在签名小程序中使用 AccessControler.doPrivileged 时的 InvocationTargetException [英] InvocationTargetException when using AccessControler.doPrivileged in a signed applet
问题描述
我在通过 JavaScript 调用的小程序中有以下方法
I'm having the following method in an applet which is called via JavaScript
public String getAString()
{
Object rc = AccessController.doPrivileged(
new java.security.PrivilegedAction()
{
public Object run()
{
try
{
return "OK";
}
catch (Throwable t)
{
t.printStackTrace();
return "ERROR: " + t.getMessage() + " " + t.getCause();
}
}
});
// Return value
return rc.toString();
}
applet 是使用 keytool 创建的证书签名的
The applet is signed using a certificate created with keytool
当我调用 getAString()
时,如果抛出 InvocationTargetException
.如果我调用其他不使用 AccessController 类的方法,我就不会遇到这个问题.
When I call getAString()
if throws the InvocationTargetException
.
If I call other methods which don't use the AccessController class, I'm not having this problem.
此外,每次我打开浏览器时,都会要求我允许小程序运行,即使小程序已签名.
Also, each time I open the browser I'm asked to allow the applet to run even the the applet is signed.
我该如何解决这个问题?
How can I fix this?
编辑
我添加了一个按钮,现在我获得了更多信息:
I added a button and now I'm getting more info:
签名者信息与其他类的签名者信息不匹配在同一个包中
signer information does not match signer information of other classes in the same package
我正在使用第三方存档.原始形式是未签名的,但我使用相同的证书(尽管使用不同的命令)对其进行了签名.
I'm using a third party archive. In the original form is unsigned, but I signed it using the same cert (although with different commands).
编辑 2这是我在罐子上签名的方式
edit 2 Here is how I sign the jars
keytool -genkey -keystore vkeystore -keyalg rsa -dname "CN=XXX, OU=XXX, O=XXX, L=Atlanta, ST=GA,C=NL" -alias printer -validity 3600 -keypass XXX-storepass XXX
jarsigner -keystore vkeystore -storepass XXX -keypass XXX -signedjar JSPrintS.jar JSPrint.jar printer
jarsigner -keystore vkeystore -storepass XXX -keypass XXX -signedjar jPDFPrintS.jar jPDFPrint.jar printer
JSPrint.jar 包含小程序
JSPrint.jar contains the applet
编辑 3
applet 定义是(位于 JSPrint.jar 中)
the applet definition is (located in JSPrint.jar)
package Eplatforms;
import java.net.URL;
import java.security.AccessController;
import javax.swing.JApplet;
import java.awt.event.*;
import java.awt.*;
import com.XXX.pdfPrint.PDFPrint;
public class JSPrint extends JApplet implements ActionListener
....
jPDFPrint.jar 是第三方 jar
jPDFPrint.jar is a third party jar
编辑 4
我试图将问题最小化一点,我发现当从 jar 文件(即使是签名的)调用 AccessControler.doPrivileged 时,我得到以下异常:
I tried to minimize the problem a bit and I found out that when calling AccessControler.doPrivileged from a jar file (even signed one), I get the following exception:
Exception in thread "main" java.lang.NoClassDefFoundError: TestPrivileges$1
at TestPrivileges.getAString(TestPrivileges.java:14)
at TestPrivileges.main(TestPrivileges.java:7)
Caused by: java.lang.ClassNotFoundException: TestPrivileges$1
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
这是一个测试类:
请注意,调用其他方法不会引发此异常.
Notice that calling other methods doesn't raise this exception.
这是我编译和运行它的方法:
Here is how I compile and run it:
javac TestPrivileges.java
java TestPrivileges
jar cvf TestPrivileges.jar TestPrivileges.class
jarsigner -keystore vkeystore -storepass My0Company -keypass My0Company -signedjar TestPrivilegesS.jar TestPrivileges.jar printer
copy TestPrivilegesS.jar x /Y
copy TestPrivileges.jar x /Y
cd x
java -classpath TestPrivilegesS.jar TestPrivileges
java -classpath TestPrivileges.jar TestPrivileges
cd ..
vkeystore 简介:
A quick for vkeystore:
keytool -genkey -keystore vkeystore -keyalg rsa -dname "CN=MyCompany, OU=MyCompany, O=MyCompany, L=Atlanta, ST=GA,C=NL" -alias printer -validity 3600 -keypass My0Company -storepass My0Company
第一次运行正常(可能是因为类文件在同一个目录下).然后我创建档案,一个签名,另一个未签名.当我运行它们时,我遇到了这些错误.请注意,这些 jar 文件位于一个单独的文件夹中,该文件夹仅包含那些 jars 而没有类文件.
The first run works ok (probably because the class file is in the same directory). Then I create to archives, one signed and another unsigned. When I run them, I got those errors. Notice the jars are in a separate folder which contains only those jars and no class file.
推荐答案
我和安德鲁一起解决这个问题.
I am with Andrew on this.
我创建了一个应用程序,可以帮助我们找到代码签名问题.
I've created an app that should help us find the code signing issue.
https://gist.github.com/2596125
(因为我们不想向 Andrew 发送垃圾邮件,所以我创建了这个.)
(Since we don't want to Spam Andrew I've created this.)
随着最终出现的更多信息,您似乎没有将 TestPrivileges$1
类与 jar 一起打包.
With more information that finally came out it seems that you are not packing the TestPrivileges$1
class with the jar.
要解决此问题,请为 jar 包装执行此操作:
To fix this do this for jar packing:
jar cvf TestPrivileges.jar TestPrivileges.class TestPrivileges$1.class
这篇关于在签名小程序中使用 AccessControler.doPrivileged 时的 InvocationTargetException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!