“java.security.AccessControlException: access denied”正在执行一个签名的 Java Applet
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11307206/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
"java.security.AccessControlException: access denied" executing a signed Java Applet
提问by logoff
I have a little Java Applet and I have an annoying issue. I have signedmy JAR with my own keystore using jarsigner tool (following these instructions).
我有一个 Java Applet 小程序,但有一个烦人的问题。我已经使用 jarsigner 工具(按照这些说明)用我自己的密钥库对我的 JAR 进行了签名。
The Java Applet downloads a signedJAR and tries to launch it with an extended class of URLClassLoader. This JAR tries to execute this line of code:
Java Applet 下载一个签名的JAR 并尝试使用URLClassLoader的扩展类启动它。这个 JAR 尝试执行这行代码:
ClassLoader.getSystemClassLoader().getResource("aResource");
It fails with a large stack trace finished by:
它失败并通过以下方式完成大堆栈跟踪:
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at java.security.AccessController.checkPermission(AccessController.java:555)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1476)
at test.SecondJAR.main(SecondJAR.java:8)
(Line 8 of test.SecondJAR corresponds to getResource(...)method
(test.SecondJAR 的第 8 行对应getResource(...)方法
When the Java Applet is launched, the user is prompted to accept the certificate if he/she trusts the publisher:
当 Java Applet 启动时,如果用户信任发布者,则会提示用户接受证书:
Even if I accept it, the exception occurred. Even if I install the certificate, and the prompt message is automatically accepted, the exception occurred.
即使我接受它,也发生了异常。即使我安装了证书,并且自动接受提示信息,也发生了异常。
I have tried too this:
我也试过这个:
AccessController.doPrivileged(new PrivilegedAction<Object>() {
public Object run() {
ClassLoader.getSystemClassLoader().getResource("aResource");
return null;
}
});
And it fails with the same exception.
它以相同的例外失败。
Any help would be appreciated!
任何帮助,将不胜感激!
回答by logoff
Finally I have found the answer!
我终于找到了答案!
I followed the guidelines of Andrew Thomsonand I created a custom SecurityManager. My little security manager looks like this:
我遵循了Andrew Thomson的指导方针,并创建了一个自定义的SecurityManager。我的小安全经理看起来像这样:
private class MySecurityManager extends SecurityManager {
@Override
public void checkPermission(Permission perm) {
return;
}
}
It is a neglected security manager that accepts all permissions. It should be improved allowing only getting system ClassLoader in runtime.
它是一个被忽视的安全管理器,接受所有权限。应该改进它只允许在运行时获取系统类加载器。
To use my ugly SecurityManager I added these lines at the beginning of Java Applet start()method:
为了使用我丑陋的 SecurityManager,我在 Java Appletstart()方法的开头添加了这些行:
SecurityManager sm = new MySecurityManager();
System.setSecurityManager(sm);
With this workaround, all the process worked as expected!
使用此解决方法,所有过程都按预期工作!
Maybe there exist other (better) solutions, but it worked for me.
也许存在其他(更好)的解决方案,但它对我有用。
Thank you all!
谢谢你们!
回答by Andrew Thompson
The problem is that the JRE only considers code in the original code-baseto be trusted. Two possible solutions are:
问题是 JRE 只认为原始代码库中的代码是可信的。两种可能的解决方案是:
- Set a custom security manager that allows the new code to have the privileges it requires.
- Wrap the new code in a
PrivilegedAction& call it fromAccessController.doPrivileged(..)method (just occurred to me as a possibility, not sure if I understand the scope of it, completely untested).
- 设置一个自定义安全管理器,允许新代码拥有它所需的权限。
- 将新代码包装在
PrivilegedAction& 从AccessController.doPrivileged(..)方法中调用它(只是我想到的一种可能性,不确定我是否理解它的范围,完全未经测试)。
