开发者

Deploy a Java Applet with Security Permission in HTML

开发者 https://www.devze.com 2023-02-27 00:16 出处:网络
I am having an extremely difficult time getting this to work. The applet is embed on my web page and it is trying to connect to a Java Servlet here.

I am having an extremely difficult time getting this to work.

The applet is embed on my web page and it is trying to connect to a Java Servlet here.

On some computers it connects fine, on others I get a can not connect error, which I believe is caused by java security permissions.

Custom 1: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve)

java.security.AccessControlException: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkConnect(Unknown Source)
    at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at sun.net.NetworkClient.doConnect(Unknown Source)
    at sun.net.www.http.HttpClient.openServer(Unknown Source)
    at sun.net.www.http.HttpClient.openServer(Unknown Source)
    at sun.net.www.http.HttpClient.<init>(Unknown Source)
    at sun.net.www.http.HttpClient.New(Unknown Source)
    at sun.net.www.http.HttpClient.New(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
    at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789)
    at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773)
    at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

I have signed the jar file, yet it still doesn't fix the issue. Here is how I generated the key file and signed the jar.

keytool -genkey -alias cal -keystore keys  -keypass #### -dname "cn=feldman" -storepass ####

jarsigner -keystore keys -storepass #### -keypass #### -signedjar CalSigned.jar Cal.jar cal

Here is how I am embedding it into the html page:

<script src="http://java.com/js/deployJava.js"></script>

    <script>
        var attributes = {code:'Calendar_Algorithm.class',
                      archive:'Cal39.jar',
                      width:150, height:50,
                      id:"ClientApp",
                      name:"ClientApp"
                      } ;
        var parameters = {fontSize:16} ;
        var version = '1.6' ;
        deployJava.runApplet(attributes, parameters, version);
    </script>

I also tried doing a jnlp file, and I could not even get that to start the jar, here is my jnlp file content:

  <?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.5+" codebase="" href="">
    <security>
        <all-permissions/>
    </security>
    <information>
        <title>Easy Course Selector</title> 
        <vendor>Group Boba</vendor>
        <homepage href="index.html"/>
        <description>Easy Course Selector</description>
        <description kind="short">Easy Course Selector</description>
        <icon href="mouseguard-small-jpg3.jpg"/>

    </information>

    <resources>
        <j2se version="1.5+" href="http://java.sun.com/products/autodl/j2se" />
        <jar href="Cal.jar" main="true" download="eager" />
    </resources>
    <applet-desc name="EasyCourse Applet" main-class="Calendar_Algorithm.class" width="200" height="50">
    </applet-desc>
    <update check="background"/>
</jnlp> 

And the embed code

<script> 
    var attributes = {id:"ClientApp", name:"ClientApp", code:'Calendar_Algorithm',   width:150, height:50} ; 
    var parameters = {jnlp_href: 'Cal_Info.jnlp'} ; 
    deployJava.runApplet(attributes, parameters, '1.6'); 
</script>

This is the error log of when I use it to connect to the external server:

java.security.AccessControlException: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789)
at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773)
at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Any help would be amazing.

Also here is the code that causes the error:

class Con implements PrivilegedExcept开发者_运维问答ionAction<Boolean> {
    private final String text;
    boolean res;
    public Con(String t) {
      text=t;
    }

    public Boolean run() { 
      res=send_courses_to_server();
      return res;
    } 
    public boolean send_courses_to_server(){

        try {
            URL url = new URL(server);

            HttpURLConnection con;
            con=(HttpURLConnection) url.openConnection();
            con.setRequestProperty("Content-type", "text/xml; charset=UTF-8");
            con.setRequestMethod("POST");
            con.setDoOutput(true);
            con.setDoInput(true);


            OutputStream out = con.getOutputStream();
            Writer writer = new OutputStreamWriter(out, "UTF-8");
            String xml="";
            writer.write("<Request>\n" +"<Request_Type>Validation_2</Request_Type>\n");
            xml="<Request>\n" +"<Request_Type>Validation_2</Request_Type>\n";



            Scanner in=new Scanner(text);
            while(in.hasNext()){
                String temp=in.nextLine().trim();
                writer.write("<Course>"+temp+"</Course>\n");
                xml=xml+"<Course>"+temp+"</Course>\n";
            }
            writer.write("</Request>\n");
            xml=xml+"</Request>\n";

            writer.flush();
            writer.close();

            InputStream is= con.getInputStream();

            if(con.getContentType().equals("text/xml")){
                status_message= new Scanner(is).nextLine();
                return false;
            }
            else{
                return set_courses(is);
            }

        } catch (Exception e){
            e.printStackTrace();
            status_message= "Custom 1: "+e.getMessage();
            return false;
        }

    }

    private boolean set_courses(InputStream is){
        courses=new Vector<Course>();

        try {
            ObjectInputStream ois=new ObjectInputStream(is);

            Course c;
            while(true){
                try{
                    c=(Course)ois.readObject();
                    courses.add(c);
                }catch(EOFException e){
                    break;
                }
            }
            ois.close();
        } catch (Exception e){
            status_message= "Custom 3 "+e.getMessage();
            return false;
        }
        status_message="Good";
        return true;
    }

}


Now, with the stack trace we can see the reason a bit better.

...
at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789)
at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773)
at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761)
...
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
...

You are using JavaScript to invoke a method of your applet, it seems. The send_courses_to_server method of your CalendarAlgorithm class is invoked from JavaScript, and invokes directly the run method of your Con inner class. This means that your code runs with (only) the permissions of the outer JavaScript, not with the permissions of your applet.

The Con class extends PrivilegedExceptionAction, but this alone is not enough to give privileged execution. You must also wrap this in a call to AccessController.doPrivileged(...) (here give your Con object).

Then the method will be called with the privileges given to your applet by signing. (Of course, you should check before that this call is legitimate and does nothing evil.)

Here I suppose your signing works, I did not check this, as I'm normally working with unsigned applets. By the way, if your applet comes from the same server as the servlet is on, this connection should not need any signing.

0

精彩评论

暂无评论...
验证码 换一张
取 消