java.security.AccessControlException : access denied (java.util.PropertyPermissi

Others 2022-05-23 13:01:58 views: 0

Continued from the previous article

http://1259988502.iteye.com/admin/blogs/2303384

Encountered another applet application error

java.security.AccessControlException : access denied (java.util.PropertyPermission createClassLoader)

mistake

 

This time, it doesn't work to modify the policy file and so on. Finally, I decided to add a digital signature to this applet.

 

found one online  

JAVA's java.policy --- Applet digital signature

 


This problem gave me a headache. I found a lot of information about java security policy on the Internet, and they were mostly based on doctrine. I modified this file in java jre \lib\security\ java.policy as follows: 
//grant codeBase "file :${{java.ext.dirs}}-" { 
    permission java.security.AllPermission; 
   permission java.io.FilePermission "<<ALL FILES>>", "read"; 
    permission java.io.FilePermission "<<ALL FILES>>", "write"; 
  permission java.util.PropertyPermission "*", "write,read"; 
   permission java.util.PropertyPermission "user.dir", "read";  
}; 
It still doesn't work after modification, Why! It's a headache. In the end, I still have to use the applet's digital signature 
. It's not good to generate a digital signature after a patch, and it's your big mistake to clear the ie cache once, otherwise it will keep reporting the same error 

. The following is Steps of digital signature 
Step 1: jar file 
1. You can use eclipse to import the jar file 
2. You can use commands such as: jar -cvf MyApplet. 


The following is written in the embedded Applet section: 
<APPLET 
CODEBASE = "." 
CODE = "jcomponent.FileReaderApplet.class" 
ARCHIVE = "MyClass.jar" 
NAME = "TestApplet" 
WIDTH = 400 
HEIGHT = 300 
HSPACE = 0 
VSPACE = 0 
ALIGN = middle 

</APPLET> 


Step 3: (generate certificate and signature) 

  1. The command keytool -genkey -keystore pepper.store -alias pepper 
  is used to generate a keystore. After execution, a keystore should be generated in c:/admin The file of pepper.store, where pepper is my own name, you can modify it. In addition, when executing the command, you will be prompted to enter the password of the keystore. You must remember it here, otherwise you will not be able to enter it when you use it later. 

  2. The command keytool -export -keystore pepper.store -alias pepper -file pepper.cert 
  is used to generate the certificate to be used for the signature, and the pepper here can also be replaced with the name you need. After this command is executed, a pepper.cert file is generated in c:/admin. 

  3. jarsigner -keystore pepper.store MyApplet.jar pepper 
  This command signs our jar file with the certificate generated above. 

Step 4: Create a new policy file and add these policy files (modify the file) 

  1. Create a file named applet.policy in c:/admin with the following contents: 
  keystore "file:c: /admin/pepper .store", "JKS"; 
  grant signedBy "pepper" 
  { permission java.io.FilePermission "<<ALL FILES>>", "read";=; 
  This file allows the applet signed by pepper to have read permission for all local files . 

  2. Modify java.security in the ${java.home}/jre/lib/security directory and find the following two lines: 
  policy.url.1=file:${java.home}/lib/security/java.policy 
  policy.url.2=file:${user.home}/.java.policy Add 

  the third line below 
  policy.url.3=file:c: /admin/applet.policy 
  After completing this modification, we created it in the front The applet.policy file is valid. 
Step 5: (convert html file) 
  运行前面提到的HTMLConvert工具,将原有的FileReaderApplet.html转化成下面的形式: 
<!--"CONVERTED_APPLET"--> 
<!-- CONVERTER VERSION 1.3 --> 
<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" 
WIDTH = 400 HEIGHT = 300 NAME = "TestApplet" ALIGN = middle VSPACE = 0 HSPACE = 0 codebase="http://java.sun.com/products/plugin/1.3/jinstall-13- win32.cab#Version=1,3,0,0"> 
<PARAM NAME = CODE VALUE = "jcomponent.FileReaderApplet.class" > 
<PARAM NAME = CODEBASE VALUE = "." > 
<PARAM NAME = ARCHIVE VALUE = "MyApplet.jar" > 
<PARAM NAME = NAME VALUE = "TestApplet" > 

<PARAM NAME="type" VALUE="application/x-java-applet;version=1.3"> 
<PARAM NAME="scriptable"VALUE="false"> 
<COMMENT> 
<EMBED type="application/x-java-applet;version=1.3" CODE = "jcomponent.FileReaderApplet.class" CODEBASE = "." ARCHIVE = "MyApplet.jar" NAME = "TestApplet" WIDTH = 400 HEIGHT = 300 ALIGN = middle VSPACE = 0 HSPACE = 0 scriptable=false pluginspage="http://java.sun.com/products/plugin/1.3/plugin-install.html"><NOEMBED></COMMENT> 

</NOEMBED><// EMBED> 
</OBJECT> 
<!-- 
<APPLET CODE = "jcomponent.FileReaderApplet.class" CODEBASE = "." ARCHIVE = "MyApplet.jar" WIDTH = 400 HEIGHT = 300 NAME = "TestApplet" ALIGN = middle VSPACE = 0 HSPACE = 0> 

</APPLET> 
--> 
<!--"END_CONVERTED_APPLET"--> 

  Don't see that the writing here is very complicated, but these are automatically implemented by the HTMLConvert tool. This tool has both command line and graphical interface modes of operation. 

   Well, now this Applet can run the function of reading and writing files. If you want to consider implementing this Applet on the Internet, then you don't need to do the above steps on all clients, you just need to create a directory on your server, such as c:/admin, map this directory as www.testApplet.com/admin. Here www.testApplet.com is a hypothetical URL, put pepper.cert, pepper.store, FileReaderApplet.html, MyApplet.jar and applet.policy in this directory, and then modify the applet.policy file as follows: 
  keystore "http ://www.testApplet.com/admin/pepper.store", 
  "JKS";grant signedBy "pepper"{ permission java.io.FilePermission "<<ALL FILES>>", "read";}; 

  3. And Each client only needs to modify their java.security file in the ${java.home}/jre/lib/security directory as follows: 
  policy.url.1=file:${java.home}/lib/security/ java.policypolicy.url.2= 
file:${user.home}/.java.policypolicy.url.3= http://www.testApplet.com/admin/applet. 

  Of course, each client still needs to install JRE. 
If it is tomcat for domain name binding, it needs to be mapped in the tomcat\conf\server.xml file 
<context path=”” docBase=”Mapped directory” debug=”1” reloadable=”true”></context> 

grateful

http://blog.sina.com.cn/s/blog_888269b2010138i3.html

 

My own measurement: After completing step 3, restart the service and then call the applet method normally. Because my own APPLET method is embedded in a jsp page in a web system, I feel that after step 4, it is unnecessary.

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326778396&siteId=291194637
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com