3

我有一个签名的小程序。为了实现一些插件架构,我下载并存储到磁盘中包含特定类的 JAR 文件。

然后我用URLCLassLoader. 所以,现在我尝试从加载的类中调用一些方法,但我遇到了一个安全问题。

SecurityManager加载类时似乎无法检查“签名令牌” URLClassLoaded。有人知道如何解决这个问题吗?

非常感谢!

正在加载。

URLClassLoader loader = new URLClassLoader(new URL[] {libraryArchive.toURI().toURL()}, Compress.class.getClassLoader());

调用。

...
org.palettelabs.comm.desktopcapture.pim.Library lib = libraryClass.newInstance();
                final Compress compressingLibrary = (Compress) lib;
                File file = AccessController.doPrivileged(new PrivilegedExceptionAction<File>() {

                    @Override
                    public File run() {
                        try {
                            File file = compressingLibrary.compress(filesList);
                            return file;
                        } catch (Exception e) {
                            Logger.error("applet: compress: invocation external library error", e);
                            return null;
                        }
                    }

                });

例外。

2011-09-16 16:00:08,550 [SwingWorker-pool-1-thread-4] ERROR - applet: compress: invocation external library error
java.security.AccessControlException: access denied (java.io.FilePermission /tmp/dca-palettelabs-storage/test/compress/linux32ffmpeg.jar-extractedFiles/org/palettelabs/
comm/desktopcapture/libs/compress/linux32 read)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
        at java.io.File.exists(File.java:731)
        at java.io.File.mkdirs(File.java:1181)
        at org.palettelabs.comm.desktopcapture.pim.Library.extract(Library.java:31)
        at org.palettelabs.comm.desktopcapture.libs.compress.linux32.Linux32.compress(Linux32.java:17)
        at org.palettelabs.comm.desktopcapture.ui.UploadingWorker$1.run(UploadingWorker.java:77)
        at org.palettelabs.comm.desktopcapture.ui.UploadingWorker$1.run(UploadingWorker.java:1)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.palettelabs.comm.desktopcapture.ui.UploadingWorker.compress(UploadingWorker.java:72)
        at org.palettelabs.comm.desktopcapture.ui.UploadingWorker.doInBackground(UploadingWorker.java:57)
        at org.palettelabs.comm.desktopcapture.ui.UploadingWorker.doInBackground(UploadingWorker.java:1)
        at javax.swing.SwingWorker$1.call(SwingWorker.java:277)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
        at java.util.concurrent.FutureTask.run(FutureTask.java:138)
        at javax.swing.SwingWorker.run(SwingWorker.java:316)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
4

2 回答 2

1

使用适当的子类为加载的类java.security.SecureClassLoader分配适当的子类。ProtectionDomain当然,确保这些类被某种机制信任(例如,使用您为此目的信任的证书签名)。

于 2011-10-05T16:24:14.440 回答
1

安装一个自定义安全管理器,允许来自正确代码库(包,无论什么......)的代码执行该操作。

为此,请致电System.setSecurityManager(myManager). (如您所想)myManagerSecurityManager的扩展。

它需要一个受信任的小程序来设置安全管理器。

于 2011-09-20T06:37:09.780 回答