Applet停止使用JNLP MissingFieldException< jnlp>. [英] Applet stopped working with a JNLP MissingFieldException <jnlp>

问题描述

我有一个运行1/2年的applet.现在，我需要重新激活"它，但是由于未知的原因，它不再起作用了.规格如下:

I have an applet which was running 1/2 year ago. Now i needed to 'reactivate' it however for an unknown reason it is not working anymore. Here are the specs:

• 基于JNLP的NG Applet
• Tomcat 7
• JRE 1.7.0_25
• Firefox 22和Chrome 28

这是我得到的错误:

MissingFieldException[ The following required field is missing from the launch file: <jnlp>]
at com.sun.javaws.jnl.XMLFormat.parse(Unknown Source)
at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
at com.sun.javaws.jnl.LaunchDescFactory._buildDescriptor(Unknown Source)
at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
at sun.plugin2.applet.JNLP2Manager.initialize(Unknown Source)
at sun.plugin2.main.client.PluginMain.initManager(Unknown Source)
at sun.plugin2.main.client.PluginMain.access$200(Unknown Source)
at sun.plugin2.main.client.PluginMain$2.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Error while initializing manager: MissingFieldException[ The following required field is missing from the launch file: <jnlp>], bail out

到目前为止我一直在尝试/怀疑的事情:

What I tried/suspected so far:

1. Oracle随安全更新7u17、7u21或7u25一起引入.但是我尝试了从7u25到7u0的所有JRE，但没有帮助.还尝试了6u51到6u22，我相信以前也能奏效.
2. Mozilla或Google引入了与Java插件结合以提高其浏览器安全性的措施.尝试了各种较旧的浏览器版本-均未成功.但是后来我尝试了IE10，并且可以正常运行?！
3. 分析了JNLP文件(也与JaNeLa一起使用)，但是由于它以前可以工作并且可以在IE10中使用，因此不能成为JNLP.似乎该插件甚至都没有分析JNLP.

1. Something oracle introduced with security update 7u17, 7u21 or 7u25. However I tried all JREs from 7u25 down to 7u0 it didn't help. Also tried 6u51 down to 6u22 which I am sure did work before.
2. Something Mozilla or Google introduced in their effort to increase the security of their browsers in combination with the java plugin. Tried various older browser versions - no success. However then I tried the IE10 and it is working ?!
3. Analyzed the JNLP file (also with JaNeLa) but since it did work before and works in IE10 it can't be the JNLP. It seems that the plugin doesn't even come to analyzing the JNLP.

有什么想法吗?

推荐答案

在解决这个问题上将近两天后，我想出了办法，希望可以帮助其他人.解释:

After nearly spending two days on that problem I figured it out, hopefully helping others with that. The explanation:

1. 我的小程序在受保护的Web应用程序的上下文中运行，在该应用程序中，用户需要先使用表单登录名进行登录.
2. 这样做之后，将创建一个会话cookie，并将其发送回客户端/浏览器.
3. 自从我从tomcat 6切换到tomcat 7之后， useHttpOnly策略默认情况下启用此功能，该功能在tomcat 7之前的所有tomcat版本中均被禁用​​.HttpOnly标志指示浏览器阻止通过JavaScript/插件访问这些cookie(出于安全原因，例如，跨站点脚本等).
4. 现在，由于Java插件无法访问Cookie，因此它在请求JNLP文件时没有将其发送到服务器.
5. 服务器将返回所有未授权请求的登录页面.
6. 最后但并非最不重要的一点是，JNLP解析器正在寻找<jnlp>结构且找不到任何结构-因此产生了上述错误.

1. My applet runs in the context of a protected web application where a user needs to login with a form login first.
2. After doing so, a session cookie is created and sent back to the client/browser.
3. Since I switched from tomcat 6 to tomcat 7 the useHttpOnly policy for cookies is enabled by default which was disabled for all tomcat versions prior tomcat 7. The HttpOnly flag instructs browsers to prevent access to those cookies from JavaScript/Plugins (security reasons e.g. cross site scripting etc).
4. Now since the java plugin couldn't access the cookie it didn't sent it to the server when requesting the JNLP file.
5. the server returns the loginpage for all unauthorized request.
6. Last but not least the JNLP parser was looking for the <jnlp> structure and couldn't find any - so the above error was generated.

那怎么预防呢?

1. 全局禁用tomcat中的useHttpOnly标志
2. 为Web应用程序禁用useHttpOnly标志(我这样做了).为此，在您的Web应用程序的META-INF中添加一个context.xml文件，其中包含以下行
   <Context path="/" cookies="true" useHttpOnly="false"/>

1. Disable the useHttpOnly flag in tomcat globally
2. Disable the useHttpOnly flag for a webapplication (which I did). To do that add a context.xml file in the META-INF of your webappication which contains the following line
   <Context path="/" cookies="true" useHttpOnly="false"/>

现在，为什么IE10似乎忽略了httponly标志，这是我可以忍受的一个开放问题；-)

Now why the IE10 seems to ignore the httponly flag is a open question i can live with ;-)

这篇关于Applet停止使用JNLP MissingFieldException< jnlp>.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！