"/> 

    </information> 

    <resources> 
     <j2se version="1.5+" href="http://java.sun.com/products/autodl/j2se" /> 
     <jar href="Cal.jar" main="true" download="eager" /> 
    </resources> 
    <applet-desc name="EasyCourse Applet" main-class="Calendar_Algorithm.class" width="200" height="50"> 
    </applet-desc> 
    <update check="background"/> 
</jnlp>

而且嵌入代碼

<script> 
    var attributes = {id:"ClientApp", name:"ClientApp", code:'Calendar_Algorithm', width:150, height:50} ; 
    var parameters = {jnlp_href: 'Cal_Info.jnlp'} ; 
    deployJava.runApplet(attributes, parameters, '1.6'); 
</script>

這是當我使用它的錯誤日誌連接到外部服務器:

java.security.AccessControlException: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve) 
at java.security.AccessControlContext.checkPermission(Unknown Source) 
at java.security.AccessController.checkPermission(Unknown Source) 
at java.lang.SecurityManager.checkPermission(Unknown Source) 
at java.lang.SecurityManager.checkConnect(Unknown Source) 
at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source) 
at java.net.Socket.connect(Unknown Source) 
at sun.net.NetworkClient.doConnect(Unknown Source) 
at sun.net.www.http.HttpClient.openServer(Unknown Source) 
at sun.net.www.http.HttpClient.openServer(Unknown Source) 
at sun.net.www.http.HttpClient.<init>(Unknown Source) 
at sun.net.www.http.HttpClient.New(Unknown Source) 
at sun.net.www.http.HttpClient.New(Unknown Source) 
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) 
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) 
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) 
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) 
at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789) 
at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773) 
at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
at java.lang.reflect.Method.invoke(Unknown Source) 
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
at java.lang.reflect.Method.invoke(Unknown Source) 
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source) 
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source) 
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source) 
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source) 
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source) 
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source) 
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source) 
at java.security.AccessController.doPrivileged(Native Method) 
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source) 
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source) 
at java.lang.Thread.run(Unknown Source)

任何幫助將是驚人的。

而且,這裏是導致該錯誤代碼:

class Con implements PrivilegedExceptionAction<Boolean> { 
    private final String text; 
    boolean res; 
    public Con(String t) { 
     text=t; 
    } 

    public Boolean run() { 
     res=send_courses_to_server(); 
     return res; 
    } 
    public boolean send_courses_to_server(){ 

     try { 
      URL url = new URL(server); 

      HttpURLConnection con; 
      con=(HttpURLConnection) url.openConnection(); 
      con.setRequestProperty("Content-type", "text/xml; charset=UTF-8"); 
      con.setRequestMethod("POST"); 
      con.setDoOutput(true); 
      con.setDoInput(true); 


      OutputStream out = con.getOutputStream(); 
      Writer writer = new OutputStreamWriter(out, "UTF-8"); 
      String xml=""; 
      writer.write("<Request>\n" +"<Request_Type>Validation_2</Request_Type>\n"); 
      xml="<Request>\n" +"<Request_Type>Validation_2</Request_Type>\n"; 



      Scanner in=new Scanner(text); 
      while(in.hasNext()){ 
       String temp=in.nextLine().trim(); 
       writer.write("<Course>"+temp+"</Course>\n"); 
       xml=xml+"<Course>"+temp+"</Course>\n"; 
      } 
      writer.write("</Request>\n"); 
      xml=xml+"</Request>\n"; 

      writer.flush(); 
      writer.close(); 

      InputStream is= con.getInputStream(); 

      if(con.getContentType().equals("text/xml")){ 
       status_message= new Scanner(is).nextLine(); 
       return false; 
      } 
      else{ 
       return set_courses(is); 
      } 

     } catch (Exception e){ 
      e.printStackTrace(); 
      status_message= "Custom 1: "+e.getMessage(); 
      return false; 
     } 

    } 

    private boolean set_courses(InputStream is){ 
     courses=new Vector<Course>(); 

     try { 
      ObjectInputStream ois=new ObjectInputStream(is); 

      Course c; 
      while(true){ 
       try{ 
        c=(Course)ois.readObject(); 
        courses.add(c); 
       }catch(EOFException e){ 
        break; 
       } 
      } 
      ois.close(); 
     } catch (Exception e){ 
      status_message= "Custom 3 "+e.getMessage(); 
      return false; 
     } 
     status_message="Good"; 
     return true; 
    } 

}

來源

2011-04-18 Steven Feldman

+0

你可以顯示你得到的異常嗎?此外,您的JNLP文件似乎有點微不足道。 – 2011-04-18 17:13:39

+0

訪問被拒絕(java.net.SocketPermission 184.91.186。5:8080連接,解決) 我不得不切換操作系統,以獲得錯誤,IP是servlet的IP – 2011-04-18 17:28:53

+0

@Paulo Ebermann,我一直無法找到一個很好的jnlp文件指南,可以給我一些建議改進礦山? – 2011-04-18 17:33:04

回答

2

現在,堆棧跟蹤,我們可以看到的原因好一點。

... 
at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789) 
at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773) 
at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761) 
... 
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source) 
...

您正在使用JavaScript來調用applet的方法,看起來像。 CalendarAlgorithm類的send_courses_to_server方法從JavaScript中調用,並直接調用內部類的run方法。這意味着您的代碼只能使用外部JavaScript的權限運行,而不能使用applet的權限。

Con類延伸PrivilegedExceptionAction,但這僅僅是不足以給予特權執行。您還必須在打電話給AccessController.doPrivileged(...)(這裏給出您的Con對象)。

然後該方法將通過簽名給予您的applet的特權被調用。 (當然,你應該檢查這個電話是否合法,並且什麼也不做。)

在這裏,我想你的簽名作品,我沒有檢查,因爲我通常使用未簽名的applets。順便說一句,如果你的applet來自與servlet相同的服務器,那麼這個連接就不需要任何簽名。

來源

2011-04-18 20:17:51

+0

所以,如果我這樣做: public boolean send_courses_to_server(String t){ \t \t con.set_text(t); \t \t AccessController.doPrivileged(con.run()); \t \t return con.res; \t},它應該工作? 還是你的意思是當我從JavaScript撥打電話? – 2011-04-18 20:48:23

+0

不,請'返回AccessController.doPrivileged(con);'。你不必自己調用'run'方法,AccessController就可以做到這一點。 – 2011-04-18 20:51:57

+0

假設這種變化我不需要jnlp文件是正確的嗎?如果他們對另一個人有利? – 2011-04-18 20:58:37

相關問題

 相關問題