javaws 系统属性放宽或删除安全性? [英] javaws system property to relax or remove security?

问题描述

升级到 Java 7(Oracle/Sun JDK，而不是 OpenJDK)后，如果我尝试使用 javaws 在 Web Start 下测试我的应用程序，它会告诉我应用程序被安全设置阻止".我可以使用 Java 控制面板将安全性从高降低到中等以使其正常工作(它询问我是否要启动未签名的应用程序)，但这也会降低我的 Web 浏览器的安全级别.是否有任何系统属性可以让我执行 javaws -J-Dkey=value 来让 javaws 的一个实例放松或忽略关于将启动的内容的安全性(但否则保持安全性不变)?

Having upgraded to Java 7 (Oracle/Sun JDK, not OpenJDK), if I try to test my app under Web Start with javaws, it tells me "Application Blocked by Security Settings". I can use the Java control panel to reduce security from high to medium to get it to work (it asks me if I want to launch an unsigned app), but that also reduces the security level for my web browser. Is there any system property that'll let me do javaws -J-Dkey=value to get that one instance of javaws to relax or ignore security with regards to what will launch (but otherwise keep security the same)?

编辑:如果有人能指出 javaws 的 Java 7 源代码在哪里，我很乐意通读代码以找到答案.

EDIT: If anyone could point me to where the Java 7 source code for javaws is, I'd be happy to read through the code to find the answer.

EDIT 2:当我通过 Java 控制面板将 Java 安全性设置为中等时，使用 javaws 启动我的应用程序会导致它询问我是否要运行未签名的应用程序;这就是我想要复制的.控制面板通过将系统属性 deployment.security.level=MEDIUM 添加到文件 ~/.java/deployment/deployment.properties 来将安全设置为中.我尝试了两种方法来使用它:

EDIT 2: When I set Java security to medium through the Java control panel, launching my app with javaws results in it asking me if I want to run an unsigned app; this is what I want to duplicate. The control panel sets security to medium via adding the system property deployment.security.level=MEDIUM to the file ~/.java/deployment/deployment.properties. I've tried two ways to use this:

1) 将 -J-Ddeployment.security.level=MEDIUM 传递给 javaws.这会导致我的应用完全启动，而不会询问我是否要运行未签名的应用.

1) Pass -J-Ddeployment.security.level=MEDIUM to javaws. This results in my app fully launching without it asking me if I want to run an unsigned app.

2)通过-J-Ddeployment.system.config=~/.java/deployment/FOO.properties，其中FOO.properties是普通的拷贝deployment.properties 文件，手动添加 deployment.security.level=MEDIUM.同样，这会导致我的应用完全启动，而不会询问我是否要运行未签名的应用.

2) Pass -J-Ddeployment.system.config=~/.java/deployment/FOO.properties, where FOO.properties is a copy of the normal deployment.properties file, with deployment.security.level=MEDIUM added manually. Again, this results in my app fully launching without it asking me if I want to run an unsigned app.

EDIT 3:请注意，我使用的是 Oracle/Sun JDK，而不是 OpenJDK.

EDIT 3: Note that I'm using Oracle/Sun JDK, not OpenJDK.

推荐答案

• 您是否尝试过创建自己的自定义SecurityManager?
• 您是否尝试过使用 java.security.AllPermission(只是为了测试这是否适合您)?
• Have you tried creating your own custom SecurityManager?
• Have you tried using java.security.AllPermission (just to test if this is a fix for you) ?

相关规格:

• http://docs.oracle.com/javase/7/docs/api/java/lang/SecurityManager.html
• http://download.java.net/jdk8/docs/technotes/guides/security/permissions.html
• http://download.java.net/jdk8/docs/technotes/guides/security/spec/security-spec.doc.html

这可能与您非常相关:

• http://www.javaworld.com/javatips/jw-javatip20.html

回复:javaws，检查 javaws 本身的调用.我做了 cat/usr/bin/javaws 然后我们开始:

Re: javaws, check out the invocation of javaws itself. I did cat /usr/bin/javaws and here we go:

#!/bin/bash

JAVA=/usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java
LAUNCHER_BOOTCLASSPATH="-Xbootclasspath/a:/usr/share/icedtea-web/netx.jar"
LAUNCHER_FLAGS=-Xms8m
CLASSNAME=net.sourceforge.jnlp.runtime.Boot
BINARY_LOCATION=/usr/bin/javaws
PROGRAM_NAME=javaws
CP=/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar

JAVA_ARGS=( )
ARGS=( )
COMMAND=()

i=0
j=0

while [ "$#" -gt "0" ]; do
  case "$1" in
    -J*)
      JAVA_ARGS[$i]="${1##-J}"
      i=$((i+1))
      ;;
    *)
      ARGS[$j]="$1"
      j=$((j+1))
      ;;
  esac
  shift
done

k=0
COMMAND[k]="${JAVA}"
k=$((k+1))
COMMAND[k]="${LAUNCHER_BOOTCLASSPATH}"
k=$((k+1))
COMMAND[k]="${LAUNCHER_FLAGS}"
k=$((k+1))
i=0
while [ "$i" -lt "${#JAVA_ARGS[@]}" ]; do
  COMMAND[k]="${JAVA_ARGS[$i]}"
  i=$((i+1))
  k=$((k+1))
done
COMMAND[k]="-classpath"
k=$((k+1))
COMMAND[k]="${CP}"
k=$((k+1))
COMMAND[k]="-Dicedtea-web.bin.name=${PROGRAM_NAME}"
k=$((k+1))
COMMAND[k]="-Dicedtea-web.bin.location=${BINARY_LOCATION}"
k=$((k+1))
COMMAND[k]="-Djava.security.manager"
k=$((k+1))
COMMAND[k]="-Djava.security.policy=/etc/icedtea-web/javaws.policy"
k=$((k+1))
COMMAND[k]="${CLASSNAME}"
k=$((k+1))
j=0
while [ "$j" -lt "${#ARGS[@]}" ]; do
  COMMAND[k]="${ARGS[$j]}"
  j=$((j+1))
  k=$((k+1))
done

"${COMMAND[@]}"

exit $?

这篇关于javaws 系统属性放宽或删除安全性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！