从未签名的 Javascript 调用时,如何获得签名的 Java Applet 以执行特权操作? [英] How can I get a signed Java Applet to perform privileged operations when called from unsigned Javascript?
问题描述
签名的 Java 小程序与客户端上运行的普通 Java 应用程序具有相同的安全许可.对于特定项目,我需要这些权限,并且我需要执行作为 JavaScript 调用结果的特权操作.
现在,问题是,至少对于 Ubuntu 中的 Firefox 3(目标浏览器和平台),当通过未签名的 JavaScript 调用小程序方法时,它会失去其特殊权限.由于签署 JavaScript 不是一种选择,我需要一种方法来解决此限制.
实现这一点的一种方法是在小程序启动时创建一个线程,并在主线程接收到 JavaScript 调用时调用该线程上的方法.我已经实现了这个想法的一个工作原型,但我发现它有点笨拙,因为它使用了太多的反射并且不像我想要的那样容易重用.
是否有一种通用的标准方式来做我想做的事情?而且,如果我的想法是正确的方法,您将如何以可重用的方式实施它?我想要实现的是一个框架,它允许将此特权线程中的运行方法"用于各种对象.理想的乌托邦解决方案类似于:
//小程序启动时PrivilegedExecuter priv = new PrivilegedExecuter(myObject);//或 MyClass.class//...//在 JavaScript 调用的方法中(myObject 有 myMethod)priv.myMethod();//myMethod 在特权线程中同步运行使用 java.security.AccessController 类.
doPrivilegedAction 和 doPrivilegedExceptionAction 可以满足您的需求.
例如:
<前>AccessController.doPrivileged(new PrivilegedAction() {公共对象运行(){.. 做一些只适用于签名小程序的事情..}});Signed Java Applets have the same security clearance as a normal Java application running on the client. For a particular project, I need these permissions, and I need to perform privileged operations as a result of a JavaScript call.
Now, the problem is that, at least for Firefox 3 in Ubuntu (target browser and platform), when an applet method is invoked through unsigned JavaScript it loses its special permissions. As signing the JavaScript is not an option, I need a way to work around this restriction.
One way to achieve this is to create a thread when the applet starts, and call methods on that thread whenever the main thread receives the JavaScript calls. I have implemented a working prototype of that idea, but I have found it a bit clumsy, because it uses too much reflection and isn't as easily reusable as I would have wanted.
Is there a common, standard way of doing what I'm trying to do? And, if my idea is the right way to go, how would you go about implementing it in a reusable way? What I'm trying to achieve is a framework that allows this "running-methods-in-a-privileg-thread" thing to be used for a variety of objects. The ideal, utopic solution would be something like:
// when the applet starts-up
PrivilegedExecuter priv = new PrivilegedExecuter(myObject); //or MyClass.class
// ...
// inside a JavaScript-called method (myObject has myMethod)
priv.myMethod(); // myMethod is run synchronously in a privileged thread
Use the java.security.AccessController class.
There is a doPrivilegedAction and doPrivilegedExceptionAction that do exactly what you need.
For example:
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
.. do something that only works with signed applets ..
}
});
这篇关于从未签名的 Javascript 调用时,如何获得签名的 Java Applet 以执行特权操作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
