签名的小程序是否可以连接到不同的主机? [英] Can signed applets connect with a different host from which they originate?

查看:22
本文介绍了签名的小程序是否可以连接到不同的主机?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要一个小程序来打开一个套接字并与监听的服务器通信小程序下载到的本地主机(最终用户机器).

I need an applet to open a socket and communicate with a server listening on the local host to which the applet downloaded (the end user machine).

与我所读到的有关小程序安全性的内容相反,似乎即使是已签名的小程序无法打开到下载它们的不同主机的套接字(在同一台机器上它完美地工作)

contrary to what I have read about applet security, it seems that even signed applets cannot open a socket to a different host from which they were downloaded (on the same machine it works perfectly)

我已经使用 -selfcert 认证了小程序,使用 jarsigner 对其进行了签名,并且仍然,无论何时它试图打开一个到不同主机的套接字,我得到:

I have certified the applet using -selfcert, signed it using jarsigner, and still, whenever it tries to open a socket to a different host, I get:

Java.lang.Exception: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:9999 connect,resolve)

我什至尝试更改 Java 策略文件,尽管使用签名的小程序不需要这样做:

I even tried changing the Java policy file, although with signed applets it is not required to do so:

grant codeBase "http://applethost:8080/socket" {权限 java.security.AllPermission;权限 java.lang.RuntimePermission "usePolicy";};

sigend applet 是怎么回事,它们是否可以连接到不同的主机?

What is the deal with sigend applets, can they connet to a different host or not?

推荐答案

是的,当你加载你的小程序时,如果你选择接受它的证书并信任它,它就会被授予 AllPermission,其中包括 SocketPermission.我之前写了一个签名的小程序,它连接到一个主机,而不是加载它的主机.您可以尝试暂时将您的 java 策略文件更改为仅具有

Yes, when you load your applet, if you choose to accept its certificate and trust it, it is granted AllPermission, which includes SocketPermission. I have written a signed applet before that connects to a host other than the one from which it was loaded. You could try temporarily changing your java policy file to just have

grant {
  permission java.security.AllPermission;
};

  • 查看您的策略文件,看看它是否定义了任何其他 policy.url 位置,它们可能会干扰.
  • 检查您的浏览器设置是否可以使用 javascript.
  • 确保您接受了小程序的证书并将其安装到您的站点证书列表中.
  • 确保您拥有的 grant codeBase 行与小程序清单中的代码库相同.
  • 在尝试连接之前,您可以尝试打印出您的小程序具有的权限列表.
  • 您可以尝试在小程序中以编程方式授予 AllPermission.
  • 这篇关于签名的小程序是否可以连接到不同的主机?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