我有一个试图读取http.strictPostRedirect 系统属性的 Java 小程序的 Java 小程序。
该代码不是我的(它是 Java 的;所以我无法更改它)。但是你可以在网上找到代码:
HttpURLConnection.java:
if (method.equals("POST") && !Boolean.getBoolean("http.strictPostRedirect") && (stat!=307))
{
/* The HTTP/1.1 spec says that a redirect from a POST
* *should not* be immediately turned into a GET, and
* that some HTTP/1.0 clients incorrectly did this.
* Correct behavior redirects a POST to another POST.
* Unfortunately, since most browsers have this incorrect
* behavior, the web works this way now. Typical usage
* seems to be:
* POST a login code or passwd to a web page.
* after validation, the server redirects to another
* (welcome) page
* The second request is (erroneously) expected to be GET
*
* We will do the incorrect thing (POST-->GET) by default.
* We will provide the capability to do the "right" thing
* (POST-->POST) by a system property, "http.strictPostRedirect=true"
*/
...
}
基本失败来自于调用:
Boolean.getBoolean("http.strictPostRedirect")
这引起了很多人的悲痛。显然我不允许阅读http.strictPostRedirect系统属性。试图阅读它会引发AccessControlException:
java.security.AccessControlException: access denied (java.util.PropertyPermission http.strictPostRedirect read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.lang.Boolean.getBoolean(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
因此,如果我无权读取系统属性的权限:
如何获得系统属性的读取权限?
显然必须有一个设置我读取系统属性,否则 Sun 不会有透明地尝试访问它的代码。
它是全球范围内的机器吗?它是域范围的设置吗?它是机器范围的设置吗?它是每个用户的设置吗?它是每个小程序的设置吗?它是每次调用设置吗?它是与特定版本的Java Runtime Engine相关的设置吗?
tl; dr:如何不崩溃?
读取系统属性
Java 确实有一个系统属性列表,而不是 applet 无法读取:
java.class.pathjava.homeuser.diruser.homeuser.name
我的系统属性,http.strictPostRedirect不在该列表中。那为什么我不能读呢?