Java Applet 连接我们的服务器以调用 PHP 文件的问题 [英] Problem with Java Applet to connect our server to call a PHP file
问题描述
我们在最新的 JRE 6 更新 22 和 23 上遇到了问题.问题是我们正在运行一个站点,该站点使用 Java Applet 通过调用 PHP 文件来存储/检索数据.在过去的 7 年里,我们从未遇到过任何问题,但现在使用最新的 JRE,我们遇到了问题.Java 小程序加载正常,但无法连接我们假设调用 PHP 文件的服务器(unix 服务器).
We are facing a problem with lastest JRE 6 update 22 and 23. The problem is we are running a site which uses Java Applet to stores/retrieve datas by calling a PHP file. For last 7 years we never had a single issue but now with latest JRE are we having a problem. The Java applet is loaded fine but failed to connect our sever (unix server) which suppose to call the PHP file.
注意:我们使用 Javascript 调用 Java 函数来连接我们的服务器,从 PHP 文件中检索数据.
Note: We use Javascript to call a Java function to connect our server, to retrieve data from the PHP file.
这是在 Java 控制台中发现的错误消息:
Here is the error message found in Java console:
basic: Applet started
basic: Told clients applet is started
Retreiving cmi for sco=778 from ATutor server
network: Connecting http://www.example.com/training/scorm/read.php with proxy=DIRECT
network: Cache entry not found [url: http://xxx.xxx.xxx.xxx/crossdomain.xml, version: null]
network: Connecting http://xxx.xxx.xxx.xxx/crossdomain.xml with proxy=DIRECT
network: Connecting http://xxx.xxx.xxx.xxx:80/ with proxy=DIRECT
network: Server http://xxx.xxx.xxx.xxx/crossdomain.xml requesting to set-cookie with "SESSdba781ab68368f3b7b29ce28e33a2679=983ded5e21e40047871b1f3ce5c259d7; expires=Monday, 07-Mar-11 20:45:53 GMT; path=/"
ATutor cmi retrieval failed.
java.security.AccessControlException: access denied (java.net.SocketPermission xxx.xxx.xxx.xxx:80 connect,resolve)
Oracle 已发布说明并通过解决方案解决此问题,网站:http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
Oracle has released a note and addressing this issue with a solution, Website: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
CVE-2010-3560 的修复可能会导致某些 Java 小程序运行在新的 Java 插件停止工作,如果它们嵌入在网页中包含调用到的 JavaScriptJava为了执行操作需要网络安全权限.这些小程序可能会因网络而失败某些情况下的安全例外如果名称服务这解决了原始网页URL 主机名不返回作为结果的匹配名称反向地址查找.这是最新的 Java 可能会发生在 Solaris 和 Linux 上运行的插件当配置为对主机使用 NIS 时使用映射的网络地址解析包含主机名简短形式(而不是完整的限定域名).
The fix for CVE-2010-3560 could cause certain Java applets running in the new Java Plug-in to stop working if they are embedded in web pages which contain JavaScript that calls into Java in order to perform actions which require network security permissions. These applets may fail with a network security exception under some circumstances if the name service which resolved the original web page URL host name does not return a matching name as the result of a reverse address lookup. This is most likely to occur for the new Java Plug-in running on Solaris and Linux when configured to use NIS for host to network address resolution with maps containing host names which are in short form (rather than as a fully qualified domain name).
如果小程序被怀疑失败由于此更改,您可以验证通过设置日志记录级别Java 控制台到 5 并寻找记录以socket"开头的字符串访问限制",这将描述具体原因不匹配,将有助于识别用作的正确解决方法描述如下:
If an applet is suspected of failing due to this change you can verify that by setting the logging level of the Java Console to 5 and looking for logging strings beginning with "socket access restriction" which will describe the specific cause of the mismatch and will help in identifying the correct workaround to use as described below:
添加新的主机名转发映射条目(在/etc/hosts、NIS 或 DNS 中)被认可的特殊形式用于验证的 JavaIPv4 和 IPv6 名称服务映射.IPv4 通用名称形式后跟/etc/hosts 文件片段示例对于 IP 地址 10.11.12.13 是:
Add a new host name forward map entry (in /etc/hosts, NIS, or DNS) in a special form which is recognized by Java for the purpose of validating IPv4 and IPv6 name service mappings. The IPv4 general name form followed by an /etc/hosts file fragment example for IP address 10.11.12.13 is:
host.auth.ddd.ccc.bbb.aaa.in-addr.arpa
# /etc/hosts example
10.11.12.13 foo.bar.com.auth.13.12.11.10.in-addr.arpa
IPv6 有一个等价的形式使用 IP6.ARPA 的地址RFC 中定义的域根格式3596.
There is an equivalent form for IPv6 addresses which uses the IP6.ARPA domain root format defined in RFC 3596.
对于 DNS,这些将是 A (IPv4) 或AAAA (IPv6) 条目.
For DNS, these would be A (IPv4) or AAAA (IPv6) entries.
前置一个完全限定的主机名在其他映射到相同之前地址.例如,在/etc/hosts格式:
Pre-pend a fully qualified host name before other mappings to the same address. For example, in /etc/hosts format:
#10.11.12.13 foo loghost
10.11.12.13 foo.bar.com foo loghost
作为更新名称的替代方法服务记录,有可能安全地修改小程序以执行仅使用它自己的网络操作独立于网络的权限包含它的页面使用doPrivileged() 方法java.security.AccessController 类.
As an alternative to updating name service records, it may be possible to safely modify the applet to perform the network action using only it's own permissions independent of the web page which contains it by using the doPrivileged() method of the java.security.AccessController class.
我是 PHP 开发人员,对 Java 知之甚少.我无法理解 Oracle 提供的解决方案.他们想在/etc/hosts 文件中添加新的主机名,谁能用更清楚的例子解释一下在/etc/hosts 中添加什么.
I am PHP developer and I have very little knowledge on Java. I couldn't understand the solution provided by the Oracle. They want to add new host name in /etc/hosts file, can anyone please explain with more clear example what to add in /etc/hosts.
我也不知道在哪里添加 doPrivileged() 方法,请帮忙.
Also I don't know where to add doPrivileged() method, please help.
谢谢
推荐答案
Paŭlo,
服务器管理员将 crossdomain.xml 文件上传到解析公共 ip 的站点的 Web 根目录.这是我收到的唯一信息.
Server admin uploaded a crossdomain.xml file to the root web directory of the site that resolve the public ip. This is the only information I received.
这是 crossdomain.xml 文件,
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
这解决了问题,Java 控制台日志中没有出现错误.
This fixed the problem and no errors appears in Java console logs.
这些错误已修复,
network: Cache entry not found [url: http://xxx.xxx.xxx.xxx/crossdomain.xml, version: null]
java.security.AccessControlException: access denied (java.net.SocketPermission xxx.xxx.xxx.xxx:80 connect,resolve)
这篇关于Java Applet 连接我们的服务器以调用 PHP 文件的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
