JavaFX Web Start应用程序中的自定义SecureClassLoader和权限
[英]Custom SecureClassLoader and permissions in JavaFX Web Start application
问题描述
I'm migrating an applet-based application into a Web Start application. 
我正在将基于applet的应用程序迁移到Web Start应用程序中。
In the application a custom ClassLoader is needed in order to fetch resources and classes from different media. 在应用程序中,需要自定义ClassLoader以从不同媒体获取资源和类。 It also uses a JavaFX layer on the top. 它还在顶部使用JavaFX层。
All permissions are granted to the WebStart application, the manifest is complete and the jar is signed with a valid certificate. 所有权限都授予WebStart应用程序,清单已完成,jar使用有效证书进行签名。 In fact, if I don't fetch the classes from the media and I load them with the default ClassLoader, everything works. 事实上,如果我不从媒体中获取类,并使用默认的ClassLoader加载它们,一切正常。 But if I use the custom ClassLoader, we face problems like: 但是如果我使用自定义ClassLoader,我们会面临以下问题:
Caused by: java.security.AccessControlException: access denied ("java.net.SocketPermission" "www.mydomain.com:443" "connect,resolve")
For testing proposals, the custom SecureClassLoader is granting all permissions. 对于测试提议,自定义SecureClassLoader授予所有权限。 That does not help. 这没有用。
I'm also trying to replace the Security Manager, but I cannot: 我也试图更换安全管理器,但我不能:
java.lang.SecurityException: JVM Shared, not allowed to set security manager
even if I add the parameter to the applet descriptor inside the jnlp: 即使我将参数添加到jnlp中的applet描述符:
PARAM name="separate_jvm" value="true"
I cannot replace the manager. 我无法取代经理。
Can anyone point what can I do to be able to grant permissions to those classes? 任何人都可以指出我能做什么才能授予这些类的权限? It is not possible to change the policy files on the client side. 无法在客户端更改策略文件。
Here I add the stacktrace to point where the calls are coming from: 在这里,我将stacktrace添加到调用来自的位置:
java.security.AccessControlException: access denied ("java.net.SocketPermission" "www.mydomian.com" "resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.addAccess(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.allowNoAccess(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at java.net.URLStreamHandler.getHostAddress(Unknown Source)
at java.net.URLStreamHandler.hashCode(Unknown Source)
at java.net.URL.hashCode(Unknown Source)
at java.util.HashMap.hash(Unknown Source)
at java.util.HashMap.get(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler.getDefaultCodeSource(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler.access$1400(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.<init>(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildCallback.openClassPathElement(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getCodebaseLookup(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getResourceAsResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassLoader.getResourceAsStream(Unknown Source)
at java.lang.Class.getResourceAsStream(Unknown Source)
at mypackage.Util.readResource(Util.java:42)
at mypackage.CustomClassLoader.encryptedLookup(CustomClassLoader.java:101)
at mypackage.ClassLoader.findClass(CustomClassLoader.java:78)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at customUtil.ParametersGetter.getRole(ParametersGetter.java:80)
at com.application.ModuleConfig.main(ModConfig.java:448)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at mypackage.CustomClassLoader.launch(CustomClassLoader.java:126)
at mypackage.Browser$1.call(Browser.java:54)
at mypackage.Browser$1.call(Browser.java:45)
at javafx.concurrent.Task$TaskCallable.call(Task.java:1423)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Thanks. 谢谢。
1 个解决方案
解决方案1
0 2016-12-05 15:34:48
Finally the problem was detected. 最后检测到问题。
The System Classloader was set as the parent classloader of our custom classloader instead of using the classloader that loaded our classloader class. 系统类加载器被设置为我们的自定义类加载器的父类加载器,而不是使用加载我们的类加载器类的类加载器。
As a result, other classloaders cascaded by a library of our application where lost in the flow, and that created a conflict on the permission resolution. 因此,其他类加载器由我们的应用程序库级联,在流中丢失,并在权限解析中产生冲突。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.