我们正在使用 jnlp 启动一个小程序小程序需要加载本机库 jar 和 jnlp 使用自生成的证书进行签名。jnlp 授予所有权限
<security>
<all-permissions/>
</security>
策略文件授予所有权限 grant { permission java.security.AllPermission; };
我们得到一个弹出对话框“java安全警告”,它说:这个应用程序将执行一个不安全的操作。你要继续吗 ?
继续或取消(见附件截图)
没有“始终允许”按钮
这意味着“每次”小程序启动时都会弹出对话框。这对用户来说很烦人。
可以做些什么来禁用此对话框弹出或使其最多出现一次?
可以做些什么来禁用此对话框弹出或使其最多出现一次?
使用经过可信机构验证的证书。禁用/忽略自签名证书的“始终允许”字段是 Oracle 决定它们不太可能更改。
实际上,我们在 JNLP 参数上遇到了问题。您不能在 JNLP jre args 参数中指定任何参数,否则您将收到安全警告。
为避免弹出安全警告,请使用第 638 行列表中的属性和 JVM 参数:http: //javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/config/Config.java .html
在您的 JNLP 上,如果 JVM 参数包含其中未列出的内容,即使您正确签署了证书,您也会收到弹出窗口。这一切都归结为使用“安全”参数+适当的证书,它会没事的。
该 URL 已被删除,因此以下是有效参数:
// note: this list MUST correspond to native secure.c file
private static String[] secureVmArgs = {
"-d32", /* use 32-bit data model if available */
"-client", /* to select the "client" VM */
"-server", /* to select the "server" VM */
"-verbose", /* enable verbose output */
"-version", /* print product version and exit */
"-showversion", /* print product version and continue */
"-help", /* print this help message */
"-X", /* print help on non-standard options */
"-ea", /* enable assertions */
"-enableassertions", /* enable assertions */
"-da", /* disable assertions */
"-disableassertions", /* disable assertions */
"-esa", /* enable system assertions */
"-enablesystemassertions", /* enable system assertions */
"-dsa", /* disable system assertione */
"-disablesystemassertions", /* disable system assertione */
"-Xmixed", /* mixed mode execution (default) */
"-Xint", /* interpreted mode execution only */
"-Xnoclassgc", /* disable class garbage collection */
"-Xincgc", /* enable incremental gc. */
"-Xbatch", /* disable background compilation */
"-Xprof", /* output cpu profiling data */
"-Xdebug", /* enable remote debugging */
"-Xfuture", /* enable strictest checks */
"-Xrs", /* reduce use of OS signals */
"-XX:+ForceTimeHighResolution", /* use high resolution timer */
"-XX:-ForceTimeHighResolution", /* use low resolution (default) */
"-XX:+PrintGCDetails", /* Gives some details about the GCs */
"-XX:+PrintGCTimeStamps", /* Prints GCs times happen to the start of the application */
"-XX:+PrintHeapAtGC", /* Prints detailed GC info including heap occupancy */
"-XX:PrintCMSStatistics", /* If > 0, Print statistics about the concurrent collections */
"-XX:+PrintTenuringDistribution", /* Gives the aging distribution of the allocated objects */
"-XX:+TraceClassUnloading", /* Display classes as they are unloaded */
"-XX:SurvivorRatio", /* Sets the ratio of the survivor spaces */
"-XX:MaxTenuringThreshol", /* Determines how much the objects may age */
"-XX:CMSMarkStackSize",
"-XX:CMSMarkStackSizeMax",
"-XX:+CMSClassUnloadingEnabled",/* It needs to be combined with -XX:+CMSPermGenSweepingEnabled */
"-XX:+CMSIncrementalMode", /* Enables the incremental mode */
"-XX:CMSIncrementalDutyCycleMin", /* The percentage which is the lower bound on the duty cycle */
"-XX:+CMSIncrementalPacing", /* Automatic adjustment of the incremental mode duty cycle */
"-XX:CMSInitiatingOccupancyFraction", /* Sets the threshold percentage of the used heap */
"-XX:+UseConcMarkSweepGC", /* Turns on concurrent garbage collection */
"-XX:-ParallelRefProcEnabled",
"-XX:ParallelGCThreads", /* Sets the number of parallel GC threads */
"-XX:ParallelCMSThreads",
"-XX:+DisableExplicitGC", /* Disable calls to System.gc() */
"-XX:+UseCompressedOops", /* Enables compressed references in 64-bit JVMs */
"-XX:+UseG1GC",
"-XX:GCPauseIntervalMillis",
"-XX:MaxGCPauseMillis" /* A hint to the virtual machine to pause times */
};
当时我们有这些争论:
<j2se version="1.6.0+"
initial-heap-size="${heap.init}"
max-heap-size="${heap.max}"
java-vm-args="-Djava.security.policy=${jnlp.ip}${jnlp.port}/ed/security/java.policy"/>
问题出在 -Djava.security.policy 上,直到我从那里删除它之前我无法理解弹出窗口。
在 JAVA_OPTS 中使用远程调试参数可能会导致此弹出窗口
-agentlib:jdwp=transport=dt_socket,address=localhost:8000,server=y,suspend=n
我有以下参数并遇到了同样的问题:
-Xss4m -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5021
删除它们解决了它。