首页 文章

如何在没有弹出窗口的情况下通过JNLP授予Java applet的所有权限

提问于
浏览
2

我们正在使用jnlp启动applet applet需要加载本机库jar和jnlp使用自生成的证书进行签名 . jnlp授予所有权限

<security>
     <all-permissions/>
</security>

策略文件授予所有权限grant {permission java.security.AllPermission; };

我们得到一个弹出对话框“java安全警告”说:这个应用程序将执行一个不安全的操作 . 你想继续吗 ?

继续或取消(参见随附的屏幕截图)

enter image description here

没有“允许始终”按钮

这意味着“每次”启动applet时都会弹出对话框 . 这对用户来说很烦人 .

可以做些什么来禁用此对话框以弹出或使其最多出现一次?

java security applet jnlp next-generation-plugin

4 回答

  • 1

    可以执行哪些操作来禁用此对话框以弹出或使其最多出现一次?

    使用已由受信任机构验证的证书 . 禁用/忽略自签名证书的“始终允许”字段是Oracle决定不太可能更改的 .

    回复于
  • 1

    我们实际上遇到了JNLP参数的问题 . 您无法在JNLP jre args参数中指定任何参数,否则您将获得安全警告 .

    要避免安全警告弹出,请使用位于第638行的列表中的属性和JVM参数:http://javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/config/Config.java.html

    在JNLP上,如果JVM参数包含未在其中列出的内容,即使您正确签署证书,也会获得弹出窗口 . 这一切都归结为使用'安全'参数一个适当的证书,它会没问题 .

    编辑

    URL已被删除,因此这里是有效的参数:

    // note: this list MUST correspond to native secure.c file
private static String[] secureVmArgs = {
    "-d32",                         /* use 32-bit data model if available */
    "-client",                      /* to select the "client" VM */
    "-server",                      /* to select the "server" VM */
    "-verbose",                     /* enable verbose output */
    "-version",                     /* print product version and exit */
    "-showversion",                 /* print product version and continue */
    "-help",                        /* print this help message */
    "-X",                           /* print help on non-standard options */
    "-ea",                          /* enable assertions */
    "-enableassertions",            /* enable assertions */
    "-da",                          /* disable assertions */
    "-disableassertions",           /* disable assertions */
    "-esa",                         /* enable system assertions */
    "-enablesystemassertions",      /* enable system assertions */
    "-dsa",                         /* disable system assertione */
    "-disablesystemassertions",     /* disable system assertione */
    "-Xmixed",                      /* mixed mode execution (default) */
    "-Xint",                        /* interpreted mode execution only */
    "-Xnoclassgc",                  /* disable class garbage collection */
    "-Xincgc",                      /* enable incremental gc. */
    "-Xbatch",                      /* disable background compilation */
    "-Xprof",                       /* output cpu profiling data */
    "-Xdebug",                      /* enable remote debugging */
    "-Xfuture",                     /* enable strictest checks */
    "-Xrs",                         /* reduce use of OS signals */
    "-XX:+ForceTimeHighResolution", /* use high resolution timer */
    "-XX:-ForceTimeHighResolution", /* use low resolution (default) */
    "-XX:+PrintGCDetails",          /* Gives some details about the GCs */
    "-XX:+PrintGCTimeStamps",       /* Prints GCs times happen to the start of the application */
    "-XX:+PrintHeapAtGC",           /* Prints detailed GC info including heap occupancy */
    "-XX:PrintCMSStatistics",       /* If > 0, Print statistics about the concurrent collections */
    "-XX:+PrintTenuringDistribution",  /* Gives the aging distribution of the allocated objects */
    "-XX:+TraceClassUnloading",     /* Display classes as they are unloaded */
    "-XX:SurvivorRatio",            /* Sets the ratio of the survivor spaces */
    "-XX:MaxTenuringThreshol",      /* Determines how much the objects may age */
    "-XX:CMSMarkStackSize",
    "-XX:CMSMarkStackSizeMax",
    "-XX:+CMSClassUnloadingEnabled",/* It needs to be combined with -XX:+CMSPermGenSweepingEnabled */
    "-XX:+CMSIncrementalMode",      /* Enables the incremental mode */
    "-XX:CMSIncrementalDutyCycleMin",  /* The percentage which is the lower bound on the duty cycle */
    "-XX:+CMSIncrementalPacing",    /* Automatic adjustment of the incremental mode duty cycle */
    "-XX:CMSInitiatingOccupancyFraction",  /* Sets the threshold percentage of the used heap */
    "-XX:+UseConcMarkSweepGC",      /* Turns on concurrent garbage collection */
    "-XX:-ParallelRefProcEnabled",
    "-XX:ParallelGCThreads",        /* Sets the number of parallel GC threads */
    "-XX:ParallelCMSThreads",
    "-XX:+DisableExplicitGC",       /* Disable calls to System.gc() */
    "-XX:+UseCompressedOops",       /* Enables compressed references in 64-bit JVMs */
    "-XX:+UseG1GC",
    "-XX:GCPauseIntervalMillis",
    "-XX:MaxGCPauseMillis"          /* A hint to the virtual machine to pause times */
};

    编辑

    当时我们有这些论点:

    <j2se version="1.6.0+"
         initial-heap-size="${heap.init}"
         max-heap-size="${heap.max}"
         java-vm-args="-Djava.security.policy=${jnlp.ip}${jnlp.port}/ed/security/java.policy"/>

    问题出在-Djava.security.policy上,直到我从那里删除它才能理解弹出窗口 .

    NEW URL FOR java source jdk6.23

    回复于
  • 3

    在JAVA_OPTS中使用远程调试参数可能会导致弹出窗口

    -agentlib:jdwp=transport=dt_socket,address=localhost:8000,server=y,suspend=n

    回复于
  • 3

    我有以下参数并遇到同样的问题:

    -Xss4m -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5021

    删除它解决了它 .

    回复于

相关问题