Java 小程序清单 - 允许所有 Caller-Allowable-Codebase
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19393826/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Java applet manifest - Allow all Caller-Allowable-Codebase
提问by William W
As of Java 7u45 an applet will display a warning message (even if signed with a trusted cert) if a webpage tries to interact with it via javascript and that page isn't listed in the manifest's Caller-Allowable-Codebase attribute.
从 Java 7u45 开始,如果网页尝试通过 javascript 与其交互并且该页面未在清单的 Caller-Allowable-Codebase 属性中列出,则小程序将显示警告消息(即使使用受信任的证书签名)。
Release notes about this change: http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
有关此更改的发行说明:http: //www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
Oracle blog post about this bug: https://blogs.oracle.com/java-platform-group/entry/7u45_caller_allowable_codebase_and
有关此错误的 Oracle 博客文章:https: //blogs.oracle.com/java-platform-group/entry/7u45_caller_allowable_codebase_and
Attribute description: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#caller_allowable
属性说明:http: //docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#caller_allowable
I have tried just a wildcard (*), but I still get the warning.
我只尝试了通配符 (*),但仍然收到警告。
Is there a way around this other than listing all codebases it may run at?
除了列出它可能运行的所有代码库之外,还有其他方法可以解决这个问题吗?
The reason this is a problem for me is that this applet runs on many different machines and networks, but always on intranets at various locations. This applet also needs to communicate with javascript because it talks to local USB scales and displays results and interacts with the page.
这对我来说是个问题的原因是这个小程序运行在许多不同的机器和网络上,但总是在不同位置的 Intranet 上。该小程序还需要与 javascript 进行通信,因为它与本地 USB 缩放并显示结果并与页面交互。
Applet in question: https://github.com/JaggedJax/CIO_Scale
有问题的小程序:https: //github.com/JaggedJax/CIO_Scale
采纳答案by Nikolas Pooch
Removing the Trusted-Library attribute seems to be mandatory to get Caller-Allowable-Codebase working, no more warnings. However, this breaks Java 7 Update 21 - 40 which treated JavaScript code that calls code within a signed applet running with all permissions as mixed code and warning dialogs are raised if the signed JAR files are not tagged with the Trusted-Library=true attribute.
删除 Trusted-Library 属性似乎是使 Caller-Allowable-Codebase 正常工作的必要条件,不再有警告。但是,这会破坏 Java 7 Update 21 - 40,它将在所有权限下运行的签名小程序中调用代码的 JavaScript 代码视为混合代码,如果签名的 JAR 文件没有使用 Trusted-Library=true 属性标记,则会引发警告对话框。
回答by Marc Schabb
We had this problem too - we were building with 1.4.2, on the theory that clients might not have an updated JRE plugin. Despite putting in the new manifest attributes, we still got the popup warnings in the 1.7_u45 JRE. We rebuilt with 1.6, and the warnings went away.
我们也有这个问题 - 我们使用 1.4.2 构建,基于客户端可能没有更新的 JRE 插件的理论。尽管添加了新的清单属性,我们仍然在 1.7_u45 JRE 中收到弹出警告。我们用 1.6 重建,警告消失了。
回答by user2885326
I had the same issue, So I remove Trusted-Library=true from my MANIFEST.MF, work Caller-Allowable-Codebase attribute fine.
我有同样的问题,所以我从我的 MANIFEST.MF 中删除了 Trusted-Library=true,工作 Caller-Allowable-Codebase 属性很好。
回答by helpCrypto
Without using Trusted-Libraryand setting:
不使用Trusted-Library和设置:
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Doesn't work for me, and i still see the warning.
对我不起作用,我仍然看到警告。
Update: Tried also with http://... but didn't work either.
更新:也尝试使用 http://... 但也没有用。
Update2: Seems even worse. I didnt update 7u40 (to 7u45) but Java console (full debug) shows the "LiveConnect 1.7.45" text. After that, my Javascript->Java calls are blocked.
