需要什么样的权限,可以在manifest文件为一个applet通过JavaScript进行通信 [英] What permissions are needed in the manifest file for an applet to communicate via Javascript
问题描述
我们使用JavaScript小应用程序和其托管的网页之间进行通信。我们需要修改小程序包括权限
属性,并且想知道需要启用该小程序的Javascript通信的参数值。我们可以使用沙盒
还是我们需要使用所有的权限
?
通过Java Script的脚本小程序只需要相同的权限小程序将不Java脚本。
话虽如此,从JS任何呼叫不是由JVM认为是值得信赖的。因此,如果需要信任的方法为从JS调用,这将需要实现(在code)使用<一个href=\"http://docs.oracle.com/javase/8/docs/api/java/security/AccessController.html#doPrivileged-java.security.PrivilegedAction-\"相对=nofollow> doPrivileged的(的PrivilegedAction)
。
更多关于 AccessController的
的
AccessController的
类是用于访问控制的操作和决定。
更具体地说,
AccessController的
类用于三个目的:
- ,以决定对关键系统资源的访问是否被允许或拒绝,基于安全策略当前生效,
- 标记code为特权,从而影响后续访问决定,和
- ,获得当前调用上下文的快照,以便从不同的上下文访问控制决定可以相对于该保存的上下文进行。
块引用>更多关于
的PrivilegedAction
启用特权执行的计算。该计算是通过调用
AccessController.doPrivileged
在的PrivilegedAction
对象上执行。 ..
块引用>由于不断变化的安全制度,我会建议包装所有code 可能的曾经从JS调用,成
的PrivilegedAction
。We use Javascript to communicate between an applet and its hosting web page. We need to modify the applet to include the
permissions
attribute, and would like to know which value is needed for enabling Javascript communication for the applet. Can we usesandbox
or do we need to useall-permissions
?解决方案An applet scripted by Java Script only needs the same permissions as the applet would without Java Script.
Having said that, any call from JS is not considered 'trusted' by the JVM. So if a method that requires trust is called from JS, it will need to implement (in the code) use of
doPrivileged(PrivilegedAction)
.More on
AccessController
The
AccessController
class is used for access control operations and decisions.More specifically, the
AccessController
class is used for three purposes:
- to decide whether an access to a critical system resource is to be allowed or denied, based on the security policy currently in effect,
- to mark code as being "privileged", thus affecting subsequent access determinations, and
- to obtain a "snapshot" of the current calling context so access-control decisions from a different context can be made with respect to the saved context.
More on
PrivilegedAction
A computation to be performed with privileges enabled. The computation is performed by invoking
AccessController.doPrivileged
on thePrivilegedAction
object. ..
Given the changing security regime, I would recommend wrapping all code that might ever be called from JS, into a
PrivilegedAction
.这篇关于需要什么样的权限,可以在manifest文件为一个applet通过JavaScript进行通信的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!