1

我有以下 HttpGet() 函数:

    HttpGet request = new HttpGet(url);

    request.setHeader("User-Agent", userAgent);
    request.setHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
    request.setHeader("Accept-Language", "en-US,en;q=0.5");
    if (!cookies.equals(""))
        request.setHeader("Cookie", this.cookies);

    for (Map.Entry<String, String> header : tempHeaders.entrySet())
    {
        request.setHeader(header.getKey(), header.getValue());
    }
    tempHeaders.clear();

    HttpResponse response = client.execute(request);

此函数是包装 Apache 的 HttpClient 的 Browser() 类的一部分。当我在小程序查看器中运行小程序时,一切正常。但是,当我将小程序嵌入页面时,出现以下异常:

java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:80" "connect,resolve")
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkConnect(Unknown Source)
    at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
    at sun.plugin2.applet.AWTAppletSecurityManager.checkConnect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:117)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
    **at vidinstant.HttpBrowser.Get(HttpBrowser.java:60)**
    at vidinstant.ServerThread$1.run(ServerThread.java:201)
    at vidinstant.ServerThread$1.run(ServerThread.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at vidinstant.ServerThread.GetLink(ServerThread.java:196)
    at vidinstant.ServerThread.run(ServerThread.java:95)

您可以看到异常的“来源”在 Browser 类的第 60 行,更准确地说,是上述代码摘录中的这一行:

  HttpResponse response = client.execute(request);

我已经对applet .jar 进行了自签名,并且清单文件中包含“Permissions: all-permissions”行。

为什么我会收到此异常,为什么访问被拒绝?在其浏览器中运行小程序的用户单击“允许”和“不阻止”,但它仍然不起作用。Apache 的库 .jars 也必须签名吗?他们是否需要在清单中包含“所有权限”?如何获得运行此类功能的权限,而无需用户摆弄他们的 Java 策略文件?

4

1 回答 1

1

Apache 的库 .jars 也必须签名吗?

是的。不允许“90%”安全。部署的代码要么被认为是安全的,要么被认为是不安全的。

于 2013-12-14T22:34:24.983 回答