Update2:看起来更糟。我没有更新 7u40(到 7u45),但 Java 控制台(完整调试)显示“LiveConnect 1.7.45”文本。之后,我的 Javascript->Java 调用被阻止。
Update 3: I noticed my warning shows Application and Publisher = UNKNOWN. Altought i have:
更新 3:我注意到我的警告显示 Application 和 Publisher = UNKNOWN。虽然我有:
Application-Name: MyApplet
Implementation-Vendor: MyCompany
I tried using JDK7u45 instead of JDK7u5 i was using.
我尝试使用 JDK7u45 而不是我使用的 JDK7u5。
回答by fiffy
My findings are the same:
我的发现是一样的:
This prevents warnings with Java 7u21 - 7u40:
这可以防止 Java 7u21 - 7u40 出现警告:
Manifest-Version: 1.0
Trusted-Library: true
This exclusivly prevents warnings with Java 7u45:
这专门防止了 Java 7u45 的警告:
Manifest-Version: 1.0
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Mixing both won't work in 7u45.
混合两者在 7u45 中不起作用。
Now what? Did anyone find a way to allow SIGNED applets with "all-permissions" to run without warnings in both JRE-versions?
怎么办?有没有人找到一种方法来允许具有“所有权限”的签名小程序在两个 JRE 版本中都没有警告地运行?
What the hell is wrong with oracle?
oracle 到底有什么问题?
回答by rob2000
from oracle:
来自甲骨文:
Area: Deployment/Plugin Synopsis: Caller-Allowable-Codebase may be ignored when used with Trusted-Library.
区域:部署/插件概要:当与 Trusted-Library 一起使用时,Caller-Allowable-Codebase 可能会被忽略。
If a trusted, signed jar is using the Caller-Allowable-Codebase manifest attribute along with Trusted-Library then the Caller-Allowable-Codebase manifest entry will be ignored and, as a result, a JavaScript -> Java call will show the native LiveConnect warning. The workaround is to remove the Trusted-Library manifest entry.
如果受信任的签名 jar 使用 Caller-Allowable-Codebase 清单属性和 Trusted-Library,则 Caller-Allowable-Codebase 清单条目将被忽略,因此,JavaScript -> Java 调用将显示本机 LiveConnect警告。解决方法是删除 Trusted-Library 清单条目。
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
回答by user2886551
I had the same issue. Solution for me was using same parameters in manifest as Oracle used on donwload page in applet for verify java version http://www.java.com/en/download/installed.jspTheir applet does not popup any warnings.
我遇到过同样的问题。对我来说,解决方案是在清单中使用与 Oracle 在小程序的下载页面上使用的相同参数来验证 Java 版本http://www.java.com/en/download/installed.jsp他们的小程序不会弹出任何警告。
so solution is:
所以解决方案是:
Manifest-Version: 1.0
Codebase: *
Permissions: all-permissions
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Application-Name: APPNAME
Manifest-Version: 1.0
Codebase: *
Permissions: all-permissions
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Application-Name: APPNAME
it works on:
1.7.0_17-b02
1.7.0_25-b17
1.7.0_45-b18
它适用于:
1.7.0_17-b02
1.7.0_25-b17
1.7.0_45- b18
回答by Lawrence Dol
This set of attributes allows the applet to load without warnings in Java 7u45:
这组属性允许小程序在 Java 7u45 中加载而不发出警告:
Application-Name: ...
Main-Class: com...
Sealed: true
Codebase: *
Caller-Allowable-Codebase: *
Permissions: all-permissions
We have tested on the following JVMs:
我们已经在以下 JVM 上进行了测试:
- Java 6u20 (OK, well duh!)
Java 7u21- must include Trusted-Library to avoid warningJava 7u25- must include Trusted-Library to avoid warningJava 7u40- must include Trusted-Library to avoid warning- Java 7u45
- Java 6u20(好吧,好吧!)
Java 7u21- 必须包含 Trusted-Library 以避免警告Java 7u25- 必须包含 Trusted-Library 以避免警告Java 7u40- 必须包含 Trusted-Library 以避免警告- Java 7u45
So the long and short is we have a dilemma; to have no warning on 7u21, 7u25 and 7u40 you must include Trusted-Library:true, and to have no warning on 7u45 you must omit this property.
所以多空是我们两难的选择;要在 7u21、7u25 和 7u40 上没有警告,您必须包含 Trusted-Library:true,并且要在 7u45 上没有警告,您必须省略此属性。
Thanks Oracle for a Kobayashi Maru - we love you.
