为什么Win 7 IE在下载Java Webstart后从JNLP中删除“all-permissions”标签？

我们最近部署了一个使用Webstart的JavaFX应用程序 . 该应用程序在Jar Manifest中具有“所有权限”，在JNLP中具有“所有权限” . Jar文件使用Comodo代码签名证书进行签名 .

最终用户访问HTML页面，该页面上有一个按钮，用于下载JNLP文件 .

除了在Windows 7上使用IE 11之外，该应用程序在所有系统上都可以启动 . 它们会收到以下弹出错误（注意，在使用Chrome / Firefox的同一台Windows 7计算机上，该应用程序启动正常...我已经制作确保所有机器上的所有Java选项都相同）：

服务器上的JNLP文件位于下面，其中设置了all-permissions标记：

<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="SXScheduler-1.jnlp">
  <information> 
    <title>SX Scheduler</title>
    <vendor>SX</vendor>
    <description>SX Scheduler</description>
    <offline-allowed/>
  </information>
  <security> 
    <all-permissions/> 
  </security>
  <resources>
    <j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se"/>
    <jar href="SXScheduler-1-jfx.jar" size="778804" download="null" />
    <jar href="lib/activation-1.1.1.jar" size="69409" download="null" />
    …more lib/ jar files, removed for Stack Overflow brevity
  </resources>
  <jfx:javafx-desc width="800" height="600" main-class="main.App" name="SXScheduler-1" />
  <update check="background"/>
</jnlp>

我对失败的结论是因为在Windows 7上的IE下载后，JNLP文件中的“所有权限”被删除了 .

为什么要删除它？

以下是失败时来自Java控制台的片段（在有效的系统上，控制台中的JNLP文件具有“all-permissions”标记）：

Java Plug-in 11.161.2.12 x86
Using JRE version 1.8.0_161-b12 Java HotSpot(TM) Client VM
User home directory = C:\Users\Jones
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
network: Created version ID: 1.5.0
network: Created version ID: 1.8.0
network: Created version ID: 1.8.0.161
network: Created version ID: 1.8
network: Created version ID: 1.8.0.161
cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@29614cd5: 5
basic: XMLParser with _source:
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="SXScheduler-1.jnlp">
  <information>
    <title>SX Scheduler</title>
    <vendor>SX</vendor>
    <description>SX Scheduler</description>
    <offline-allowed/>
  </information>
  <resources>
    <j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se"/>
    <jar href="SXScheduler-1-jfx.jar" size="778804" download="null" />
    <jar href="lib/activation-1.1.1.jar" size="69409" download="null" />
…more lib/ jar files, removed for Stack Overflow brevity
  </resources>
  <jfx:javafx-desc  width="800" height="600" main-class="main.App"  name="SXScheduler-1" />
  <update check="background"/>
</jnlp>
temp: returning LaunchDesc from XMLFormat.parse():
 
<jnlp spec="1.0" codebase="http://pmmsoft.com/deploy10/" href=“http://removed_for_privacy/deploy10/SXScheduler-1.jnlp”>
  <information>
    <title>SX Scheduler</title>
    <vendor>SX</vendor>
    <homepage href="null"/>
    <description>SX Scheduler</description>
    <offline-allowed/>
  </information>
  <update check="background" policy="always"/>
  <resources>
    <java href="http://java.sun.com/products/autodl/j2se" version="1.7+"/>
    <jar href=“htttp://removed for privacy/deploy10/SXScheduler-1-jfx.jar” download="eager" main="false"/>
   <jar href="http://removed for privacy/deploy10/lib/activation-1.1.1.jar" download="eager" main="false"/>
  …more lib/ jar files, removed for Stack Overflow brevity
  </resources>
  <javafx-desc main-class="main.App"/>
</jnlp>
...more output (irrelevant) removed for Stack Overflow brevity
 java.lang.SecurityException: JAR manifest requested to run in all-permissions only: http://removed for privacy/deploy10/SXScheduler-1-jfx.jar
                   at com.sun.deploy.security.DeployManifestChecker.verify(Unknown Source)
                   at com.sun.deploy.security.DeployManifestChecker.verify(Unknown Source)
                   at com.sun.deploy.security.SandboxSecurity.isPermissionGranted(Unknown Source)
                   at com.sun.deploy.security.SandboxSecurity.isPermissionGranted(Unknown Source)
                   at com.sun.javaws.security.JNLPSignedResourcesHelper.performSecurityCheckForSandbox(Unknown Source)
                   at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
                   at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
                   at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source)
                   at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)
                   at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
                   at java.lang.Thread.run(Unknown Source)
    basic: The Java security settings have prevented this application from running. You may change this behavior in the Java Control Panel.

感谢大家的任何帮助或建议 .