是否AccessController.doPrivileged给的JavaScript线程签名Applet的权限? [英] Does AccessController.doPrivileged give JavaScript threads the permissions of the signed Applet?
问题描述
我在寻找一个签名的小程序,在很大程度上从JavaScript调用。显然,从JavaScript起源线程都更重沙盒比任何线程直接从Java内部启动。例如,如果一个JavaScript线程调用到小程序和日志的东西,导致日志文件滚动,安全异常。任何线程直接启动的小程序内将不会遇到此安全异常。用的log4j这里的解决方案是使用异步附加器
I'm looking at a signed Applet that is heavily called from JavaScript. Obviously, the threads that originate from JavaScript are more heavily sandboxed than any thread started directly from within Java. For example, if a JavaScript thread calls into the Applet and logs something that causes the log file to roll, a security exception is thrown. Any thread started directly within the Applet will not experience this security exception. The solution here with log4j is to use the asynchronous appender.
但与其他安全异常(例如使在已签署的Applet,但在JavaScript线程使用Apache Axis的)的存在有一定的异步线程没有明显的方式。比方说,我有以下的code,如果从一个Java线程调用会工作,如果通过JavaScript叫将失败,一个SecurityException:
But with other security exceptions (for example making use of Apache Axis in the signed Applet but in a JavaScript thread) there is no obvious way to have some asynchronous thread. Let's say I have the following code that if called from a Java thread will work and if called via JavaScript will fail with a SecurityException:
public void someMethodCalledFromJavaScript() {
// Stuff that would throw a SecurityException
}
我看到下列三个选项,但他们可能不会全部有效。为了讨论的缘故,无视执行是否会同步或异步的,因为这是易于管理。我有困难的时候理解安全模型的细节。这里是我的三个潜在选项:
I see three following options, but they may not all be valid. For the sake of this discussion, ignore whether or not the execution will be synchronous or asynchronous, as that's easily managed. I am having a difficult time understanding the details of the security model. Here are my three potential choices:
-
开始一个新的线程(将这个甚至工作?):
Start a new Thread (will this one even work?):
public void someMethodCalledFromJavaScript() {
new Thread(new Runnable() {
public void run() {
// Stuff that would throw a SecurityException
}
}).start();
}
有小程序有一个线程准备好了在任何时候,通过JavaScript的起源线程(高度简化的code这里)触发的:
Have the Applet have a thread ready to go at all times, triggered via the JavaScript-origin thread (highly simplified code here):
private volatile boolean doit = false;
// This code is running in a Thread, started @ Applet init time
public void alwaysWaiting() {
while (true) {
if (doit) {
doit = false;
// Stuff that would throw a SecurityException
}
}
}
public void someMethodCalledFromJavaScript() {
doit = true;
}
使用AccessController.doPrivileged:
Use AccessController.doPrivileged:
public void someMethodCalledFromJavaScript() {
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
// Stuff that would throw a SecurityException
return null;
}
});
}
据我读 AccessController.doPrivileged ,你当前的安全PRIVS的交集和code你的安全域的PRIVS运行'重新调用。这是没有道理给我,如果你用的路口运行的低和高安全域的,你只需要低安全域。所以很明显,我不理解的东西。
According to what I read of AccessController.doPrivileged, you run with the intersection of the current security privs and the privs of the security domain of the code you're calling. This doesn't make sense to me, as if you're running with the intersection of a low and a high security domain, you'll just have the low security domain. So clearly I'm not understanding something.
具体 SecurityException异常我看到是这个:
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
但当然,我很好奇在JavaScript的调用到一个签名的小程序,我怎样才能让JavaScript的起源线程与签名Applet的私法的运行就好像它是一个线程上下文一般情况下该小程序中的纯粹的起源。
but of course I'm curious about the general case in the context of JavaScript calling into a signed Applet, and how I can allow a JavaScript-originated thread to run with the priv's of the signed Applet as if it were a thread that originated purely within the Applet.
选择哪个上面甚至会工作,这是比别人更好,为什么。
Which choices above will even work, and which are better than others, and why.
推荐答案
- 启动一个新线程(将这个甚至工作?)
惯于因为下面
- 有小程序有一个线程准备好了在任何时候,通过JavaScript的起源线程触发
将工作,当然,但比调用 doPrivileged的更痛苦的,但也有同样效果语义。
Will work of course, but that's more painful than calling doPrivileged, yet has the same effect semantically.
- 使用AccessController.doPrivileged
是的,这会工作。
每一个访问控制检查的检查组当前线程的堆栈上的所有堆栈帧(包括栈帧导致到当前线程的实例,递归)。如果有一个 doPrivileged的帧,帧导致这一框架不包括在集合(但实际 doPrivileged的框架的是的在内)。
Every access control check inspects the set of all stack frames on the stack of the current thread (including the stack frame leading up to the instantiation of the current thread, recursively). If there is a doPrivileged frame, frames leading up to that frame are not included in the set (but the actual doPrivileged frame is included).
如果被检查的特权是不是在该组的每一个帧,检查失败。
If the privilege being checked is not in every single frame in that set, the check fails.
在换句话说,一个线程的当前特权是特权在这组的交叉点。
In other words, the current privileges of a thread are the intersection of privileges in this set.
因此,举例来说,如果特权code doPrivileged的取值一些非特权code它试图打开一个文件,该检查将失败。同样,如果没有特权code doPrivileged的取值特权$ C $打开一个文件c,检查将失败。但是,如果没有特权code调用特权code和依次调用特权code doPrivileged的来打开一个文件,检查会成功。
So for example if privileged code doPrivilegeds some unprivileged code which tries to open a file, the check will fail. Likewise if unprivileged code doPrivilegeds privileged code that opens a file, the check will fail. But if unprivileged code invokes privileged code and the privileged code in turn calls doPrivileged to open a file, the check will succeed.
在理论上,你的应的只能够给予你的Java codeBase的需要(可能接触到一些孤立的目录)的权限,然后再授予的相同权限对JavaScript code将使用该特权code,但我怀疑任何浏览器具有这样的特点。我很惊讶的JavaScript甚至可以运行在比Java另一个保护域。
In theory, you should be able to only grant your Java codebase the privileges it needs (perhaps access to some isolated directory), and then grant the same privileges to the JavaScript code that will use this privileged code, but I doubt any browser has such features. I'm surprised JavaScript even runs in another protection domain than Java.
我从来没有做过的JavaScript< - > Java的互操作,但似乎无论你将不得不作出由JavaScript调用的方法有什么用 doPrivileged的在他们的整个身体块。
I've never done JavaScript<->Java interop, but it seems no matter what you are going to have to make the methods that are invoked by JavaScript use doPrivileged blocks on their entire body.
编辑:由于萨米说,是的小心调用 doPrivileged的块时,特权code范围内(和阅读他的答案)的
As Sami said, be careful when invoking doPrivileged blocks within the privileged code (and read his answer).
这篇关于是否AccessController.doPrivileged给的JavaScript线程签名Applet的权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