感谢 Oracle 提供小林丸 - 我们爱你。
回答by englebart
For update 1.7.0_25 (and probably 21-40), setting the security settings to Medium in the Java Control Panel -> Security tab removes prompting when using the manifest tags for update 1.7.0_45.
对于更新 1.7.0_25(可能还有 21-40),在 Java 控制面板 -> 安全选项卡中将安全设置设置为中会删除使用更新 1.7.0_45 的清单标签时的提示。
回答by Sarel Botha
The only solution that I can think of that works with 7u45 and the Trusted-Library versions (7u21, 7u25 and 7u40) is to create two different JARs with different manifests and then detecting the user's version and loading the right one.
我能想到的唯一适用于 7u45 和 Trusted-Library 版本(7u21、7u25 和 7u40)的解决方案是创建两个具有不同清单的不同 JAR,然后检测用户的版本并加载正确的版本。
The main version served to versions before 7u21 and 7u45 and up will have the new Caller-Allowable-Codebase and no Trusted-Library entry. The second version produced will have Trusted-Library and will be served only to 7u21, 7u25 and 7u40.
服务于 7u21 和 7u45 及更高版本的主版本将具有新的 Caller-Allowable-Codebase 并且没有 Trusted-Library 条目。生成的第二个版本将具有 Trusted-Library,并且仅提供给 7u21、7u25 和 7u40。
Here is an ant macro to create the new jar with the modified manifest:
这是一个使用修改后的清单创建新 jar 的 ant 宏:
<macrodef name="addtrustedlibrarytojar">
<attribute name="jarpath" />
<attribute name="newjarpath" />
<sequential>
<echo>Unzipping @{jarpath} to add Trusted-Library</echo>
<mkdir dir="build/temp_trusted_library" />
<unjar src="@{jarpath}" dest="build/temp_trusted_library" />
<echo>Inserting Trusted-Library in manifest</echo>
<replaceregexp match="^" replace="Trusted-Library: true${line.separator}" flags="s">
<fileset dir="build/temp_trusted_library/META-INF" includes="MANIFEST.MF"/>
</replaceregexp>
<echo>Creating @{newjarpath}</echo>
<zip file="@{newjarpath}" basedir="build/temp_trusted_library" />
<echo>Deleting build/temp_trusted_library directory</echo>
<delete dir="build/temp_trusted_library" />
</sequential>
</macrodef>
Call the macro like this for each JAR that needs the change made:
为每个需要更改的 JAR 调用这样的宏:
<addtrustedlibrarytojar jarpath="dist/myapplet.jar" newjarpath="dist/myapplet_tl.jar" />
Remember to sign the new JAR. If it was signed already this change will invalidate the signature.
记得在新的 JAR 上签名。如果已经签名,则此更改将使签名无效。
We use the PluginDetectlibrary to detect the version of Java. Just extract PluginDetect_Java_Simple.js and getJavaInfo.jar. This code will get the java version:
我们使用PluginDetect库来检测 Java 的版本。只需提取 PluginDetect_Java_Simple.js 和 getJavaInfo.jar。此代码将获得 java 版本:
<script type="text/javascript" src="js/PluginDetect_Java_Simple.js"></script>
<script type="text/javascript">
var javaVersionDetected = '0';
function javaDetectionDone(pd) {
javaVersionDetected = pd.getVersion("Java");
if (console) console.info('Detected java version: ' + javaVersionDetected);
}
PluginDetect.onDetectionDone("Java", javaDetectionDone, "js/getJavaInfo.jar", null);
</script>
We use javascript to launch our applets so we use this to decide between the standard and trusted-library applets:
我们使用 javascript 来启动我们的小程序,因此我们使用它来决定标准和受信任的库小程序:
if (javaVersionDetected === '1,7,0,21' || javaVersionDetected === '1,7,0,25' || javaVersionDetected === '1,7,0,40') {
if (console) console.debug('Using TL applet');
attribs['archive'] = 'applets/myapplet_tl.jar';
}
else {
if (console) console.debug('Using normal applet');
attribs['archive'] = 'applets/myapplet.jar';
}
