需要什么样的权限，可以在manifest文件为一个applet通过JavaScript进行通信 [英] What permissions are needed in the manifest file for an applet to communicate via Javascript

问题描述

我们使用JavaScript小应用程序和其托管的网页之间进行通信。我们需要修改小程序包括权限属性，并且想知道需要启用该小程序的Javascript通信的参数值。我们可以使用沙盒还是我们需要使用所有的权限？

解决方案

通过Java Script的脚本小程序只需要相同的权限小程序将不Java脚本。

话虽如此，从JS任何呼叫不是由JVM认为是值得信赖的。因此，如果需要信任的方法为从JS调用，这将需要实现（在code）使用<一个href=\"http://docs.oracle.com/javase/8/docs/api/java/security/AccessController.html#doPrivileged-java.security.PrivilegedAction-\"相对=nofollow> doPrivileged的（的PrivilegedAction） 。

更多关于 AccessController的

  

的 AccessController的类是用于访问控制的操作和决定。

  
  

更具体地说， AccessController的类用于三个目的：

  
  

  
• ，以决定对关键系统资源的访问是否被允许或拒绝，基于安全策略当前生效，

  
• 标记code为特权，从而影响后续访问决定，和

  
• ，获得当前调用上下文的快照，以便从不同的上下文访问控制决定可以相对于该保存的上下文进行。

  

更多关于 的PrivilegedAction

  

启用特权执行的计算。该计算是通过调用 AccessController.doPrivileged 在的PrivilegedAction 对象上执行。 ..

---

由于不断变化的安全制度，我会建议包装所有code 可能的曾经从JS调用，成的PrivilegedAction 。

We use Javascript to communicate between an applet and its hosting web page. We need to modify the applet to include the permissions attribute, and would like to know which value is needed for enabling Javascript communication for the applet. Can we use sandbox or do we need to use all-permissions?

解决方案

An applet scripted by Java Script only needs the same permissions as the applet would without Java Script.

Having said that, any call from JS is not considered 'trusted' by the JVM. So if a method that requires trust is called from JS, it will need to implement (in the code) use of doPrivileged(PrivilegedAction).

More on AccessController

The AccessController class is used for access control operations and decisions.

More specifically, the AccessController class is used for three purposes:

• to decide whether an access to a critical system resource is to be allowed or denied, based on the security policy currently in effect,
• to mark code as being "privileged", thus affecting subsequent access determinations, and
• to obtain a "snapshot" of the current calling context so access-control decisions from a different context can be made with respect to the saved context.

More on PrivilegedAction

A computation to be performed with privileges enabled. The computation is performed by invoking AccessController.doPrivileged on the PrivilegedAction object. ..

---

Given the changing security regime, I would recommend wrapping all code that might ever be called from JS, into a PrivilegedAction.

这篇关于需要什么样的权限，可以在manifest文件为一个applet通过JavaScript进行通信的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！