当前位置: 文江博客话题详情

如何通过JNLP给java小程序授予所有权限而不弹窗

发布于 2024-11-19 04:12:15 字数 476 浏览 6 评论 0原文

我们正在使用 jnlp 启动一个小程序 小程序需要加载原生库 jar 和 jnlp 使用自行生成的证书进行签名。 jnlp 授予所有权限与

<security>
     <all-permissions/>
</security>

策略文件授予所有权限 授予 { 权限 java.security.AllPermission; };

我们收到一个弹出对话框“java安全警告” 也就是说:该应用程序将执行不安全的操作。您想继续吗?

继续或取消(请参阅随附的屏幕截图)

在此处输入图像描述

没有“始终允许”按钮

这意味着该对话框“每次”启动小程序时都会弹出。这对于用户来说很烦人。

可以采取什么措施来禁止弹出此对话框或使其最多出现一次?

原文

We are launching an applet using jnlp
The applet needs to load a native library
The jar and the jnlp are signed with a self generated certificate.
The jnlp grants all permission with

<security>
     <all-permissions/>
</security>

The policy file grants all permissions
grant {
permission java.security.AllPermission;
};

We are getting a popup dialog “ java security warning”
That says: this application is going to perform an insecure operation. Do you want to continue ?

Continue or cancel (see attached screen shot)

enter image description here

There is no “allow always” button

Which means that the dialog pops up “every time” the applet is launched. This is annoying to the user.

What can be done to disable this dialog to pop up or to make it appear at most once?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

软的没边 2024-11-26 04:12:15

如何才能禁止弹出此对话框或使其最多出现一次?

使用经过可信机构验证的证书。禁用/忽略自签名证书的“始终允许”字段是 Oracle 不太可能更改的决定。

What can be done to disable this dialog to pop up or to make it appear at most once?

Use a certificate that has been verified by a trusted authority. Disabling/ignoring the 'always allow' field for self-signed certificates is a decision by Oracle that they are unlikely to change.

回复 原文
初心 2024-11-26 04:12:15

实际上,我们在 JNLP 参数上遇到了问题。您不能在 JNLP jre args 参数中指定任何参数,否则您将收到安全警告。

为了避免弹出安全警告,请使用第 638 行列表中的属性和 JVM 参数:
http:// javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/config/Config.java.html

在您的 JNLP 上,如果 JVM 参数如果包含其中未列出的内容,即使您正确签署了证书,您也会收到弹出窗口。这一切都归结为使用“安全”参数+正确的证书就可以了。

编辑

URL 已被删除,所以这里是有效的参数:

