2

我想在未签名的 Applet 中将 Java 对象编组为 XML,反之亦然,我无法更改任何安全权限/策略文件,或签署应用程序。

我似乎得到了一个安全异常,因为 JAXB 正在尝试访问它在小程序沙箱中无法访问的字段或构造函数。

浏览器正在运行 JRE 1.6.0_17

我也对基于其他一些 XML(或 JSON)库的解决方案持开放态度,但尝试了以下方法并且几乎遇到了类似的问题;- XStream - Gson

给定(类似于)以下对象:

@XmlType
@XmlRootElement
public class SimpleObject {

    public String sampleText;

    public SimpleObject() {
    }

    public String getSampleText() {
        return sampleText;
    }

    public void setSampleText(String sampleText) {
        this.sampleText = sampleText;
    }
}

以及以下简单的 JAXB 代码:

public void actionPerformed(ActionEvent e) {
    try {
        JAXBContext jc = JAXBContext.newInstance(SimpleObject.class);
        Marshaller marshaller = jc.createMarshaller();
        marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);

        SimpleObject object = new SimpleObject();
        object.setSampleText("Hello");

        marshaller.marshal(object, System.out);
    }
    catch (JAXBException e1) {
        throw new RuntimeException(e1);
    }
}

我得到以下异常:

Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkMemberAccess(Unknown Source)
    at java.lang.Class.checkMemberAccess(Unknown Source)
    at java.lang.Class.getDeclaredConstructor(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator.hasDefaultConstructor(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator.hasDefaultConstructor(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ClassInfoImpl.<init>(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeClassInfoImpl.<init>(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.createClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.createClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getTypeInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getTypeInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.getTypeInfoSet(Unknown Source)
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.<init>(Unknown Source)
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl$JAXBContextBuilder.build(Unknown Source)
    at com.sun.xml.internal.bind.v2.ContextFactory.createContext(Unknown Source)
    at com.sun.xml.internal.bind.v2.ContextFactory.createContext(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at javax.xml.bind.ContextFinder.newInstance(Unknown Source)
    at javax.xml.bind.ContextFinder.find(Unknown Source)
    at javax.xml.bind.JAXBContext.newInstance(Unknown Source)
    at javax.xml.bind.JAXBContext.newInstance(Unknown Source)
    at nz.co.zeal.maker.application.actions.build.JAXBTestAction.actionPerformed(JAXBTestAction.java:24)
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at javax.swing.AbstractButton.doClick(Unknown Source)
    at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
    at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
4

3 回答 3

2

我从来没有完全弄清楚这一点。我所做的是获取一个相当简单的 JSON 库,称为 Flexjson。它也引发了类似的安全异常,但该库足够简单,我能够使用布尔标志关闭导致 Applet 异常的库代码。

于 2010-01-23T19:41:42.113 回答
0

我还尝试使用 JAXB 找到解决方案,但没有成功。

我使用 ADB 绑定切换到 Axis2 (1.5.4),但它也尝试访问安全管理器检查失败的系统属性。

最后,我通过使用 AspectJ 并使用重写 System.getProperty() 调用以在失败时返回 null 的方面一起获得了一个可行的解决方案。由于 Axis2 所需的所有属性都不是关键的,因此这很有效。我还需要在 org.apache.axiom.util.stax.dialect.StAXDialectDetector.getRootUrlForResource() 上应用一个方面以始终返回 null,因为它试图进行 ClassLoader.getSystemClassLoader() 调用,该调用在安全管理器下也失败了。再次,这似乎是一个非关键的调用。让 AspectJ 在构建时重写 Axis2 类,它作为未签名的小程序运行。

这是一个非常混乱的解决方案,但至少它有效。

我无法使用 JAXB 获得相同的 AspectJ hack,因为 JAXB 需要直接访问类的私有字段,如果 JAXB 与小程序捆绑在一起(如果 AspectJ 用于我们需要这样做,我们需要这样做)重写类)。

于 2011-05-01T23:10:35.177 回答
0

这可能会解决您的问题。我知道它解决了我的问题:)

public void actionPerformed(ActionEvent e) {
    try {
    JAXBContext jc = AccessController.doPrivileged(new PrivilegedExceptionAction<JAXBContext>() {

        public JAXBContext run() throws JAXBException {

            // needs to run here otherwise throws AccessControlException
            return JAXBContext.newInstance(SimpleObject.class);
        }
    });         
        Marshaller marshaller = jc.createMarshaller();
        marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);

        SimpleObject object = new SimpleObject();
        object.setSampleText("Hello");

        marshaller.marshal(object, System.out);
    }
    catch (JAXBException e1) {
        throw new RuntimeException(e1);
    }
    } catch (PrivilegedActionException e2) {
    throw new RuntimeException(e2);
    }
}

希望能帮助到你

于 2014-07-25T15:53:35.843 回答