【问题标题】:Java applet issue with manifest attributes from Java7&8Java 7 和 8 的清单属性的 Java 小程序问题
【发布时间】:2015-09-17 20:09:18
【问题描述】:

我的应用程序将使用 java 小程序查看器显示文档,它与 Java6 完美配合。从 Java7 及更高版本开始,我无法查看文档,因为小程序无法加载文档。下面提到了我正在使用的属性。如果有的话,任何人都可以建议我进行所需的更改

ANT 脚本:

<target name="build.applet.manifest">
    <tstamp>
        <format property="build.time" pattern="MMMM dd yyyy" />
    </tstamp>

    <manifest file="${vfiles}/work/MANIFEST.MF">
        <attribute name="Built-By" value="${user.name}" />
        <attribute name="Class-Path" value="" />
        <attribute name="Trusted-Library" value="true" />
        <attribute name="Permissions" value="all-permissions" />
        <attribute name="Codebase" value="*" />
        <attribute name="Application-Name" value="${product.cea}" />
        <attribute name="Caller-Allowable-Codebase" value="*.com *.net" />
        <attribute name="Application-Library-Allowable-Codebase" value="*" />
        <attribute name="Implementation-Vendor" value="${imp-vendor}" />
        <attribute name="Implementation-Title" value="${product.cea}" />
        <attribute name="Implementation-Version" value="${project.version} build ${buildNumber} ${build.time}" />
    </manifest>
</target>

Java 控制台输出:

network: Cache entry found [url: http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png
cache: Resource http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png has expired.
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png with proxy=DIRECT
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png with cookie "JSESSIONID=7567CD6257EE33B405C94F2C4B14EAE0"
network: ResponseCode for http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png : 304
network: Encoding for http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png : null
network: Disconnect connection to http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png
cache: registerReference:com.sun.deploy.cache.MemoryCache$CachedResourceReference@a86d6866: 1
 liveconnect: Security Exception: JavaScript from             http://11.22.33.44:8080/myapplication_penn/daeja/show?CwI4rkFs%2FPfsP3Iv9TKaY6kyx3ki8t4UTxVQFbMj7Bx9V7QRa%2BKhCKhvOKvd7oKUIHoTjWvV9GdnZJQzjDR%2FNtR6%2B3%2Bkud0dI%2FQIh3J%2FrSIkctHBhAiV7mkZH0uCuty0 attempted to access a resource it has no rights to. -a1> 4 ji.v1event.k$a -a1 - jiDocumentEvents 15 Sep 2015, 15:58:13, IST (000000000/000000000): Error processing : null
netscape.javascript.JSException: JavaScript error while calling "handleEvent"
            at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown Source)
            at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown Source)
            at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source)
            at ji.applet.support.d.a(Unknown Source)
            at ji.applet.support.d.a(Unknown Source)
            at ji.applet.ViewONE_AppletImpl.a(Unknown Source)
            at ji.applet.ViewONE_AppletImpl.b(Unknown Source)
            at ji.applet.ViewONE_AppletImpl.javaScriptUpdate(Unknown Source)
            at ji.document.t.b(Unknown Source)
            at ji.document.t.a(Unknown Source)
            at ji.v1event.k.c(Unknown Source)
            at ji.v1event.k.a(Unknown Source)
            at ji.v1event.k$a.a(Unknown Source)
            at ji.v1event.k$a.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
            at ji.awt.y.run(Unknown Source)
network: Cache entry found [url: http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png
cache: Resource http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png has expired.
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png with proxy=DIRECT
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png with cookie "JSESSIONID=7567CD6257EE33B405C94F2C4B14EAE0"
network: ResponseCode for http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png : 304
network: Encoding for http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png : null
network: Disconnect connection to http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png
 cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@4b156f58: 1
network: Cache entry found [url: http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png
cache: Resource http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png has expired.
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png with proxy=DIRECT
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png with cookie "JSESSIONID=7567CD6257EE33B405C94F2C4B14EAE0"
network: ResponseCode for http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png : 304
network: Encoding for http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png :  null
network: Disconnect connection to http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png
cache: registerReference:         com.sun.deploy.cache.MemoryCache$CachedResourceReference@286491db: 1

【问题讨论】:

  • Java 控制台是否显示异常?如果是这样,请在您的问题中包含完整的堆栈跟踪。 (要启用 Java 控制台,请打开 Java 控制面板,选择“高级”选项卡,然后在选项中查找“Java 控制台”部分。)
  • 嗨 VGR,我已经用 java 控制台日志更新了这个问题
  • 小程序是否部署到与您的Caller-Allowable-Codebase 属性值匹配的站点?我认为这将取决于您在浏览器中输入的实际 URL。
  • 嗨 VGR,我的第一个问题是,我们可以在 Java7 和 8 的清单文件中同时包含 Caller-Allowable-Codebase 和 Trusted-Library 吗?此应用程序在 Java6 上运行良好,但 Java7 和 8 出现问题。
  • 这些清单属性中的大多数是在 Java 7 中添加的。根据docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/… 这两个属性彼此没有关系:Caller-Allowable-Codebase 用于 Javascript 调用,这似乎是原因您的例外情况,而 Trusted-Library 意味着应用程序中的所有类都必须签名,即使在其他代码库中也是如此。

标签: java applet java-security security-warning


【解决方案1】:

来自Oracle Java 7 docs

Caller-Allowable-Codebase 属性用于标识 JavaScript 代码可以在没有安全提示的情况下调用您的 RIA 的域。

当您从 ip:8080 调用您的小程序时,您的清单中有 *.com 和 *.net。错误出现在日志中。

作为短期修复,您应该在清单的属性列表中包含您的 IP。作为长期修复,您应该真正指定受信任的域并从那里运行您的小程序。

仅供参考,已添加此属性以降低您的小程序被盗并从其他网站运行的风险。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2017-11-28
    • 2013-06-10
    • 2012-10-13
    • 1970-01-01
    • 2019-07-21
    • 1970-01-01
    • 1970-01-01
    • 2015-07-22
    相关资源
    最近更新 更多