JNLP 获得许可 [英] JNLP get a permission

问题描述

我最近在通过 JNLP 启动我的应用程序时遇到了一个问题.我现在把它缩小到一个 java.security.AccessControlException，它拒绝我关闭我的 ExecuterService.

I recently stumbled across a problem when starting my application via JNLP. I now narrowed it down to a java.security.AccessControlException, which denies me to shut down my ExecuterService.

所以，我做了一些阅读，发现我需要权限 (modifyThread) 才能成功关闭服务.我还发现我应该使用 <security>-tag(在 JNLP 文件中)来请求它，但我对如何使用感到有些困惑.

So, I did some reading and found out that I'll need the permission (modifyThread) to successfully shut down the service. I also found out that I should use the <security>-tag (in the JNLP-file) to request it, but I'm a little confused about how.

标签文档 说:

[...] 如果指定了 all-permissions 元素，应用程序将拥有对客户端计算机和本地网络的完全访问权限.如果应用程序请求完全访问，那么所有 JAR 文件必须是签名.将提示用户 [...]

[...] If the all-permissions element is specified, the application will have full access to the client machine and local network. If an application requests full access, then all JAR files must be signed. The user will be prompted [...]

通过阅读本文，我觉得我可以选择获得all 或no 权限……这似乎是一个令人困惑的实现.因为我只需要一个来关闭我的服务.

From reading this it seems to me, that I can choose to either get all or no permissions... which seems like a confusing Implementation. Because I only need the one to shutdown my service.

我还阅读了这篇文章，告诉我我不应该请求所有权限，因为我会打开用户计算机以获取恶意代码.

I also read this article, telling me that I should not request all permissions, because I would then open up the users computer for malicious code.

那么，有没有一种方法可以指定我只需要特定的权限(modifyThread)并且因此不需要对我的 jar 进行签名?还是我必须采用签署我的罐子并要求一切"的方法?

So, is there a way to specify that I only need the specific permission (modifyThread) and I therefor don't need to sign my jar? Or will I have to go with the "sign my jar and request everything"-approach?

推荐答案

..我是否必须采用签署我的罐子并要求一切"的方法?

..will I have to go with the "sign my jar and request everything"-approach?

是的.JWS 权限分为 3 个级别¹，唯一允许修改线程的级别是 all-permissions.

Yes. JWS permissions come in 3 levels¹, the only one where modifying threads is permitted, is all-permissions.

• 沙盒化.提供非常有限的环境.仅允许使用 JNLP API 服务访问打印机和本地文件系统等内容，这些服务在提示用户后提供更有限的 File 形式.带着窗户横幅来.只能与自己的服务器通信.
• j2ee-application-client-permissions - 提供那些不提示的 JNLP API 服务(在用户接受数字签名代码后)移除窗口横幅.
• all-permissions - 几乎任何东西，包括替换现有的安全管理器(是的，即使所有权限"代码在 JWS 中也有一个安全管理器 - 这只是非常宽容).

• Sand-boxed. Provides a very limited environment. Access to things like printers and the local file-system is only permitted using the JNLP API services, which provide more limited forms of File after prompting the user. Come with window banners. Can only communicate with own server.
• j2ee-application-client-permissions - provide those JNLP API services unprompted (after the user accepts the digitally signed code) removes the window banners.
• all-permissions - pretty much anything, including replacing the existing security manager (yes, even 'all permissions' code gets a security manager in JWS - it is just very lenient).

还从 JNLP 中获取链接 &JWS 页面.我个人可以推荐这些总结和链接.

Also chase the links from the JNLP & JWS pages. I can personally recommend those summaries & links.

这篇关于JNLP 获得许可的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！