小程序写入临时文件必须授予什么权限? [英] What permissions must be granted for applets to write temporary files?
问题描述
我们正在开发一个小程序,需要它能够读取/写入用户临时文件目录(例如 C:\Documents and Settings\USERNAME\Local Settings\Temp)中的文件.
We're developing an applet and need it to be able to read/write files in the user's temporary files directory (e.g. C:\Documents and Settings\USERNAME\Local Settings\Temp).
小程序已签名,用户在小程序启动时单击允许"选项,Java 控制面板有允许用户授予对已签名内容的权限"和允许用户从不受信任的机构授予对内容的权限"启用.
The applet is signed, the user clicks the 'allow' option on applet startup, and the Java Control Panel has "Allow user to grant permissions to signed content" and "Allow user to grant permissions to content from an untrusted authority" enabled.
然而,在启动时,我们得到一个 SecurityException:
However, on startup, we get a SecurityException:
java.lang.SecurityException: Unable to create temporary file
at java.io.File.checkAndCreate(Unknown Source)
at java.io.File.createTempFile(Unknown Source)
at java.io.File.createTempFile(Unknown Source)
at com.jniwrapper.util.AppletHelper.b(SourceFile:104)
at com.jniwrapper.util.AppletHelper.a(SourceFile:79)
at com.jniwrapper.util.AppletHelper.b(SourceFile:50)
at com.jniwrapper.util.AppletHelper.init(SourceFile:122)
at com.x.Y.init(Y.java:31)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: Unable to create temporary file
如果我们编辑 java.policy 文件以将所有内容授予所有内容,那么小程序可以正常工作,但这显然是不安全的.我们必须授予什么最低权限才能允许小程序在用户的临时文件目录中读/写/创建文件?
If we edit the java.policy file to grant all to everything then the applet works OK but this is clearly insecure. What minimal permissions must we grant to allow the applet to read/write/create files in the user's temporary files directory?
推荐答案
使用策略文件进行测试是可以的,但你不应该依赖它来完成你的代码,尤其是在授予文件权限时,这是危险的.
Using the policy file is kinda ok for testing but you should not be relying on it for your finished code, especially when granting a file permission, it is dangerous.
要与文件交互,您需要执行以下操作.
To interact with files you need to do the following.
为您的 jar 签名 - 大量教程,例如 this,你可以做一个自签名的.
Sign your jar - tons of tutorials like this, you can just do a self signed one.
将文件创建代码添加到特权块这里是一个例子
Add the file creation code to a privileged block here is an example
File myFile = (File) AccessController.doPrivileged(new PrivilegedAction() {
public Object run()
{
return new File("C:\\MyFolder\\MyFile");
}
});
这篇关于小程序写入临时文件必须授予什么权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
