如何签署 Java 小程序以在浏览器中使用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/908748/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I sign a Java applet for use in a browser?
提问by user107312
I'm trying to deploy a Java applet on my website. I also need to sign it, because I need to access the clipboard. I've followed all the signing tutorials I could find but have not had any success. Here is what I've done so far:
我正在尝试在我的网站上部署 Java 小程序。我还需要签名,因为我需要访问剪贴板。我遵循了我能找到的所有签名教程,但没有取得任何成功。这是我到目前为止所做的:
- Wrote an applet in NetBeans. It runs fine in the applet viewer.
- Made a .jar file out of it.
- Created a certificate by doing this:
- 在 NetBeans 中编写了一个小程序。它在小程序查看器中运行良好。
- 从中制作了一个 .jar 文件。
- 通过这样做创建了一个证书:
keytool -genkey -keyalg rsa -alias myKeyName keytool -export -alias myKeyName -file myCertName.crt
keytool -genkey -keyalg rsa -alias myKeyName keytool -export -alias myKeyName -file myCertName.crt
- Signed it wtih jarsigner like this:
- 像这样用 jarsigner 签名:
jarsigner "C:\my path\myJar.jar" myKeyName
jarsigner "C:\my path\myJar.jar" myKeyName
- Made an html file containing this:
- 制作了一个包含以下内容的html文件:
<html> <body> <applet code="my/path/name/myApplet.class" archive="../dist/myJar.jar"/> </body> </html>
<html> <body> <applet code="my/path/name/myApplet.class" archive="../dist/myJar.jar"/> </body> </html>
When I open that html file, I never get the security confirmation dialog box (and thus get the "java.security.AccessControlException: access denied" error). This happens on all browsers.
当我打开那个 html 文件时,我从来没有得到安全确认对话框(因此得到“java.security.AccessControlException:访问被拒绝”错误)。这发生在所有浏览器上。
Am I missing a step?
我错过了一步吗?
采纳答案by EdSG
Perhaps it's because you're opening some .class files outsidethe jar file?
也许是因为您在jar 文件之外打开了一些 .class文件?
That way it may not display the warning. I tried doing it that way but it still showed me the certificate warning and for a simple case it actually prevented me from accessing a class from the JAR with the separated class.
这样它可能不会显示警告。我尝试这样做,但它仍然向我显示了证书警告,对于一个简单的情况,它实际上阻止了我从带有分离类的 JAR 访问类。
Maybe your specific setup or file organization causes that behavior. If you can layout that in more detail we could help better (or rather, try putting all those .class files in yet another signed Jar and add it to the archive"..., anotherJar.jar").
也许您的特定设置或文件组织会导致该行为。如果您可以更详细地进行布局,我们可以提供更好的帮助(或者更确切地说,尝试将所有这些 .class 文件放入另一个已签名的 Jar 中并将其添加到存档中“..., anotherJar.jar”)。
回答by Tom Hawtin - tackline
Edit: This answer is historical. JDK9 will apparently deprecate applets. At the time of writing (1 Jan 2017), you should sign applets but give them no additional privileges, then transition to a more current technology.
编辑:这个答案是历史性的。JDK9 显然会弃用小程序。在撰写本文时(2017 年 1 月 1 日),您应该签署小程序但不授予它们额外的权限,然后过渡到更新的技术。
I suggest that you don't sign the code. If you're playing about with other people's security, then you really should know what you are doing.
我建议你不要签署代码。如果你在玩弄别人的安全,那么你真的应该知道你在做什么。
JTextComponentshould allow copy and paste of text, if that is sufficient.
JTextComponent如果足够,应该允许复制和粘贴文本。
jarsigner -verifywill check that your jar is signed. You can also have a quick look at the manifest file and files within META-INF/.
jarsigner -verify将检查您的 jar 是否已签名。您还可以快速查看清单文件和META-INF/.
The pop up dialog to trust certificates may be disabled. In Sun's implementation: open the Java Control Panel; go to the Advanced tab; expand the Security node; the top two tickboxes should be "Allow user to grant permissions to signed context" and "Allow user to grant permissions to content from an untrusted authority".
信任证书的弹出对话框可能被禁用。在 Sun 的实现中:打开 Java 控制面板;转到高级选项卡;展开安全节点;顶部的两个复选框应该是“允许用户授予对已签名上下文的权限”和“允许用户向来自不受信任的机构的内容授予权限”。
回答by brianegge
First, I'd suggest getting a valid code signing certificate. You can get a free cert from Thawte. Although generally these certs are used for S/MIME, they are also valid for code signing.
首先,我建议获得有效的代码签名证书。您可以从Thawte获得免费证书。尽管这些证书通常用于 S/MIME,但它们也可用于代码签名。
The second option is to import your self signed cert into the cacert file of the JRE which your browser is invoking.
第二个选项是将您的自签名证书导入到您的浏览器正在调用的 JRE 的 cacert 文件中。
The next thing to check is to make sure your browser is running your latest jar. One way to do this is to always increment your version number. The other option is for you to clear your Java applet cache. I usually clear my browser's cache as well, but this shouldn't be needed.
接下来要检查的是确保您的浏览器正在运行最新的 jar。一种方法是始终增加您的版本号。另一个选项是让您清除 Java 小程序缓存。我通常也会清除浏览器的缓存,但这不应该是必需的。
回答by monceaux
You mentioned:
你提到:
When I open that html file, I never get the security confirmation dialog box...
当我打开那个 html 文件时,我从来没有收到安全确认对话框......
Are you opening the file from your local file system, or via a URL to a web server hosting the HTML file and applet jar(s)? That could be why you get no warning.
您是从本地文件系统打开文件,还是通过指向托管 HTML 文件和小程序 jar 的 Web 服务器的 URL 打开文件?这可能就是您没有收到警告的原因。
回答by Milhous
Here is a way to sign your jars and then check to see that all the class files are signed with your keystore.
这是一种对 jar 进行签名的方法,然后检查所有类文件是否都使用您的密钥库进行了签名。
#!/bin/bash
KEYSTORE=/home/user/NetBeansProjects/sign/keystore
FILES=`find /home/user/NetBeansProjects/Project/dist/ -name "*.jar"`
for f in $FILES;
do echo password | /usr/bin/jarsigner -keystore $KEYSTORE -verbose $f myself;
echo "Signed $f";
/usr/bin/jarsigner -verify -verbose -certs $f | grep X.509 | sort -u;
done
回答by nuno_cruz
3 easy steps
3个简单的步骤
keytool -genkey -keystore myKeyStore -alias me
keytool -selfcert -keystore myKeyStore -alias me
jarsigner -keystore myKeyStore jarfile.jar me
keytool -genkey -keystore myKeyStore -alias me
keytool -selfcert -keystore myKeyStore -alias me
jarsigner -keystore myKeyStore jarfile.jar 我
