javascript Liveconnect 小程序问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27049420/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Liveconnect Applet problems
提问by Mattos
Cannot call applet methods from javascript. A error appears on the log
无法从 javascript 调用小程序方法。日志上出现错误
-> liveconnect: Security Exception: JavaScript from http:url:port/application attempted to access a resource it has no rights to.
-> liveconnect:安全异常:来自 http:url:port/application 的 JavaScript 试图访问它无权访问的资源。
Manifest-Version: 1.0
Application-Name: application
Created-By: Apache Maven 3.0.4
Caller-Allowable-Codebase: *
Application-Library-Allowable-Codebase: *
Build-Jdk: 1.7.0_72
Permissions: all-permissions
Codebase: *
The java security setting is set to meddium
Java 安全设置设置为中
JRE Version 1.8.0_25-b17
JRE 版本 1.8.0_25-b17
Applet Signed by a trusted source, and the applet jar is downloaded from the same domain as the calling page.
Applet 由受信任的来源签名,并且从与调用页面相同的域下载小程序 jar。
If I try to call the applet method from firebug javascript console another error shows up: Error: Liveconnect call for Applet ID 4 is not allowed in this JVM instance
如果我尝试从 firebug javascript 控制台调用小程序方法,则会出现另一个错误:错误:此 JVM 实例中不允许对 Applet ID 4 的 Liveconnect 调用
The applet TAG:
小程序标签:
<applet id="applet" code="applet.core.AppletBootstrap" codebase="/applet" archive="applet.jar" width="650" height="500" mayscript="mayscript">
<param name="cache_archive" value="applet.jar"/>
<param name="cache_version" value="2.4.17.2,2.4.17.2,2.4.17.2,2.4.17.2,2.4.17.2"/>
<param name="conversationId" value="e00ed781a56a4378a285d7839a9925bf"/>
<param name="userAgent" value="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36" />
<param name="java_status_events" value="true"/>
<param name="separate_jvm" value="true"/>
<param name="classloader_cache" value="false"/>
<param name="java_arguments" value="-Xmx128m -Djnlp.packEnabled=true "/>
</applet>
EDIT: @Seba JDK-8058697 is a OpenJDK bug related to this issue, unfortunately it is not accessible to me - You can see a duplicate of it: here
编辑:@Seba JDK-8058697 是一个与此问题相关的 OpenJDK 错误,不幸的是我无法访问它 - 您可以看到它的副本:here
EDIT 2: Java 8 update 40 is working again
编辑 2:Java 8 更新 40 再次运行
回答by Seba
Today I ran into this problem on Ubuntu 14.10, Firefox 35.0.1 & Oracle Java JRE 1.8.0_31. It is related in some way to JRE utility class in deploy.jar which doesn't work properly on Linux (NativeMixedCodeDialog). On Windows, when you try to access Liveconnect (which implies MIXED security mode) a dialog is shown by this class to kindly ask you for a confirmation. This, for some unknown reasons, doesn't happen on Linux.
今天我在 Ubuntu 14.10、Firefox 35.0.1 和 Oracle Java JRE 1.8.0_31 上遇到了这个问题。它在某种程度上与 deploy.jar 中的 JRE 实用程序类有关,后者在 Linux (NativeMixedCodeDialog) 上无法正常工作。在 Windows 上,当您尝试访问 Liveconnect(这意味着 MIXED 安全模式)时,此类会显示一个对话框,请您确认。由于某些未知原因,这不会发生在 Linux 上。
You can easily try to check this, by running this command:
您可以通过运行以下命令轻松尝试检查这一点:
/usr/lib/jvm/java-8-oracle/jre/bin/java -cp /usr/lib/jvm/java-8-oracle/jre/lib/deploy.jar com.sun.deploy.uitoolkit.ui.NativeMixedCodeDialog "Some Aplet" "Web Site:" "https://localhost" "Publisher:" "Some publisher" "Do not show this again for this app and web site."
My solution was to use Deployment Rule Setto force Java to trust my app.
This might be a no-go for production use, but it let me develop further until this NativeMixedCodeDialoggets fixed.
我的解决方案是使用部署规则集来强制 Java 信任我的应用程序。
这可能不适用于生产用途,但它让我可以进一步开发,直到问题NativeMixedCodeDialog得到解决。
So straight to the point:
所以直截了当:
- Create a file named ruleset.xml
Fill it with content according to this documentation, for ex.
