如何在没有弹出窗口的情况下通过JNLP授予Java applet的所有权限 [英] How to grant all permissions to java applet through JNLP without popups
问题描述
我们正在使用jnlp
启动applet applet需要加载本机库
jar和jnlp使用自生成的证书进行签名。
jnlp授予所有权限
We are launching an applet using jnlp The applet needs to load a native library The jar and the jnlp are signed with a self generated certificate. The jnlp grants all permission with
<security>
<all-permissions/>
</security>
策略文件授予所有权限
grant {
permission java.security。的AllPermission;
};
The policy file grants all permissions grant { permission java.security.AllPermission; };
我们正在获得一个弹出对话框java安全警告
这就是说:这个应用程序将执行一个不安全的操作。你想继续吗?
We are getting a popup dialog " java security warning" That says: this application is going to perform an insecure operation. Do you want to continue ?
继续或取消(见附件截图)
Continue or cancel (see attached screen shot)
没有允许始终按钮
这意味着每次启动applet时都会弹出对话框。这对用户来说很烦人。
Which means that the dialog pops up "every time" the applet is launched. This is annoying to the user.
可以做些什么来禁用此对话框以弹出或最多出现一次?
What can be done to disable this dialog to pop up or to make it appear at most once?
推荐答案
我们实际上遇到了JNLP参数的问题。您无法在JNLP jre args参数中指定任何参数,否则您将获得安全警告。
We had a problem with the JNLP arguments actually. You cannot specify any argument in the JNLP jre args parameter otherwise you'll get the security warning.
要避免安全警告弹出,请使用位于列表中的属性和JVM参数从第638行:
http://javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/config/Config.java.html
To avoid security warning popup use the properties and JVM arguments from the lists located from line 638: http://javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/config/Config.java.html
在JNLP上,如果JVM参数包含未在其中列出的内容,即使您正确签署证书,也会获得弹出窗口。这一切都归结为使用'安全'参数+一个适当的证书,它会没问题。
On your JNLP, if the JVM arguments include something that is not listed in there, you will get the popup even if you properly sign the certificate. It all boils down to using 'secured' parameters + a proper certificate and it will be ok.
URL被删除,所以这里是有效的参数:
The URL was removed so here are the valid arguments:
// note: this list MUST correspond to native secure.c file
private static String[] secureVmArgs = {
"-d32", /* use 32-bit data model if available */
"-client", /* to select the "client" VM */
"-server", /* to select the "server" VM */
"-verbose", /* enable verbose output */
"-version", /* print product version and exit */
"-showversion", /* print product version and continue */
"-help", /* print this help message */
"-X", /* print help on non-standard options */
"-ea", /* enable assertions */
"-enableassertions", /* enable assertions */
"-da", /* disable assertions */
"-disableassertions", /* disable assertions */
"-esa", /* enable system assertions */
"-enablesystemassertions", /* enable system assertions */
"-dsa", /* disable system assertione */
"-disablesystemassertions", /* disable system assertione */
"-Xmixed", /* mixed mode execution (default) */
"-Xint", /* interpreted mode execution only */
"-Xnoclassgc", /* disable class garbage collection */
"-Xincgc", /* enable incremental gc. */
"-Xbatch", /* disable background compilation */
"-Xprof", /* output cpu profiling data */
"-Xdebug", /* enable remote debugging */
"-Xfuture", /* enable strictest checks */
"-Xrs", /* reduce use of OS signals */
"-XX:+ForceTimeHighResolution", /* use high resolution timer */
"-XX:-ForceTimeHighResolution", /* use low resolution (default) */
"-XX:+PrintGCDetails", /* Gives some details about the GCs */
"-XX:+PrintGCTimeStamps", /* Prints GCs times happen to the start of the application */
"-XX:+PrintHeapAtGC", /* Prints detailed GC info including heap occupancy */
"-XX:PrintCMSStatistics", /* If > 0, Print statistics about the concurrent collections */
"-XX:+PrintTenuringDistribution", /* Gives the aging distribution of the allocated objects */
"-XX:+TraceClassUnloading", /* Display classes as they are unloaded */
"-XX:SurvivorRatio", /* Sets the ratio of the survivor spaces */
"-XX:MaxTenuringThreshol", /* Determines how much the objects may age */
"-XX:CMSMarkStackSize",
"-XX:CMSMarkStackSizeMax",
"-XX:+CMSClassUnloadingEnabled",/* It needs to be combined with -XX:+CMSPermGenSweepingEnabled */
"-XX:+CMSIncrementalMode", /* Enables the incremental mode */
"-XX:CMSIncrementalDutyCycleMin", /* The percentage which is the lower bound on the duty cycle */
"-XX:+CMSIncrementalPacing", /* Automatic adjustment of the incremental mode duty cycle */
"-XX:CMSInitiatingOccupancyFraction", /* Sets the threshold percentage of the used heap */
"-XX:+UseConcMarkSweepGC", /* Turns on concurrent garbage collection */
"-XX:-ParallelRefProcEnabled",
"-XX:ParallelGCThreads", /* Sets the number of parallel GC threads */
"-XX:ParallelCMSThreads",
"-XX:+DisableExplicitGC", /* Disable calls to System.gc() */
"-XX:+UseCompressedOops", /* Enables compressed references in 64-bit JVMs */
"-XX:+UseG1GC",
"-XX:GCPauseIntervalMillis",
"-XX:MaxGCPauseMillis" /* A hint to the virtual machine to pause times */
};
编辑
当时我们有这些论点:
EDIT
At the time we had these arguments:
<j2se version="1.6.0+"
initial-heap-size="${heap.init}"
max-heap-size="${heap.max}"
java-vm-args="-Djava.security.policy=${jnlp.ip}${jnlp.port}/ed/security/java.policy"/>
问题在于-Djava.security.policy,我无法理解弹出窗口,直到我从那里删除。
The problem was with -Djava.security.policy, and I couldn't understand the popup until I removed it from there.
java source source jdk6.23的新URL
这篇关于如何在没有弹出窗口的情况下通过JNLP授予Java applet的所有权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
