Java小程序清单 - 允许所有来电,Allowable- codeBase类 [英] Java applet manifest - Allow all Caller-Allowable-Codebase
问题描述
从Java 7u45一个小程序会显示警告信息(即使使用受信任的证书签名的),如果一个网页试图通过JavaScript与它进行互动和网页没有在清单的来电,Allowable- $ C $上市CBase的属性。
As of Java 7u45 an applet will display a warning message (even if signed with a trusted cert) if a webpage tries to interact with it via javascript and that page isn't listed in the manifest's Caller-Allowable-Codebase attribute.
发布说明关于这一变化:<一href=\"http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html\">http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
Release notes about this change: http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
甲骨文的博客文章有关此错误:<一href=\"https://blogs.oracle.com/java-platform-group/entry/7u45_caller_allowable_$c$cbase_and\">https://blogs.oracle.com/java-platform-group/entry/7u45_caller_allowable_$c$cbase_and
Oracle blog post about this bug: https://blogs.oracle.com/java-platform-group/entry/7u45_caller_allowable_codebase_and
属性说明:<一href=\"http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#caller_allowable\">http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#caller_allowable
我曾尝试只是一个通配符(*),但我还是得到警告。
I have tried just a wildcard (*), but I still get the warning.
有没有解决这个以外的方式比列出所有codebases它可能会在运行?
Is there a way around this other than listing all codebases it may run at?
究其原因,这是一个问题,对我来说,这个小程序在许多不同的机器和网络运行,但总是在不同的位置内联网。这个附属应用程序也需要用JavaScript来沟通,因为它会谈到本地USB尺度和显示结果,并与页面交互。
The reason this is a problem for me is that this applet runs on many different machines and networks, but always on intranets at various locations. This applet also needs to communicate with javascript because it talks to local USB scales and displays results and interacts with the page.
小程序中的问题: https://github.com/JaggedJax/CIO_Scale
推荐答案
删除受信任库属性似乎是强制性的,以获取来电-Allowable- codeBase的工作,没有更多的警告。然而,这打破Java 7的更新21 - 40对待JavaScript的code调用签名Applet中code。与所有权限,如混合code和警告对话框,如果签名的JAR文件没有标记的复活运行与信任库= true属性。
Removing the Trusted-Library attribute seems to be mandatory to get Caller-Allowable-Codebase working, no more warnings. However, this breaks Java 7 Update 21 - 40 which treated JavaScript code that calls code within a signed applet running with all permissions as mixed code and warning dialogs are raised if the signed JAR files are not tagged with the Trusted-Library=true attribute.
这篇关于Java小程序清单 - 允许所有来电,Allowable- codeBase类的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
