Java 8 中的新 java.security.AccessControlException [英] New java.security.AccessControlException in Java 8

问题描述

以前工作的网络代码抛出 java.security.AccessControlException在一个完全沙盒的 Java applet 中.

Can't get socket 2255: java.security.AccessControlException: access denied ("java.net.SocketPermission" "50.31.1.13:2255" "connect,resolve")

Oracle 发生了什么变化 - 必须跳到什么新的安全范围保持套接字工作?

这适用于 Java 1.7.0_55 和所有以前版本的 Java.

解决方案

这确实发生了变化……来自文档

http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/enhancements-8.html

<块引用>

• 对于沙盒 RIA，URLPermission 现在用于允许连接回到启动它们的服务器.URLPermissions 根据代码源的协议、主机和端口授予.此更改具有以下影响:

  • 对于沙盒 RIA，不再授予源主机的 SocketPermissions.从 JDK 8 开始，不授予从 JavaScript 代码到 RIA 的调用SocketPermissions.

  …

换句话说，您不能再在沙箱中创建新的 Socket.您只能使用相同的主机、相同的端口和相同的协议创建一个 URL 作为来自完全沙盒小程序的代码库.>

除非 Oracle 改变主意，否则沙盒小程序无法解决这个问题(否则会破坏整个安全概念).

Previously working network code is throwing java.security.AccessControlException in a fully sandboxed Java applet.

Can't get socket 2255: java.security.AccessControlException: access denied ("java.net.SocketPermission" "50.31.1.13:2255" "connect,resolve")

What has Oracle changed - what new security hoop must be jumped to keep sockets to working?

This worked/works in Java 1.7.0_55 and all previous versions of java.

解决方案

This has indeed changed… From the documentation

http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/enhancements-8.html

• For sandbox RIAs, URLPermission is now used to allow connections back to the server from which they were started. URLPermissions is granted based on protocol, host and port of the code source. This change has the following implications:

  • For sandbox RIAs, SocketPermissions for the origin host is no longer granted. Calls from JavaScript code to the RIA are not granted SocketPermissions beginning with JDK 8.

  …

In other words, you cannot create a new Socket in a sandbox anymore. You can only create a URL using the same host, same port, and same protocol as the codebase from a fully sandboxed applet then.

Unless Oracle changes its mind, there is no way for a sandboxed applet to get around this (otherwise it would render the entire security concept broken).

这篇关于Java 8 中的新 java.security.AccessControlException的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！