我怎样写为新的Java安全壁垒清单文件 [英] How do I write a manifest file for the new java security barriers

问题描述

我有一个Java小程序，我需要在我的网站部署。

我的网站有很多的页面和小程序上出现了一些他们。我的网站的基本域名 www.mycompany.com 。但小程序上会出现，例如： www.mycompany.com/dog ， www.mycompany.com/cat ， www.mycompany.com/pen 等

入口点的包是 com.mycompany.MyApplet 。

继的 Java安全清单更改浏览器的<指令/ A>，我创建了下面的清单我的应用程序。会有人请审核一下，让我把它纠正？基本上我不希望任何形式的警告显示出来，当人们试图从我的网站上运行我的小程序。

清单

 清单-版本：1.0
创建-者：1.7.0_51
权限：沙箱
应用程序名称：My养殖企业
应用程序库的Allowable- codeBase类：www.mycompany.com/where_the_applet_jar_actually_lives
呼叫者Allowable- codeBase类：www.mycompany.com
codeBase类：www.mycompany.com
 

presently我得到上述清单后重新部署如下对话框：

  

由安全设置阻止应用程序：您的安全设置有
  从运行阻止不受信任的应用程序

参考：我如何注入新的清单成小程序在现有的jar

另外，我还使用了以下步骤让我签字的jar：

1. 的keytool -genkey -keystore myKeyStore -alias我


2. 密钥工具-selfcert -keystore myKeyStore -alias我


3. 的jarsigner -keystore myKeyStore jarfile.jar我

解决方案

至于你我能想到的三个可能的问题错误：

1）您的小程序没有什么是试图做征得同意。

会发生什么？权限告诉多少权力如何做应用程序有超过用户的计算机用户。 沙箱不让做的应用很多，所有的权限获得小程序多一点控制。当然，你会想，因为你使用较低的许可，少警告提示用户去使用最低权限即可（即沙箱）。但是，如果，例如您的小程序试图访问用户的个人文件，但它的权限属性设置为沙箱的小程序将无法正常工作，因为它没有什么是试图做征得同意

如何解决呢？操作简单，只需修改权限：沙盒到权限：所有的权限

2）您的计算机没有允许自签名的应用程序运行。

会发生什么？大多数浏览器都适用于小程序非常严格的规定。特别是如果你要求所有的权限（你都没有）。

如何解决呢？在Java控制面板的Java安全更改为较低值。您可以为Java控制面板，在您的计算机进行搜索，或自己去走这条道路 C（Windows 8的不能让你不得不寻找它自己找到某种原因Java控制面板）： \\ Program Files文件\\的Java \\ jre7 \\ BIN \\ javacpl.exe 在JCP中去安全选项卡，然后将其更改为网上平台。

3）您的操作系统不会允许你运行你签你的自我的小程序。 （支付不自签名的小程序，这是一切的关注，你签你的自我的小程序在没有官方证明书。操作系统通常区别对待。）

如何解决呢？上传的小程序的Web主机服务，并从另一台计算机输入，所有的计算机，但你签署的小程序的人应该能够打开小程序。

---

至于你提到的用户没有得到任何安全提示什么，这是一个几乎不可能的需求。随着各种操作系统，浏览器和防病毒就可以永远不知道。不过，也有在其中您可以降低安全量的一些方法提示：

• 自签名的小程序（自签署是你在命令提示符下做了什么）很可能始终显示安全提示。你可以购买一个官方SSL，它会显著减少提示的数量。


• 如果您都要求所有的权限你会得到，如果你需要沙箱权限远远超过提示。

我强烈建议你看看下面的链接：

SSL：我在哪里可以买一个有效的SSL证书

权限： http://docs.oracle.com/javase/教程/部署/小程序/ security.html安全

---

如果你有问题，1号，这将是清单文件：

 清单-版本：1.0
    创建-者：1.7.0_51
    权限：所有的权限
    应用程序名称：My养殖企业
    应用程序库的Allowable- codeBase类：www.mycompany.com/where_the_applet_jar_actually_lives
    呼叫者Allowable- codeBase类：www.mycompany.com
    codeBase的：*
 

Eitherwise（如果你的问题是2或3），你甚至不用修改清单文件。

由于@tigran提到的，如果你想从几个不同的地方运行小程序你可能想改变codeBase的为*。

I have a Java applet that I need to deploy on my website.

