java.security.AccessControlException:访问被拒绝(“java.security.SecurityPermission”“authProvider.SunMSCAPI”)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19401951/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
提问by Vicky Thakor
Till morning everything working fine in my applet. I took Java update and everything stopped. I'm dealing with digital certificate using applet. Here is my stack trace. I followed some oracle article but didn't work.
直到早上,我的小程序中一切正常。我更新了 Java,一切都停止了。我正在使用小程序处理数字证书。这是我的堆栈跟踪。我关注了一些oracle文章,但没有用。
https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#trusted_libraryhttp://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45 http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#trusted_library http:// www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\vicky.thakor
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:755)
at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:62)
at java.security.KeyStore.load(Unknown Source)
at SecurityApplet.initializeBrowserKeyStore(SecurityApplet.java:162)
at SecurityApplet.isCertificateInstalled(SecurityApplet.java:268)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.Trampoline.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
.java.policyfile I'm creating in public void init()method of applet. Its before accessing anything in applet.
.java.policy我在public void init()小程序的方法中创建的文件。它在访问小程序中的任何内容之前。
grant
{
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "*";
};
Update: 18th Nov, 2013
更新:2013 年 11 月 18 日
Its not working even if using code signing certificate
即使使用代码签名证书它也不起作用
回答by csadler
I cannot comment yet so am putting this as an answer instead.
我还不能发表评论,所以我把它作为答案。
I believe creating the .java.policy file in your applet will be too late - the plugin will have already started up and read the policy files before running any of your code.
You could sign your applet and use a jnlp file to assign permissions in the security element
我相信在您的小程序中创建 .java.policy 文件为时已晚 - 在运行您的任何代码之前,插件已经启动并读取策略文件。
您可以签署您的小程序并使用 jnlp 文件在安全元素中分配权限
回答by adarsh
I know it's pretty late to answer here, but adding my solution as I had a tough time with this:
我知道在这里回答已经很晚了,但是添加我的解决方案,因为我在这方面遇到了困难:
My Issue:While deploying an application (a WAR file) that has dependencies on Bouncy Castle libraries, I faced this issue: `
我的问题:在部署依赖于 Bouncy Castle 库的应用程序(一个 WAR 文件)时,我遇到了这个问题:`
cannot create instance of
org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings
java.security.AccessControlException: access denied
("java.security.SecurityPermission"
"putProviderProperty.BC")
`
`
Here is what I did and it worked for me:
Go to: {Installed JDK path}\jre\lib\security\Open the file java.policy
这是我所做的并且对我有用:转到:{Installed JDK path}\jre\lib\security\打开文件java.policy
Add permission: permission java.security.SecurityPermission "putProviderProperty.BC";
添加权限: permission java.security.SecurityPermission "putProviderProperty.BC";
Restart the programs to load the changes.
重新启动程序以加载更改。
I am yet to understand how exactly this works or if it is safe to just change java.policyfile like this (still looking for other ways to achieve such a configuration).
我还没有理解这到底是如何工作的,或者java.policy像这样更改文件是否安全(仍在寻找其他方法来实现这样的配置)。
Do take precautions with such a change. More at Oracle's doc
对这种变化采取预防措施。Oracle文档中的更多信息
回答by Abhishek
Issue:
问题:
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
It is because we needs permission to access file system resources, but an unsigned applet is denied this permission by default. So, to overcome this, the applet must be signed.
这是因为我们需要访问文件系统资源的权限,但是默认情况下,未签名的小程序拒绝此权限。因此,为了克服这个问题,必须对小程序进行签名。
Simply you need to signed your applet jar file.
只需对您的小程序 jar 文件进行签名即可。