<?xml version="1.0" encoding="UTF-8"?> <ruleset version="1.0+"> <rule> <id location="https://localhost/" /> <action permission="run" version="SECURE" /> </rule> </ruleset>Put this into jar
jar cvf DeploymentRuleSet.jar ruleset.xmlSign this jar with certificate valid in
cacerts, it might be self-signed certificate, but it needs to be found in java cacert file, not just trusted in control paneljarsigner -verbose -keystore ~/selfsigned.p12 -storetype pkcs12 DeploymentRuleSet.jar selfsignedCopy signed jar to
/etc/.java/deployment/- Possibly restart your browser everything should be working fine
- 创建一个名为 ruleset.xml 的文件
根据本文档填写内容,例如。
<?xml version="1.0" encoding="UTF-8"?> <ruleset version="1.0+"> <rule> <id location="https://localhost/" /> <action permission="run" version="SECURE" /> </rule> </ruleset>把这个放进罐子里
jar cvf DeploymentRuleSet.jar ruleset.xml用在
cacerts.jarsigner -verbose -keystore ~/selfsigned.p12 -storetype pkcs12 DeploymentRuleSet.jar selfsigned将签名的 jar 复制到
/etc/.java/deployment/- 可能重新启动浏览器一切正常
回答by stolsvik
The answer from @Seba was fantastic, but I can add some commands that you might need:
@Seba 的回答很棒,但我可以添加一些您可能需要的命令:
Create self signed certificate:
创建自签名证书:
~/CERTIFICATE $ keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -validity 360 -keysize 2048
Export the key from the keystore:
从密钥库导出密钥:
keytool -exportcert -alias selfsigned -keystore keystore.jks -rfc -file selfsigned.cer
Export/Convert the jks keystore into PKCS12 keystore (possibly redundant if you can sign with the ".jks" keystore instead of ".p12" in later step, I did not try):
将 jks 密钥库导出/转换为 PKCS12 密钥库(如果您可以在后面的步骤中使用“.jks”密钥库而不是“.p12”进行签名,则可能是多余的,我没有尝试):
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12
Find the cacerts keystore for your java:
为您的 Java 查找 cacerts 密钥库:
locate cacerts
...
/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
Import key into cacerts:
将密钥导入 cacert:
sudo keytool -import -alias selfsigned -file selfsigned.cer -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
And now you create the ruleset.xml file (omit location for "everything", which obviously defeats the security):
现在您创建了 ruleset.xml 文件(省略“一切”的位置,这显然破坏了安全性):
<?xml version="1.0" encoding="UTF-8"?>
<ruleset version="1.0+">
<rule>
<id />
<action permission="run" />
</rule>
</ruleset>
Jar it up:
装起来:
jar cvf DeploymentRuleSet.jar ruleset.xml
Sign it:
签字:
jarsigner -verbose -keystore ~/CERTIFICATE/keystore.p12 -storetype pkcs12 DeploymentRuleSet.jar selfsigned
And finally, even though there is a .java/deployment directory in your user's directory, you DO need to copy it to the (possibly non-existent) directory /etc/.java/deployment
最后,即使您的用户目录中有一个 .java/deployment 目录,您也需要将它复制到(可能不存在的)目录 /etc/.java/deployment
At least for Firefix, you do not need to restart the browser, as long as you kill the java-process that the browser has started. If it is the only java-process around, then running the following command should do it:
至少对于Firefix,你不需要重启浏览器,只要杀掉浏览器已经启动的java进程即可。如果它是唯一的 java 进程,那么运行以下命令应该可以:
killall java
回答by Will
I get this error with on Ubuntu 14.04LTE using Firefox 31 and jre1.8.0_25.
我在使用 Firefox 31 和 jre1.8.0_25 的 Ubuntu 14.04LTE 上遇到此错误。
On Windows it works fine with various combinations of Windows XP through Windows 8.1 and Firefox, Chrome, IE and different JREs.
在 Windows 上,它适用于 Windows XP 到 Windows 8.1 和 Firefox、Chrome、IE 和不同 JRE 的各种组合。
I found this link recently which seems to apply directly to my problem:
我最近发现这个链接似乎直接适用于我的问题:
https://bugs.openjdk.java.net/browse/JDK-8064677
https://bugs.openjdk.java.net/browse/JDK-8064677
Everything worked fine before I added the code signing certificate's CA to the Ubuntu cacerts file. Up till then I had the site in the Java Control Panel Exception Site List.
在我将代码签名证书的 CA 添加到 Ubuntu cacerts 文件之前,一切正常。直到那时我在 Java 控制面板例外站点列表中都有该站点。
Once I added the CA cert to cacerts I started getting different Liveconnect problems. I eventually got rid of all of them except for the one you're getting.
将 CA 证书添加到 cacerts 后,我开始遇到不同的 Liveconnect 问题。我最终摆脱了所有这些,除了你得到的那个。
I've tried http and https but nothing helps.
我试过 http 和 https 但没有任何帮助。
If I learn anything more I'll let you know.
如果我学到更多东西,我会让你知道的。
