自签名的小程序没有得到充分的权限 [英] Self-signed applet doesn't get a full permission

问题描述

我GOOGLE了许多像<一个链接href=\"http://download.oracle.com/javase/tutorial/security/tour1/index.htmlhttp://download.oracle.com/javase/tutorial/security/tour1/index.html\"相对=nofollow>甲骨文和<一个href=\"http://www.velocityreviews.com/forums/t145778-p2-giving-applet-full-permission-without-policy-file.html\"相对=nofollow>速度评审并stackoverlow太多，但仍然没有成功。

I've googled lots of links like oracle and velocity review and stackoverlow too, but still no success.

问题的关键是简单。瓶子是用签字：

The point is simple. Jar is signed using:

keytool -genkey -alias signFiles -keystore compstore -keypass bca321 -dname "cn=test" -storepass abc123
jarsigner -keystore compstore -storepass abc123 -keypass bca321 -signedjar SignedJar.jar UnsignedJar.jar signFiles

和它完美地运行在本地机器上。但是，当SignedJar.jar使用像通过HTTP（S）的小程序，即使用户接受证书（IE或者FF或Chrome - 没有区别），它停止工作用：

And it runs perfectly on local machine. But when SignedJar.jar is used like an applet via HTTP(S), even if user accepts certificate (IE or FF or Chrome - no difference), it stops working with:

java.security.AccessControlException: access denied (javax.smartcardio.CardPermission Broadcom Corp Contacted SmartCard 0 connect)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at sun.security.smartcardio.TerminalImpl.connect(Unknown Source)

是的，它会尝试从插入智能卡终端读取，并得到在调用connect异常。

Yes, it tries to read from smartcard inserted in terminal, and gets an exception on calling connect.

是的，我已经试过这种做法太：

Yes, I've tried this approach too:

AccessController.doPrivileged(new PrivilegedAction() {
...

但没有运气。那么，是收获？

But with no luck. So where is the catch?

在此先感谢，
基里尔

Thanks in advance, Kirill

推荐答案

在创建公共/私人密钥，创造了联想证书和签名这与证书的小程序jar文件的一个，你应该为JAR中的每个文件创建一个哈希后并用私钥签字。这些哈希，公共密钥和证书必须添加到JAR文件旁边的JAR的manifest的META-INF目录下。

After creating public/private keys, creating the associate certificate and signing which one of your applet jars with the certificate you should create a hash for each file in the JAR and sign them with the private key. These hashes, the public key, and the certificate must be added to the META-INF directory of the JAR file alongside the JAR’s manifest.

下面是命令行：

$ jar -tf SignedApplet.jar

请参阅链接

这篇关于自签名的小程序没有得到充分的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！