My website has a lot of pages and the applet appears on a number of them. My website's base domain is www.mycompany.com. But the applet will appear on, for example: www.mycompany.com/dog, www.mycompany.com/cat, www.mycompany.com/pen, etc.

The package of the entry point is com.mycompany.MyApplet.

Following the instructions at Java Security Manifest Changes in the Browser, I have created the below manifest for my app. Will someone please review it for me so that I get it correct? Basically I don't want any sort of warning to show up when people try to run my applet from my website.

MANIFEST

Manifest-Version: 1.0
Created-By: 1.7.0_51
Permissions: sandbox
Application-Name: My Farming Business
Application-Library-Allowable-Codebase: www.mycompany.com/where_the_applet_jar_actually_lives
Caller-Allowable-Codebase:www.mycompany.com
Codebase: www.mycompany.com

Presently I get the following dialog after redeploying with the above manifest:

Application Blocked by Security Settings: Your security settings have blocked an untrusted application from running

Ref: How do I inject new manifest into an existing jar for applet

Also, I have used the following steps to sign my jar:

1. keytool -genkey -keystore myKeyStore -alias me
2. keytool -selfcert -keystore myKeyStore -alias me
3. jarsigner -keystore myKeyStore jarfile.jar me

解决方案

As for the error you get I can think of three possible problems:

1) Your applet does not ask permission for what it is trying to do.

What happens? The "permissions" is telling the user how much "power" does the application have over the user's computer. "sandbox" doesn't let the application do much and "all-permissions" gain the applet a little more control. of course, you would want to use the lowest permission you can (i.e. sandbox) because the lower permission you use, the less warning prompts the user get. However, if, for example your applet is trying to gain access to the user's personal files but it's "permissions" attribute is set to "sandbox" the applet won't work, as it did not ask permission for what it is trying to do.

How to solve it? Simple, just change Permissions: sandbox to Permissions: all-permissions

2) Your computer is not allowing self signed applications to run.

What happens? Most browsers have very strict rules applying to applets. especially if you're requiring all-permissions (which you are not).

How to solve it? Change your java security in java control panel to something lower. you can either search for "java control panel" in your computer or go yourself to this path (windows 8 can't find the java control panel for some reason so you have to look for it yourself) C:\program files\java\jre7\bin\javacpl.exe in the JCP go to security tab and change it to medium.

3) Your operating system doesn't allow you to run applets that you signed your self. (pay attention "applets that you signed your self" not "self signed applets", which is everything that doesn't have an official certificate. Operating systems usually treat them differently.)

How to solve it? Upload the applet to a web host service and enter it from another computer, all computers but the ones you signed the applet with should be able to open the applet.

---

As for what you mentioned about users not getting any security prompts, it is an almost impossible demand. With the variety of OS, browsers and anti-viruses you can never know. However, there are a few methods in which you can reduce the amount of security prompts:

• Self signed applets (self signing is what you did with the command prompt) are very likely to always show security prompts. You can buy an official SSL and it will reduce the amount of prompts significantly.
• If you are requiring "all-permissions" you'll get much more prompts than if you require "sandbox" permissions.

I highly recommend you to look at the following links:

SSL: Where could I buy a valid SSL certificate?

Permissions: http://docs.oracle.com/javase/tutorial/deployment/applet/security.html

---

If you've got problem number 1 that would be the manifest file:

Manifest-Version: 1.0
    Created-By: 1.7.0_51
    Permissions: all-permissions
    Application-Name: My Farming Business
    Application-Library-Allowable-Codebase: www.mycompany.com/where_the_applet_jar_actually_lives
    Caller-Allowable-Codebase:www.mycompany.com
    Codebase: *

Eitherwise (If your problem is 2 or 3), you don't even have to change the manifest file.

As @tigran mentioned, if you want to run your applet from several different places you'd probably want to change "codebase" to *.

这篇关于我怎样写为新的Java安全壁垒清单文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！