“java.security.AccessControlException:access denied”执行签名的Java Applet
[英]“java.security.AccessControlException: access denied” executing a signed Java Applet
问题描述
I have a little Java Applet and I have an annoying issue. 
我有一个小Java小程序,我有一个恼人的问题。 I have signed my JAR with my own keystore using jarsigner tool (following these instructions ). 我使用jarsigner工具(遵循这些说明 )使用我自己的密钥库签署了我的JAR。
The Java Applet downloads a signed JAR and tries to launch it with an extended class of URLClassLoader . Java Applet下载已签名的 JAR并尝试使用扩展类URLClassLoader启动它。 This JAR tries to execute this line of code: 这个JAR试图执行这行代码:
ClassLoader.getSystemClassLoader().getResource("aResource");
It fails with a large stack trace finished by: 它失败了,堆栈跟踪很大,完成了:
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at java.security.AccessController.checkPermission(AccessController.java:555)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1476)
at test.SecondJAR.main(SecondJAR.java:8)
(Line 8 of test.SecondJAR corresponds to getResource(...) method (test.SecondJAR的第8行对应于getResource(...)方法
When the Java Applet is launched, the user is prompted to accept the certificate if he/she trusts the publisher: 启动Java Applet时,如果用户信任发布者,则会提示用户接受证书:
Even if I accept it, the exception occurred. 即使我接受它,也会发生异常。 Even if I install the certificate, and the prompt message is automatically accepted, the exception occurred. 即使我安装了证书,并且自动接受了提示消息,也会发生异常。
I have tried too this: 我也试过这个:
AccessController.doPrivileged(new PrivilegedAction<Object>() {
public Object run() {
ClassLoader.getSystemClassLoader().getResource("aResource");
return null;
}
});
And it fails with the same exception. 它失败了同样的例外。
Any help would be appreciated! 任何帮助,将不胜感激!
2 个解决方案
解决方案1
8 已采纳 2012-07-03 14:42:42
Finally I have found the answer! 最后我找到了答案!
I followed the guidelines of Andrew Thomson and I created a custom SecurityManager . 我遵循了Andrew Thomson的指导方针,并创建了一个自定义的SecurityManager 。 My little security manager looks like this: 我的小安全经理看起来像这样:
private class MySecurityManager extends SecurityManager {
@Override
public void checkPermission(Permission perm) {
return;
}
}
It is a neglected security manager that accepts all permissions. 它是一个被忽视的安全管理器,它接受所有权限。 It should be improved allowing only getting system ClassLoader in runtime. 应该改进它,只允许在运行时获取系统ClassLoader。
To use my ugly SecurityManager I added these lines at the beginning of Java Applet start() method: 为了使用我丑陋的SecurityManager,我在Java Applet start()方法的开头添加了这些行:
SecurityManager sm = new MySecurityManager();
System.setSecurityManager(sm);
With this workaround, all the process worked as expected! 通过此解决方法,所有过程都按预期工作!
Maybe there exist other (better) solutions, but it worked for me. 也许存在其他(更好的)解决方案,但它对我有用。
Thank you all! 谢谢你们!
解决方案2
2 2012-07-03 09:13:27
The problem is that the JRE only considers code in the original code-base to be trusted. 问题是JRE只考虑原始代码库中的代码是可信的。 Two possible solutions are: 两种可能的解决方案是
- Set a custom security manager that allows the new code to have the privileges it requires. 设置自定义安全管理器,允许新代码具有所需的权限。
- Wrap the new code in a
PrivilegedAction& call it fromAccessController.doPrivileged(..)method (just occurred to me as a possibility, not sure if I understand the scope of it, completely untested).将新代码包装在PrivilegedAction并从AccessController.doPrivileged(..)方法调用它(只是发生在我身上的可能性,不确定我是否理解它的范围,完全未经测试)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.