SecureCookiePermission 问题 - Applet 不适用于最新的 Java 6 更新 29 [英] SecureCookiePermission issue - Applet not working with latest Java 6 update 29

问题描述

在我们的网站中，我们使用升级到 Java 6 Update 29 后无法工作的小程序.小程序应与服务器通信以将数据存储到数据库.Applets 在较低版本的 Java(更新 22 或 26 或 27)中运行良好，并且不可能要求我们的客户降级 Java 版本.我在 Java 控制台中发现了一些错误，我认为 java 无法访问/创建 cookie 或会话(某种权限问题).有人能帮我解决这个问题吗?

In our website, we use applet which is not working after upgrading to Java 6 Update 29. Applet should communicate with server for storing data's to database. Applets works fine in lower of versions of Java (Update 22 or 26 or 27) and it's impossible to ask our clients to downgrade the java versions. I found some errors in Java console and I think java couldn't able to access/create cookie or session (some kind of permission issue). Can anyone help me with this issue?

谢谢！

network: Connecting http://www.example.com:80/ with proxy=DIRECT
java.security.AccessControlException: access denied (com.sun.deploy.security.SecureCookiePermission origin.http://www.example.com:80)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at com.sun.deploy.net.cookie.DeployCookieSelector.canServeCookies(Unknown Source)
    at com.sun.deploy.net.cookie.DeployCookieSelector.get(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.setCookieHeader(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.writeRequests(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at ATutorApiAdapterApplet.ATutorCommit(ATutorApiAdapterApplet.java)
    at ATutorApiAdapterApplet.LMSCommit(ATutorApiAdapterApplet.java)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
    at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
network: Server http://www.example.com/write.php requesting to set-cookie with "Coyote-2-8b928cf0=a000200:0; domain=example.com; path=/"
network: Server http://www.example.com/write.php requesting to set-cookie with "SESSION=1v1md9bphfvgrqal38vg5quba1; path=/"
ATutor cmi storage failed.
java.security.AccessControlException: access denied (java.util.PropertyPermission http.strictPostRedirect read)

推荐答案

这是一个应该在更新 30 中修复的错误

This is a bug that is supposed to be fixed in update 30

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7102914

但是，我更新到了update 30的预览版，还是有同样的问题.唯一的解决方案(在我尝试过的许多方法中)是使用 AllPermission 将任何调用以与服务器的连接包装在 AccessController.doPrivileged 块中.

However, I updated to the preview version of update 30 and still have the same problem. The ONLY solution (amongst many things I tried) is to wrap any calls to make connections to the server in an AccessController.doPrivileged block using AllPermission.

Permissions permissions = new Permissions();
permissions.add(new AllPermission());
AccessControlContext context = new AccessControlContext(
        new ProtectionDomain[]{new ProtectionDomain(null, permissions)});

AccessController.doPrivileged(new PrivilegedAction<Object>()
    {
        @Override
        public Object run()
        {
            URL connecting code
        }
    }, context);

这篇关于SecureCookiePermission 问题 - Applet 不适用于最新的 Java 6 更新 29的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！