我怎样才能得到一个签名的Java Applet从签名的Javascript调用时执行特权操作? [英] How can I get a signed Java Applet to perform privileged operations when called from unsigned Javascript?
问题描述
签名的Java小程序具有相同的安全许可的客户端上运行的普通Java应用程序。对于一个特定的项目,我的需求的这些权限,我的需求的执行特权操作作为一个JavaScript调用的结果。
现在的问题是,至少对Firefox 3在Ubuntu(目标浏览器和平台),当一个小程序的方法是通过符号的JavaScript调用它失去了它的特殊权限。由于签署JavaScript是不是一种选择,我需要一种方法来解决此限制。
实现这一目标的一个方法是创建一个线程的小程序启动时,每当主线程收到JavaScript调用调用该线程的方法。我已经实现这个想法的一个工作原型,但我发现它有点笨拙,因为它使用了太多的反思和不容易被重用的,因为我本来想要的。
有没有做什么,我试图做一个通用的,标准的方式?而且,如果我的想法是正确的道路要走,你会怎么去在一个可重用的方式来实现它?我试图做到的,是一个框架,允许这种磨合方法-IN-A-PRIVILEG线程的东西用于各种不同的物体。理想的,乌托邦的解决办法是这样的:
//小程序启动时,向上
PrivilegedExecuter私法=新PrivilegedExecuter(myObject的); //或MyClass.class
// ...
//一个JavaScript的调用方法里面(myObject的有myMethod的)
priv.myMethod(); // myMethod的是在一个优越的线程同步运行
使用的java.security.AccessController类。
有一个doPrivilegedAction和doPrivilegedExceptionAction这做的正是你所需要的。
例如:
在AccessController.doPrivileged(新的PrivilegedAction(){
公共对象的run(){
..做一些事情,只有签名applet工程..
}
});
Signed Java Applets have the same security clearance as a normal Java application running on the client. For a particular project, I need these permissions, and I need to perform privileged operations as a result of a JavaScript call.
Now, the problem is that, at least for Firefox 3 in Ubuntu (target browser and platform), when an applet method is invoked through unsigned JavaScript it loses its special permissions. As signing the JavaScript is not an option, I need a way to work around this restriction.
One way to achieve this is to create a thread when the applet starts, and call methods on that thread whenever the main thread receives the JavaScript calls. I have implemented a working prototype of that idea, but I have found it a bit clumsy, because it uses too much reflection and isn't as easily reusable as I would have wanted.
Is there a common, standard way of doing what I'm trying to do? And, if my idea is the right way to go, how would you go about implementing it in a reusable way? What I'm trying to achieve is a framework that allows this "running-methods-in-a-privileg-thread" thing to be used for a variety of objects. The ideal, utopic solution would be something like:
// when the applet starts-up
PrivilegedExecuter priv = new PrivilegedExecuter(myObject); //or MyClass.class
// ...
// inside a JavaScript-called method (myObject has myMethod)
priv.myMethod(); // myMethod is run synchronously in a privileged thread
Use the java.security.AccessController class.
There is a doPrivilegedAction and doPrivilegedExceptionAction that do exactly what you need.
For example:
AccessController.doPrivileged(new PrivilegedAction() { public Object run() { .. do something that only works with signed applets .. } });
这篇关于我怎样才能得到一个签名的Java Applet从签名的Javascript调用时执行特权操作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!