为什么我的applet得到java.security.AccessControlException:访问被拒绝(java.net.SocketPermission ...),我该如何避免它?
[英]Why does my applet get a java.security.AccessControlException: access denied (java.net.SocketPermission …), and how can I avoid it?
问题描述
We are clueless about why my client is encountering a Java Security exception in Safari. 
我们对我的客户端在Safari中遇到Java安全性异常的原因一无所知。 Could anyone help? 有人可以帮忙吗?
The exception occurs reliably in Safari on Windows. 在Windows上的Safari中可靠地发生异常。 This involves a Java applet. 这涉及Java applet。 The exception also occurs with Firefox and IE8 on Windows Vista. Windows Vista上的Firefox和IE8也会出现异常。
Here are the steps to reproduce: 以下是重现的步骤:
Open Safari on Windows
在Windows上打开Safari Click here: http://www.cengraving.com/s/item?itemId=CH003
点击此处: http : //www.cengraving.com/s/item?icmId = CH003 Click "Customize" (at bottom of screen)
点击“自定义”(在屏幕底部) After the "Instant Proof" page loads, click "Add to cart."
加载“Instant Proof”页面后,单击“添加到购物车”。
Full stack trace: 完整堆栈跟踪:
java.security.AccessControlException: access denied (java.net.SocketPermission www.cengraving.com resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin.security.ActivatorSecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at com.designapplet.a.f.a(Unknown Source)
at com.designapplet.ui.c.a(Unknown Source)
at com.designapplet.ui.c.for(Unknown Source)
at com.designapplet.ui.DesignApplet.buy(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
java.net.MalformedURLException: no protocol:
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.access$000(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
java.net.MalformedURLException: no protocol:
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.access$000(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
8 个解决方案
解决方案1
16 2011-12-05 15:39:42
You can override the default security policy file used by the SecurityManager. 您可以覆盖SecurityManager使用的默认安全策略文件。
1) Create a text file (eg. applet.policy) 1)创建一个文本文件(例如applet.policy)
2) Grant all permissions to the applet 2)授予applet的所有权限
grant {
permission java.security.AllPermission;
};
3) Run the applet with 3)运行applet
-J-Djava.security.policy=applet.policy
解决方案2
9 2010-12-15 05:20:23
i had the same problem. 我有同样的问题。 And solved this by self signing the applet... 并通过自我签署applet来解决这个问题...
used the following steps and it worked 使用以下步骤,它工作
javac AppletClass.java
jar cvf AppletClass.jar AppletClass.class
keytool -genkey -validity 3650 -keystore pKeyStore -alias keyName
keytool -selfcert -keystore pKeyStore -alias keyName-validity 3650
jarsigner -keystore pKeyStore AppletClass.jar keyName
just answer the questions it will ask and it will do the work 只需回答它会问的问题,它就会完成工作
NOTE : i was getting the error for local read/write file 注意:我收到本地读/写文件的错误
解决方案3
4 2010-11-22 08:55:07
I have the same problem! 我也有同样的问题! JavaScript calls a public method of an applet that is embedded in the same document. JavaScript调用嵌入在同一文档中的applet的公共方法。 This should trigger that the applet loads some data from "home", so the connection should be opened to the same domain from where the applet was loaded - which should be allowed also for unsigned applets without further privileges. 这应该触发applet从“home”加载一些数据,因此连接应该打开到加载applet的同一域 - 对于没有进一步权限的未签名applet也应该允许。
I also recognized this security exception only with Safari (5.0.2 for Windows, JRE 1.6.0_22). 我也只用Safari(5.0.2 for Windows,JRE 1.6.0_22)识别出这个安全例外。 The same applet in IE and FireFox is doing well. IE和FireFox中的相同applet运行良好。
I also believe that this is a bug in the Java Sandbox of Safari. 我也相信这是Safari的Java沙箱中的一个错误。
EDIT: Using doPrivileged did not help but I found this workaround: If you "decouple" the JavaScript call from the requested execution through a timer event, the execution will no longer be prohibited by the security restriction that Safari puts into the game here. 编辑:使用doPrivileged并没有帮助,但我发现这个解决方法:如果您通过计时器事件将JavaScript调用从请求的执行“解耦”,Safari将不再禁止执行此处的游戏安全限制。 In detail: 详细地:
- the method that is called from JavaScript only creates a javax.swing.Timer (to schedule one event so the repeat-property must be set false). 从JavaScript调用的方法只创建一个javax.swing.Timer(计划一个事件,因此repeat-property必须设置为false)。 You can set the delay quite short (eg 50 ms). 您可以将延迟设置得很短(例如50 ms)。
- The method call that is intended to be called has to be put into the ActionEvent listener (actionPerformed) which is called by the timer. 要调用的方法调用必须放入由计时器调用的ActionEvent侦听器(actionPerformed)中。
One problem that might make things a bit more complicated is that in the actionPerformed context only static variables are accessible. 可能使事情变得更复杂的一个问题是在actionPerformed上下文中只能访问静态变量。 If the JavaScript call contains variables, these must be put by the initially called method into a staic "buffer" variable from which the scheduled event can read the value afterwards. 如果JavaScript调用包含变量,那么这些必须由最初调用的方法放入一个staic“缓冲区”变量中,之后调度事件可以读取该值。
In my tests only the javax.swing.Timer provided the required decoupling whereas java.util.Timer could not be used for that purpose. 在我的测试中,只有javax.swing.Timer提供了所需的解耦,而java.util.Timer不能用于此目的。
解决方案4
2 已采纳 2011-01-03 23:43:39
Thanks for the responses. 谢谢你的回复。 I didn't award the bounty because while the answers were all helpful, none quite solved the problem. 我没有奖励赏金,因为虽然答案都很有帮助,但没有一个能解决问题。
Ultimately, I solved the problem by passing the data from the applet to the web page, then executing an AJAX call to communicate with the server. 最后,我通过将数据从applet传递到网页,然后执行AJAX调用以与服务器通信来解决问题。 Not the most elegant solution, certainly, but it has proved effective thus far. 当然,这不是最优雅的解决方案,但到目前为止它已被证明是有效的。
Try it out, and lemme know if it works for you. 试一试,知道它是否适合你。
Thanks again! 再次感谢!
