如何允许我的Java applet使用MySQL?
[英]How do I permit my Java applet to use MySQL?
问题描述
I've recently gotten my hobby java project embedded into a page thanks to this very site , but now I'm having some security issues. 
由于这个网站 ,我最近把我的业余爱好java项目嵌入了一个页面,但现在我遇到了一些安全问题。
I have the include: 我有包括:
import java.sql.*;
and the line: 和行:
Class.forName("com.mysql.jdbc.Driver").newInstance();
as well as a mysql .jar file in my src directory, it works from the console, and in the applet works fine from the applet - up until that forName() line in my code, where it throws the exception: 以及我的src目录中的mysql .jar文件,它可以从控制台运行,并且在applet中可以正常工作 - 直到我的代码中的forName()行,它会抛出异常:
Exception: com.mysql.jdbc.Driverjava.lang.ClassNotFoundException: com.mysql.jdbc.Driver
java.security.AccessControlException: access denied (java.lang.RuntimePermission exitVM.-1)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkExit(Unknown Source)
at java.lang.Runtime.exit(Unknown Source)
at java.lang.System.exit(Unknown Source)
at applet.Database.connectDB(Database.java:80)
etc...
I think I may be able to fix it with a client.policy file, otherwise I might need to write an abstraction layer which uses a server-client network connection to query from the server-side... 我想我可以使用client.policy文件修复它,否则我可能需要编写一个抽象层,它使用服务器 - 客户端网络连接从服务器端查询...
I'm sure the Java gurus here probably know the best way about it. 我相信这里的Java大师可能知道最好的方法。
6 个解决方案
解决方案1
2 2008-10-17 05:17:14
如果您尝试使用applet中的JDBC驱动程序,则需要使用证书对applet进行签名,并且在客户端加载applet时,服务器需要提供此证书。
解决方案2
2 已采纳 2008-10-17 17:01:07
I think the security exception is actually from a System.exit() call in your applet, after the Class.forName(). 我认为安全异常实际上来自applet中的System.exit()调用,在Class.forName()之后。 Generally you are not allowed to call System.exit() in unsigned applets as it shuts the whole JVM down. 通常,您不允许在未签名的applet中调用System.exit(),因为它会关闭整个JVM。 Have you checked if line 80 is actually the Class.forName() line, or does line 80 have some kind of exception handler which tries to call System.exit() if the driver does not load? 您是否检查了第80行是否实际上是Class.forName()行,或者第80行是否有某种异常处理程序,如果驱动程序未加载,它会尝试调用System.exit()?
Anyway, in order to load the mysql jar file in your applet, you need to include it in an ARCHIVE attribute like this: 无论如何,为了在你的applet中加载mysql jar文件,你需要将它包含在ARCHIVE属性中,如下所示:
<APPLET ARCHIVE="mysql.jar" CODEBASE="./src/" ...
Once you get past this stage, you will still need to host the mysql server at the same IP number/hostname as the webserver, and open it to all the same people who can access your applet. 一旦超过此阶段,您仍然需要以与Web服务器相同的IP号/主机名托管mysql服务器,并将其打开给可以访问您的applet的所有相同人员。 As Tony said, this isn't how people normally do it, for security reasons. 正如托尼所说,出于安全原因,人们通常不会这样做。 Better to write something on the server side, if you have control of the app server, and use XML or some other data exchange method to get the data out to the applet. 如果您可以控制应用服务器,并使用XML或其他一些数据交换方法将数据输出到applet,那么最好在服务器端编写一些东西。 Of course if you are just experimenting to learn about applets, then it's probably fine - but do take care to keep mysql behind your firewall if possible. 当然,如果您只是在尝试学习applet,那么它可能很好 - 但如果可能的话,请注意将mysql保留在防火墙后面。
解决方案3
1 2008-10-17 06:38:06
The accepted way to do this is to make HTTP requests for data from the server from which the applet was loaded, and run the queries from the server. 可接受的方法是从加载小程序的服务器发出HTTP请求,并从服务器运行查询。 JSON or XML are good ways to exchange data between the applet and the server (similar to the way you do an AJAX application, sending XML or JSON between the browser and the server). JSON或XML是在applet和服务器之间交换数据的好方法(类似于你做AJAX应用程序的方式,在浏览器和服务器之间发送XML或JSON)。
解决方案4
1 2008-10-17 17:13:13
As mentioned in one of the other answers (@Leigh Caldwell), I would strongly recommend not doing things this way. 正如其他一个答案(@Leigh Caldwell)所述,我强烈建议不要这样做。 If your applet has access to MySQL then so does everyone else in the world. 如果您的applet可以访问MySQL,那么世界上的其他人也是如此。 Decompilation is so trivial these days that it would only be a moment's work for an industrious hacker to get the applet credentials to the database. 如今,反编译是如此微不足道,以至于只有一个勤劳的黑客才能将applet凭据提供给数据库。 Also, MySQL's user/pass authentication is fairly weak, most of its security is IP-based. 此外,MySQL的用户/通过身份验证相当薄弱,其大部分安全性都是基于IP的。 By opening it up to the world, you're throwing away your first line of deference. 通过向全世界开放,你将丢掉你的第一线。
A better approach would be to build some sort of frontend protocol on the server side (XMLRPC would be a good foundation and easy to use). 更好的方法是在服务器端构建某种前端协议(XMLRPC将是一个很好的基础并且易于使用)。 If the applet absolutely needs access to a database, your best bet would be HSQLDB in memory. 如果applet绝对需要访问数据库,那么最好的选择就是内存中的HSQLDB 。 This doesn't require any file permissions and can be run completely in-sandbox. 这不需要任何文件权限,可以在沙盒中完全运行。 The local in memory database could be synchronized with the server as necessary using the aforementioned XMLRPC facade. 可以根据需要使用上述XMLRPC外观将本地内存数据库与服务器同步。
解决方案5
0 2008-10-17 05:10:38
Try getting rid of the newInstance() part. 尝试摆脱newInstance()部分。 I think just having the Class.forName() does it for loading the driver. 我认为只有Class.forName()才能加载驱动程序。
解决方案6
0 2008-10-17 17:11:08
The exception tells you that the applet has been unable to load the driver class. 该异常告诉您applet无法加载驱动程序类。 Your applet needs to download the jar containing the class at runtime, via HTTP, so you must have the jar (mysql.jar or whatever it is called) available on the webserver. 您的applet需要在运行时通过HTTP下载包含该类的jar,因此您必须在Web服务器上提供jar(mysql.jar或其他任何名称)。
Once you solve this problem the user will have to allow the applet permissions so that it can make a TCP socket connection to the mysql db server. 解决此问题后,用户必须允许applet权限,以便它可以与mysql数据库服务器建立TCP套接字连接。 They will prompted with a dialog box... 他们会提示一个对话框......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.