// note: this list MUST correspond to native secure.c file
private static String[] secureVmArgs = {
    "-d32",                         /* use 32-bit data model if available */
    "-client",                      /* to select the "client" VM */
    "-server",                      /* to select the "server" VM */
    "-verbose",                     /* enable verbose output */
    "-version",                     /* print product version and exit */
    "-showversion",                 /* print product version and continue */
    "-help",                        /* print this help message */
    "-X",                           /* print help on non-standard options */
    "-ea",                          /* enable assertions */
    "-enableassertions",            /* enable assertions */
    "-da",                          /* disable assertions */
    "-disableassertions",           /* disable assertions */
    "-esa",                         /* enable system assertions */
    "-enablesystemassertions",      /* enable system assertions */
    "-dsa",                         /* disable system assertione */
    "-disablesystemassertions",     /* disable system assertione */
    "-Xmixed",                      /* mixed mode execution (default) */
    "-Xint",                        /* interpreted mode execution only */
    "-Xnoclassgc",                  /* disable class garbage collection */
    "-Xincgc",                      /* enable incremental gc. */
    "-Xbatch",                      /* disable background compilation */
    "-Xprof",                       /* output cpu profiling data */
    "-Xdebug",                      /* enable remote debugging */
    "-Xfuture",                     /* enable strictest checks */
    "-Xrs",                         /* reduce use of OS signals */
    "-XX:+ForceTimeHighResolution", /* use high resolution timer */
    "-XX:-ForceTimeHighResolution", /* use low resolution (default) */
    "-XX:+PrintGCDetails",          /* Gives some details about the GCs */
    "-XX:+PrintGCTimeStamps",       /* Prints GCs times happen to the start of the application */
    "-XX:+PrintHeapAtGC",           /* Prints detailed GC info including heap occupancy */
    "-XX:PrintCMSStatistics",       /* If > 0, Print statistics about the concurrent collections */
    "-XX:+PrintTenuringDistribution",  /* Gives the aging distribution of the allocated objects */
    "-XX:+TraceClassUnloading",     /* Display classes as they are unloaded */
    "-XX:SurvivorRatio",            /* Sets the ratio of the survivor spaces */
    "-XX:MaxTenuringThreshol",      /* Determines how much the objects may age */
    "-XX:CMSMarkStackSize",
    "-XX:CMSMarkStackSizeMax",
    "-XX:+CMSClassUnloadingEnabled",/* It needs to be combined with -XX:+CMSPermGenSweepingEnabled */
    "-XX:+CMSIncrementalMode",      /* Enables the incremental mode */
    "-XX:CMSIncrementalDutyCycleMin",  /* The percentage which is the lower bound on the duty cycle */
    "-XX:+CMSIncrementalPacing",    /* Automatic adjustment of the incremental mode duty cycle */
    "-XX:CMSInitiatingOccupancyFraction",  /* Sets the threshold percentage of the used heap */
    "-XX:+UseConcMarkSweepGC",      /* Turns on concurrent garbage collection */
    "-XX:-ParallelRefProcEnabled",
    "-XX:ParallelGCThreads",        /* Sets the number of parallel GC threads */
    "-XX:ParallelCMSThreads",
    "-XX:+DisableExplicitGC",       /* Disable calls to System.gc() */
    "-XX:+UseCompressedOops",       /* Enables compressed references in 64-bit JVMs */
    "-XX:+UseG1GC",
    "-XX:GCPauseIntervalMillis",
    "-XX:MaxGCPauseMillis"          /* A hint to the virtual machine to pause times */
};

编辑

当时我们有这些参数:

    <j2se version="1.6.0+"
         initial-heap-size="${heap.init}"
         max-heap-size="${heap.max}"
         java-vm-args="-Djava.security.policy=${jnlp.ip}${jnlp.port}/ed/security/java.policy"/>

问题出在 -Djava.security.policy 上,我无法理解弹出窗口,直到我从那里删除它。

java 源 jdk6.23 的新 URL

We had a problem with the JNLP arguments actually. You cannot specify any argument in the JNLP jre args parameter otherwise you'll get the security warning.

To avoid security warning popup use the properties and JVM arguments from the lists located from line 638:
http://javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/config/Config.java.html

On your JNLP, if the JVM arguments include something that is not listed in there, you will get the popup even if you properly sign the certificate. It all boils down to using 'secured' parameters + a proper certificate and it will be ok.

EDIT

The URL was removed so here are the valid arguments:

