JNLP获得许可 [英] JNLP get a permission

问题描述

我最近在通过JNLP启动我的应用程序时偶然发现了一个问题。我现在把它缩小到 java.security.AccessControlException ，它拒绝我关闭我的 ExecuterService 。

I recently stumbled across a problem when starting my application via JNLP. I now narrowed it down to a java.security.AccessControlException, which denies me to shut down my ExecuterService.

所以，我做了一些阅读，发现我需要权限（ modifyThread ）才能成功关闭服务。我还发现我应该使用< security> -tag（在JNLP文件中）来请求它，但我对如何使用感到困惑。

So, I did some reading and found out that I'll need the permission (modifyThread) to successfully shut down the service. I also found out that I should use the <security>-tag (in the JNLP-file) to request it, but I'm a little confused about how.

标签文档说：

[...]如果 所有权限元素已指定，应用程序
将具有对客户端计算机和本地网络的完全访问权限。如果
应用程序请求完全访问权限，则所有 JAR文件必须为
签名。将会提示用户 [...]

[...] If the all-permissions element is specified, the application will have full access to the client machine and local network. If an application requests full access, then all JAR files must be signed. The user will be prompted [...]

从阅读本文来看，在我看来，我可以选择获取所有或没有权限......这似乎是一个令人困惑的实现。因为我只需要关闭我的服务。

From reading this it seems to me, that I can choose to either get all or no permissions... which seems like a confusing Implementation. Because I only need the one to shutdown my service.

我还读过这篇文章，告诉我不应该请求所有权限，因为我会打开用户计算机以获取恶意代码。

I also read this article, telling me that I should not request all permissions, because I would then open up the users computer for malicious code.

那么，有没有办法指定我只需要特定的权限（ modifyThread ），因此我不需要签署我的jar？或者我是否必须使用签署我的罐子并请求所有东西-approach？

So, is there a way to specify that I only need the specific permission (modifyThread) and I therefor don't need to sign my jar? Or will I have to go with the "sign my jar and request everything"-approach?

推荐答案

..我将不得不使用签署我的罐子并请求一切 - 接近吗？

..will I have to go with the "sign my jar and request everything"-approach?

是的。 JWS权限分为3级 ¹ ，唯一允许修改线程的权限是 all-permissions 。

Yes. JWS permissions come in 3 levels¹, the only one where modifying threads is permitted, is all-permissions.

• 沙盒装。提供非常有限的环境。只允许使用JNLP API服务访问打印机和本地文件系统之类的东西，这些服务在提示用户后提供更多有限形式的文件。来自窗口横幅。只能与自己的服务器通信。


• j2ee-application-client-permissions - 提供那些自发的JNLP API服务（在用户接受之后）数字签名的代码）删除了窗口横幅。


• 所有权限 - 几乎任何东西，包括替换现有的安全管理器（是的，甚至'所有权限'代码都会在JWS中获得安全管理器 - 它只是非常宽松）。

• Sand-boxed. Provides a very limited environment. Access to things like printers and the local file-system is only permitted using the JNLP API services, which provide more limited forms of File after prompting the user. Come with window banners. Can only communicate with own server.
• j2ee-application-client-permissions - provide those JNLP API services unprompted (after the user accepts the digitally signed code) removes the window banners.
• all-permissions - pretty much anything, including replacing the existing security manager (yes, even 'all permissions' code gets a security manager in JWS - it is just very lenient).

还可以追踪 JNLP 中的链接。 JWS 页面。我个人可以推荐这些摘要和链接。

Also chase the links from the JNLP & JWS pages. I can personally recommend those summaries & links.

这篇关于JNLP获得许可的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！