我怎样才能得到一个签名的Java Applet从签名的Javascript调用时执行特权操作？ [英] How can I get a signed Java Applet to perform privileged operations when called from unsigned Javascript?

问题描述

签名的Java小程序具有相同的安全许可的客户端上运行的普通Java应用程序。对于一个特定的项目，我的需求的这些权限，我的需求的执行特权操作作为一个JavaScript调用的结果。

现在的问题是，至少对Firefox 3在Ubuntu（目标浏览器和平台），当一个小程序的方法是通过符号的JavaScript调用它失去了它的特殊权限。由于签署JavaScript是不是一种选择，我需要一种方法来解决此限制。

实现这一目标的一个方法是创建一个线程的小程序启动时，每当主线程收到JavaScript调用调用该线程的方法。我已经实现这个想法的一个工作原型，但我发现它有点笨拙，因为它使用了太多的反思和不容易被重用的，因为我本来想要的。

有没有做什么，我试图做一个通用的，标准的方式？而且，如果我的想法是正确的道路要走，你会怎么去在一个可重用的方式来实现它？我试图做到的，是一个框架，允许这种磨合方法-IN-A-PRIVILEG线程的东西用于各种不同的物体。理想的，乌托邦的解决办法是这样的：

  //小程序启动时，向上
PrivilegedExecuter私法=新PrivilegedExecuter（myObject的）; //或MyClass.class
// ...
//一个JavaScript的调用方法里面（myObject的有myMethod的）
priv.myMethod（）; // myMethod的是在一个优越的线程同步运行
 

解决方案

使用的java.security.AccessController类。

有一个doPrivilegedAction和doPrivilegedExceptionAction这做的正是你所需要的。

例如：

在AccessController.doPrivileged（新的PrivilegedAction（）{
            公共对象的run（）{
               ..做一些事情，只有签名applet工程..
            }
        }）;

Signed Java Applets have the same security clearance as a normal Java application running on the client. For a particular project, I need these permissions, and I need to perform privileged operations as a result of a JavaScript call.

Now, the problem is that, at least for Firefox 3 in Ubuntu (target browser and platform), when an applet method is invoked through unsigned JavaScript it loses its special permissions. As signing the JavaScript is not an option, I need a way to work around this restriction.

One way to achieve this is to create a thread when the applet starts, and call methods on that thread whenever the main thread receives the JavaScript calls. I have implemented a working prototype of that idea, but I have found it a bit clumsy, because it uses too much reflection and isn't as easily reusable as I would have wanted.

Is there a common, standard way of doing what I'm trying to do? And, if my idea is the right way to go, how would you go about implementing it in a reusable way? What I'm trying to achieve is a framework that allows this "running-methods-in-a-privileg-thread" thing to be used for a variety of objects. The ideal, utopic solution would be something like:

// when the applet starts-up
PrivilegedExecuter priv = new PrivilegedExecuter(myObject); //or MyClass.class
// ...
// inside a JavaScript-called method (myObject has myMethod)
priv.myMethod(); // myMethod is run synchronously in a privileged thread

解决方案

Use the java.security.AccessController class.

There is a doPrivilegedAction and doPrivilegedExceptionAction that do exactly what you need.

For example:

AccessController.doPrivileged(new PrivilegedAction() {
            public Object run() {
               .. do something that only works with signed applets ..
            }
        });

这篇关于我怎样才能得到一个签名的Java Applet从签名的Javascript调用时执行特权操作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！