// note: this list MUST correspond to native secure.c file
private static String[] secureVmArgs = {
    "-d32",                         /* use 32-bit data model if available */
    "-client",                      /* to select the "client" VM */
    "-server",                      /* to select the "server" VM */
    "-verbose",                     /* enable verbose output */
    "-version",                     /* print product version and exit */
    "-showversion",                 /* print product version and continue */
    "-help",                        /* print this help message */
    "-X",                           /* print help on non-standard options */
    "-ea",                          /* enable assertions */
    "-enableassertions",            /* enable assertions */
    "-da",                          /* disable assertions */
    "-disableassertions",           /* disable assertions */
    "-esa",                         /* enable system assertions */
    "-enablesystemassertions",      /* enable system assertions */
    "-dsa",                         /* disable system assertione */
    "-disablesystemassertions",     /* disable system assertione */
    "-Xmixed",                      /* mixed mode execution (default) */
    "-Xint",                        /* interpreted mode execution only */
    "-Xnoclassgc",                  /* disable class garbage collection */
    "-Xincgc",                      /* enable incremental gc. */
    "-Xbatch",                      /* disable background compilation */
    "-Xprof",                       /* output cpu profiling data */
    "-Xdebug",                      /* enable remote debugging */
    "-Xfuture",                     /* enable strictest checks */
    "-Xrs",                         /* reduce use of OS signals */
    "-XX:+ForceTimeHighResolution", /* use high resolution timer */
    "-XX:-ForceTimeHighResolution", /* use low resolution (default) */
    "-XX:+PrintGCDetails",          /* Gives some details about the GCs */
    "-XX:+PrintGCTimeStamps",       /* Prints GCs times happen to the start of the application */
    "-XX:+PrintHeapAtGC",           /* Prints detailed GC info including heap occupancy */
    "-XX:PrintCMSStatistics",       /* If > 0, Print statistics about the concurrent collections */
    "-XX:+PrintTenuringDistribution",  /* Gives the aging distribution of the allocated objects */
    "-XX:+TraceClassUnloading",     /* Display classes as they are unloaded */
    "-XX:SurvivorRatio",            /* Sets the ratio of the survivor spaces */
    "-XX:MaxTenuringThreshol",      /* Determines how much the objects may age */
    "-XX:CMSMarkStackSize",
    "-XX:CMSMarkStackSizeMax",
    "-XX:+CMSClassUnloadingEnabled",/* It needs to be combined with -XX:+CMSPermGenSweepingEnabled */
    "-XX:+CMSIncrementalMode",      /* Enables the incremental mode */
    "-XX:CMSIncrementalDutyCycleMin",  /* The percentage which is the lower bound on the duty cycle */
    "-XX:+CMSIncrementalPacing",    /* Automatic adjustment of the incremental mode duty cycle */
    "-XX:CMSInitiatingOccupancyFraction",  /* Sets the threshold percentage of the used heap */
    "-XX:+UseConcMarkSweepGC",      /* Turns on concurrent garbage collection */
    "-XX:-ParallelRefProcEnabled",
    "-XX:ParallelGCThreads",        /* Sets the number of parallel GC threads */
    "-XX:ParallelCMSThreads",
    "-XX:+DisableExplicitGC",       /* Disable calls to System.gc() */
    "-XX:+UseCompressedOops",       /* Enables compressed references in 64-bit JVMs */
    "-XX:+UseG1GC",
    "-XX:GCPauseIntervalMillis",
    "-XX:MaxGCPauseMillis"          /* A hint to the virtual machine to pause times */
};

EDIT

At the time we had these arguments:

    <j2se version="1.6.0+"
         initial-heap-size="${heap.init}"
         max-heap-size="${heap.max}"
         java-vm-args="-Djava.security.policy=${jnlp.ip}${jnlp.port}/ed/security/java.policy"/>

The problem was with -Djava.security.policy, and I couldn't understand the popup until I removed it from there.

NEW URL FOR java source jdk6.23

回复 原文
那些过往 2024-11-26 04:12:15

在 JAVA_OPTS 中使用远程调试参数可能会导致弹出此消息

-agentlib:jdwp=transport=dt_socket,address=localhost:8000,server=y,suspend=n

Using the remote debug parameters in JAVA_OPTS can cause this pop-up

-agentlib:jdwp=transport=dt_socket,address=localhost:8000,server=y,suspend=n

回复 原文
木格 2024-11-26 04:12:15

我有以下参数并遇到了同样的问题:

-Xss4m -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5021

删除它们解决了它。

I had the following params and got the same problem:

-Xss4m -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5021

Removing them solved it.

回复 原文
~没有更多了~

关于作者

奶茶白久

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文