I have a signed applet. To implement some plugin architecture I download and store to disk a JAR file with specific classes.
Then I load these classes with URLCLassLoader. So, now I try to invoke some method from loaded class and I have a security issue.
It seems to "sign-token" cannot be checked by SecurityManager when class loaded be URLClassLoaded. Anybody know how to solve this problem?
Thanks a lot!
Loading.
URLClassLoader loader = new URLClassLoader(new URL[] {libraryArchive.toURI().toURL()}, Compress.class.getClassLoader());
Invocation.
...
org.palettelabs.comm.desktopcapture.pim.Library lib = libraryClass.newInstance();
final Compress compressingLibrary = (Compress) lib;
File file = AccessController.doPrivileged(new PrivilegedExceptionAction<File>() {
@Override
public File run() {
try {
File file = compressingLibrary.compress(filesList);
return file;
} catch (Exception e) {
Logger.error("applet: compress: invocation external library error", e);
return null;
}
}
});
Exception.
2011-09-16 16:00:08,550 [SwingWorker-pool-1-thread-4] ERROR - applet: compress: invocation external library error
java.security.AccessControlException: access denied (java.io.FilePermission /tmp/dca-palettelabs-storage/test/compress/linux32ffmpeg.jar-extractedFiles/org/palettelabs/
comm/desktopcapture/libs/compress/linux32 read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at java.io.File.mkdirs(File.java:1181)
at org.palettelabs.comm开发者_如何学Python.desktopcapture.pim.Library.extract(Library.java:31)
at org.palettelabs.comm.desktopcapture.libs.compress.linux32.Linux32.compress(Linux32.java:17)
at org.palettelabs.comm.desktopcapture.ui.UploadingWorker$1.run(UploadingWorker.java:77)
at org.palettelabs.comm.desktopcapture.ui.UploadingWorker$1.run(UploadingWorker.java:1)
at java.security.AccessController.doPrivileged(Native Method)
at org.palettelabs.comm.desktopcapture.ui.UploadingWorker.compress(UploadingWorker.java:72)
at org.palettelabs.comm.desktopcapture.ui.UploadingWorker.doInBackground(UploadingWorker.java:57)
at org.palettelabs.comm.desktopcapture.ui.UploadingWorker.doInBackground(UploadingWorker.java:1)
at javax.swing.SwingWorker$1.call(SwingWorker.java:277)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at javax.swing.SwingWorker.run(SwingWorker.java:316)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Install a custom security manager that allows code from the right code base (package, whatever..) to perform that action.
To do that, call System.setSecurityManager(myManager). (As you managed to figure) myManager is an extension of SecurityManager.
It requires a trusted applet to set a security manager.
Use an appropriate subclass of java.security.SecureClassLoader to assign an appropriate ProtectionDomain to the loaded classes. Of course, making sure that these classes are to be trusted by some mechanism (e.g. signed with a certificate you trust for such purposes).
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论