解决方案5
0 2010-11-12 22:44:00
Is this an applet? 这是一个小程序吗? If it is, you need to sign your applet for it to access a socket, (which seems to be what you are doing...) 如果是,你需要签署你的小程序,以便它访问套接字,(这似乎是你正在做的......)
See here for more information: 浏览此处获取更多信息:
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html
解决方案6
0 2010-12-15 00:21:19
It's manifesting as a security exception, but the problem is really a bad URL. 它表现为一个安全例外,但问题实际上是一个糟糕的URL。 If you follow the stack, you'll see there is a MalformedURLException. 如果你跟着堆栈,你会看到有一个MalformedURLException。
This is most likely caused by passing a URI somewhere that was expecting a URL. 这很可能是因为在某个期望URL的地方传递了一个URI。 Through the LiveConnect API from the looks of it. 通过LiveConnect API从它的外观。 I'd guess it's not finding a host name where one is expected, and is trying to connect to a default, probably localhost. 我猜它没有找到一个预期的主机名,并且正在尝试连接到默认的,可能是localhost。 That's disallowed bye the SecurityManager hence the SecurityException. 因为SecurityManager不允许使用SecurityException。
In href's you can use URI (eg, HREF="/somepath") because the browser resolves that against the URL for the page itself to produce the a full URL (eg, http://example.com/somepath ). 在href中,您可以使用URI(例如,HREF =“/ somepath”),因为浏览器会针对页面本身的URL解析该URI以生成完整的URL(例如, http : //example.com/somepath )。
You can do that in Java by using the [appropriate URL constructor][1]. 您可以使用[适当的URL构造函数] [1]在Java中执行此操作。
Update: Ah, I misread; 更新:啊,我误读了; I thought that was a single stack trace. 我认为这是一个单一的堆栈跟踪。
There used to be a bug where liveconnect could access a jar: url and obtain an arbitrary socket connection. 曾经有一个bug,liveconnect可以访问jar:url并获得任意套接字连接。 The fix for that might be causing an issue with opening url connections from the liveconnect thread. 修复此问题可能会导致从liveconnect线程打开url连接时出现问题。 What happens, if in the buy method, you start a thread to perform the connection? 如果在buy方法中,您启动一个线程来执行连接会发生什么?
[1]: http://download.oracle.com/javase/6/docs/api/java/net/URL.html#URL(java.net.URL , java.lang.String) [1]: http : //download.oracle.com/javase/6/docs/api/java/net/URL.html#URL (java.net.URL,java.lang.String)
解决方案7
0 2010-12-17 15:16:01
On Linux it works. 在Linux上它可以工作。
The Add to cart button executes the function Add to cart按钮执行该功能
function saveLayout() {
showSaveMsg();
var status = document.app.buy();
var loc = "http://www.cengraving.com/s/cart";
if (status == 'GOOD') {
window.location = getCartUrl();
} else {
showErrorMsg(status);
}
}
Some remarks: 一些评论:
Is it normal that the local var
locis defined after the app call and not used anyway?在应用程序调用之后定义了本地var loc并且仍未使用它是正常的吗?Also, a
trycatchmay help (in Javascript, wrapping theapp.buy()call).此外, trycatch可能会有所帮助(在Javascript中,包装app.buy()调用)。Besides, I did a bit of research on the Net, and some people - having the same error but from a different usage - report a
ClassPathproblem.此外,我对网络进行了一些研究,有些人 - 具有相同的错误,但来自不同的用途 - 报告了一个ClassPath问题。 Do you have anything specific that could prevent the relevant JRE to be utilized?您是否有任何可能妨碍相关JRE使用的具体内容?
解决方案8
0 2011-03-28 17:07:23
JRE sandbox tries to prevent javascript originated method calls to do harmful things but only thing it does is making programmers life harder. JRE沙箱试图阻止javascript发起的方法调用做有害的事情,但只有它做的事情是让程序员生活更艰难。
Best workaround I've found to this is to build a producer & consumer design pattern event queue which implements very loose coupling between javascript originated calls and actual "dirty work". 最好的解决方法我发现这是建立一个生产者和消费者设计模式事件队列,它实现了javascript发起的调用和实际的“脏工作”之间非常松散的耦合。
What really sucks is that a code which runs fine in XP or Win7 may throw exception in Vista. 真正糟糕的是,在XP或Win7中运行良好的代码可能会在Vista中引发异常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.