简体   繁体   English

如何授予applet读取系统属性的权限?

[英]How to grant applet permission to read system properties?

I have a Java applet that is trying to read the http.strictPostRedirect System Property . 我有一个Java小程序正在尝试读取http.strictPostRedirect 系统属性

The code is not mine (it's Java's; so i cannot change it). 该代码不是我的(它是Java的;因此我无法更改它)。 But you can find the code online: 但是您可以在线找到代码:

HttpURLConnection.java : HttpURLConnection.java

if (method.equals("POST") && !Boolean.getBoolean("http.strictPostRedirect") && (stat!=307)) 
{
   /* The HTTP/1.1 spec says that a redirect from a POST 
    * *should not* be immediately turned into a GET, and
    * that some HTTP/1.0 clients incorrectly did this.
    * Correct behavior redirects a POST to another POST.
    * Unfortunately, since most browsers have this incorrect
    * behavior, the web works this way now.  Typical usage
    * seems to be:
    *   POST a login code or passwd to a web page.
    *   after validation, the server redirects to another
    *     (welcome) page
    *   The second request is (erroneously) expected to be GET
    * 
    * We will do the incorrect thing (POST-->GET) by default.
    * We will provide the capability to do the "right" thing
    * (POST-->POST) by a system property, "http.strictPostRedirect=true"
    */
    ...
}

The basic failure comes from calling: 基本的失败来自于调用:

Boolean.getBoolean("http.strictPostRedirect")

Which has caused a lot of people grief . 这引起了很多人的悲伤 Apparently i'm not allowed to read the http.strictPostRedirect System Property. 显然,我不允许阅读http.strictPostRedirect系统属性。 Trying to read it throws an AccessControlException : 尝试读取它会引发AccessControlException

java.security.AccessControlException: access denied (java.util.PropertyPermission http.strictPostRedirect read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.lang.Boolean.getBoolean(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)

So, if i don't have permission to read permission to a System Property : 因此,如果我没有权限读取 系统属性的权限:

How do i get read permission to a system property? 如何获得对系统属性的读取权限?

There obviously must be a setting that gives me permission to read a system property, otherwise Sun wouldn't have code that transparently tries to access it. 显然,必须有一个设置可以授予我读取系统属性的权限,否则Sun不会拥有透明地尝试访问它的代码。

Is it a machine world-wide setting? 它是世界范围内的机器吗? Is it a domain-wide setting? 它是域范围的设置吗? Is it a machine-wide setting? 它是机器范围的设置吗? Is it a per-user setting? 是每个用户的设置吗? Is it a per-applet setting? 是每个小程序的设置吗? Is it a per-invocation setting? 它是按调用设置的吗? Is it a setting tied to a particular version of the Java Runtime Engine ? 它是与特定版本的Java Runtime Engine绑定的设置吗?

tl;dr : How make not crash? tl; dr :如何使不崩溃?

Reading system properties 读取系统属性

Java does have a list of system properties than at applet cannot read : Java确实有一个系统属性列表,比applet无法读取

  • java.class.path
  • java.home
  • user.dir
  • user.home
  • user.name

My system property , http.strictPostRedirect , is not on that list. 我的系统属性 http.strictPostRedirect不在该列表中。 So why can't i read it? 那我为什么看不懂呢?

See also 也可以看看

The 'fix' here is to digitally sign the applet, then convince the user to OK the code when prompted. 这里的“解决方案”是对小程序进行数字签名,然后在出现提示时说服用户确定代码。


Java does have a list of system properties than at applet cannot read: Java确实有一个系统属性列表,比applet无法读取:

  • java.class.path java.class.path
  • java.home java.home
  • user.dir user.dir来
  • user.home 的user.home
  • user.name 用户名

My system property, http.strictPostRedirect, is not on that list. 我的系统属性http.strictPostRedirect不在该列表中。 So why can't i read it? 那我为什么看不懂呢?

That is the 'short list' of properties that a sand-boxed app. 这是沙盒应用程序的属性的“简短列表”。 cannot read. 无法阅读。 There are also many more. 还有很多。 EG nothing under user is permitted 1 . EG禁止user 1 Just consider those to be 'typical'. 只考虑那些是“典型的”。

  1. Output for 7 user properties in a sand-boxed app. 沙盒应用程序中7个user属性的输出。

Name            Value
user.country    unknown
user.dir        unknown
user.home       unknown
user.language   unknown
user.name       unknown
user.timezone   unknown
user.variant    unknown

There obviously must be a setting that gives me permission to read a system property, otherwise Sun wouldn't have code that transparently tries to access it. 显然,必须有一个设置可以授予我读取系统属性的权限,否则Sun不会拥有透明地尝试访问它的代码。

True. 真正。 See the fix above. 请参阅上面的修复程序。


声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM