如何在没有弹出窗口的情况下通过 JNLP 授予 Java 小程序的所有权限 [英] How to grant all permissions to java applet through JNLP without popups
问题描述
我们正在使用 jnlp 启动一个小程序小程序需要加载原生库jar 和 jnlp 使用自生成的证书进行签名.jnlp 授予所有权限
We are launching an applet using jnlp The applet needs to load a native library The jar and the jnlp are signed with a self generated certificate. The jnlp grants all permission with
<security>
<all-permissions/>
</security>
策略文件授予所有权限授予 {权限 java.security.AllPermission;};
The policy file grants all permissions grant { permission java.security.AllPermission; };
我们收到一个弹出对话框java 安全警告"也就是说:此应用程序将执行不安全的操作.要继续吗?
We are getting a popup dialog " java security warning" That says: this application is going to perform an insecure operation. Do you want to continue ?
继续或取消(见附件截图)
Continue or cancel (see attached screen shot)
没有总是允许"按钮
这意味着每次"启动小程序时都会弹出对话框.这对用户来说很烦人.
Which means that the dialog pops up "every time" the applet is launched. This is annoying to the user.
如何禁用此对话框弹出或使其最多出现一次?
What can be done to disable this dialog to pop up or to make it appear at most once?
推荐答案
我们实际上遇到了 JNLP 参数的问题.您不能在 JNLP jre args 参数中指定任何参数,否则您将收到安全警告.
We had a problem with the JNLP arguments actually. You cannot specify any argument in the JNLP jre args parameter otherwise you'll get the security warning.
为了避免弹出安全警告,请使用来自第 638 行的列表中的属性和 JVM 参数:http://javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/config/Config.java.html
To avoid security warning popup use the properties and JVM arguments from the lists located from line 638: http://javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/config/Config.java.html
在您的 JNLP 上,如果 JVM 参数包含未在其中列出的内容,即使您正确签署了证书,您也会收到弹出窗口.这一切都归结为使用安全"参数+适当的证书就可以了.
On your JNLP, if the JVM arguments include something that is not listed in there, you will get the popup even if you properly sign the certificate. It all boils down to using 'secured' parameters + a proper certificate and it will be ok.
该 URL 已删除,因此以下是有效参数:
The URL was removed so here are the valid arguments:
// note: this list MUST correspond to native secure.c file
private static String[] secureVmArgs = {
"-d32", /* use 32-bit data model if available */
"-client", /* to select the "client" VM */
"-server", /* to select the "server" VM */
"-verbose", /* enable verbose output */
"-version", /* print product version and exit */
"-showversion", /* print product version and continue */
"-help", /* print this help message */
"-X", /* print help on non-standard options */
"-ea", /* enable assertions */
"-enableassertions", /* enable assertions */
"-da", /* disable assertions */
"-disableassertions", /* disable assertions */
"-esa", /* enable system assertions */
"-enablesystemassertions", /* enable system assertions */
"-dsa", /* disable system assertione */
"-disablesystemassertions", /* disable system assertione */
"-Xmixed", /* mixed mode execution (default) */
"-Xint", /* interpreted mode execution only */
"-Xnoclassgc", /* disable class garbage collection */
"-Xincgc", /* enable incremental gc. */
"-Xbatch", /* disable background compilation */
"-Xprof", /* output cpu profiling data */
"-Xdebug", /* enable remote debugging */
"-Xfuture", /* enable strictest checks */
"-Xrs", /* reduce use of OS signals */
"-XX:+ForceTimeHighResolution", /* use high resolution timer */
"-XX:-ForceTimeHighResolution", /* use low resolution (default) */
"-XX:+PrintGCDetails", /* Gives some details about the GCs */
"-XX:+PrintGCTimeStamps", /* Prints GCs times happen to the start of the application */
"-XX:+PrintHeapAtGC", /* Prints detailed GC info including heap occupancy */
"-XX:PrintCMSStatistics", /* If > 0, Print statistics about the concurrent collections */
"-XX:+PrintTenuringDistribution", /* Gives the aging distribution of the allocated objects */
"-XX:+TraceClassUnloading", /* Display classes as they are unloaded */
"-XX:SurvivorRatio", /* Sets the ratio of the survivor spaces */
"-XX:MaxTenuringThreshol", /* Determines how much the objects may age */
"-XX:CMSMarkStackSize",
"-XX:CMSMarkStackSizeMax",
"-XX:+CMSClassUnloadingEnabled",/* It needs to be combined with -XX:+CMSPermGenSweepingEnabled */
"-XX:+CMSIncrementalMode", /* Enables the incremental mode */
"-XX:CMSIncrementalDutyCycleMin", /* The percentage which is the lower bound on the duty cycle */
"-XX:+CMSIncrementalPacing", /* Automatic adjustment of the incremental mode duty cycle */
"-XX:CMSInitiatingOccupancyFraction", /* Sets the threshold percentage of the used heap */
"-XX:+UseConcMarkSweepGC", /* Turns on concurrent garbage collection */
"-XX:-ParallelRefProcEnabled",
"-XX:ParallelGCThreads", /* Sets the number of parallel GC threads */
"-XX:ParallelCMSThreads",
"-XX:+DisableExplicitGC", /* Disable calls to System.gc() */
"-XX:+UseCompressedOops", /* Enables compressed references in 64-bit JVMs */
"-XX:+UseG1GC",
"-XX:GCPauseIntervalMillis",
"-XX:MaxGCPauseMillis" /* A hint to the virtual machine to pause times */
};
编辑
当时我们有这些争论:
EDIT
At the time we had these arguments:
<j2se version="1.6.0+"
initial-heap-size="${heap.init}"
max-heap-size="${heap.max}"
java-vm-args="-Djava.security.policy=${jnlp.ip}${jnlp.port}/ed/security/java.policy"/>
问题出在 -Djava.security.policy 上,我无法理解弹出窗口,直到我从那里删除它.
The problem was with -Djava.security.policy, and I couldn't understand the popup until I removed it from there.
这篇关于如何在没有弹出窗口的情况下通过 JNLP 授予 Java 小程序的所有权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
