部署规则集和 Java 7u51
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21318403/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Deployment Rule Sets and Java 7u51
提问by John
I am trying to create a deployment rule set as described here: link
我正在尝试按照此处所述创建部署规则集:链接
I created a simple rule, to allow everything from localhost like
我创建了一个简单的规则,以允许来自 localhost 的所有内容,例如
<rule>
<id location="http://localhost" />
<action permission="run" />
</rule>
After I self-signed the jar file and deployed it in Windows when I try to run a self-signed app(jnlp) from localhost it is still blocked.
在我对 jar 文件进行自签名并将其部署在 Windows 中之后,当我尝试从本地主机运行自签名应用程序(jnlp)时,它仍然被阻止。
Application Blocked by Deployment Rule Set.Can not verify self-signed Deployment Rule Set jar
应用程序被部署规则集阻止。无法验证自签名部署规则集 jar
Q: Can anyone tell me why is not working? Do I have to sign the deployment jar with a verified certificate? I tried to use the deployment rules to avoid the block for my application. I don't want to lower the security or add my site to the trusted list.
问:谁能告诉我为什么不工作?我是否必须使用经过验证的证书对部署 jar 进行签名?我尝试使用部署规则来避免我的应用程序被阻止。我不想降低安全性或将我的站点添加到受信任列表中。
回答by rom9
Looks like the rule set jar has to be signed with a verified cert:
看起来规则集 jar 必须使用经过验证的证书进行签名:
The rule set defined in the ruleset.xml file must be packaged in a signed JAR file named DeploymentRuleSet.jar. The JAR file must be signed with a valid certificate from a trusted certificate authority.
ruleset.xml 文件中定义的规则集必须打包在名为 DeploymentRuleSet.jar 的签名 JAR 文件中。JAR 文件必须使用来自受信任证书颁发机构的有效证书进行签名。
(from http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/deployment_rules.html#package)
(来自http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/deployment_rules.html#package)
This article seems to offer an alternative, which involves importing the self-signed cert on all target machines:
这篇文章似乎提供了一种替代方法,它涉及在所有目标机器上导入自签名证书:
https://blogs.oracle.com/java-platform-group/entry/self_signed_certificates_for_a
https://blogs.oracle.com/java-platform-group/entry/self_signed_certificates_for_a
HTH
HTH
回答by mangper
I just have been throught this process and I was successfull. I followed this blog postto make my own ruleset and it worked like a charm. But with only one trick the command to sign the jar the NA must be replaced by the certificate password or you must omit the storepass parameter so it will ask the password interactively.
我刚刚经历了这个过程,我成功了。我按照这篇博文制作了我自己的规则集,它就像一个魅力。但是只有一个技巧,签署 jar 的命令必须用证书密码替换 NA,或者您必须省略 storepass 参数,以便它会交互地询问密码。
I think you should check:
我认为你应该检查:
- You imported your cert as a signing CA so the jar signature can be verified (see the blog post).
- Your ruleset follows the specificationstrictly. I had to remove some comments I added to the ruleset as it failed.
- Remove the http:// from the location
- 您将证书作为签名 CA 导入,以便可以验证 jar 签名(请参阅博客文章)。
- 您的规则集严格遵循规范。我不得不删除我添加到规则集中的一些评论,因为它失败了。
- 从该位置删除 http://
