使用外部文档执行 XSLT 时,签名的 Applet 会抛出 AccessControlException()
我想获得有关签名小程序 + XSL 转换的帮助
我有一个签名小程序(带有 1 个 JAR 文件),它执行 XSL 转换,其中输入 XML、XSL 和输出在本地文件系统。 进行了尝试
- 我已经使用 JRE 1.5.0_22
- 1.6.0_29
- 1.7.0_01
,结果是相同的:
当我的 XSL 文件包含对外部 XML 文档的引用时:
<xsl:variable name="extXML" select="document('/tmp/A.XML')"/>
<xsl:value-of select="$extXML/Child"/>
转换失败:
com.sun.org.apache.xalan.internal.xsltc.TransletException: java.security.AccessControlException: access denied (java.io.FilePermission /tmp/A.XML read)
at com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.documentF(LoadDocument.java:142)
at in.topLevel()
at in.transform()
at com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet.transform(AbstractTranslet.java:603)
at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:709)
at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:313)
at myxsltapplet.MyXSLTApplet.xsltTransform(MyXSLTApplet.java:66)
如果对外部 XML 文档的引用被注释掉一切都很好。 使用策略文件可以解决这个问题,但不幸的是这不是一个选择。
我已经实现了 URIResolver 我设置为TransformerFactory 但我也得到了 AccessControlException 。
在小程序中,我检索了 SecurityManager 和它的 AccessControlContext 并注销了他们的哈希码:
SecurityManager: sun.plugin2.applet.Applet2SecurityManager@103fcaa
getSecurityContext(): java.security.AccessControlContext@17b2b2
我在我的身上做了同样的事情URIResolver 实现和 AccessControlContext 已更改:
SecurityManager: sun.plugin2.applet.Applet2SecurityManager@103fcaa
getSecurityContext(): java.security.AccessControlContext@ede64c
在原始 AccessControlContext 上调用 checkPermission 运行时不会出现异常。
在我的 URIResolver 中可访问的新 AccessControlContext 上调用 checkPermission:
AccessControlContext acc = (AccessControlContext) System.getSecurityManager().getSecurityContext();
acc.checkPermission(new FilePermission("/tmp/A.XML", "read"));
throws:
ERROR: 'java.security.AccessControlException: access denied (java.io.FilePermission /tmp/A.XML read)'
这是正常现象还是错误? 谢谢你的任何想法,
I would like to get help on signed applet + XSL transformation
I have a signed applet (with 1 JAR file) that performs XSL transformation where the input XML, the XSL and the output is read/written on the local file system.
I have already tried it with JRE
- 1.5.0_22
- 1.6.0_29
- 1.7.0_01
and the result is the same:
When my XSL file contains a reference to an external XML document:
<xsl:variable name="extXML" select="document('/tmp/A.XML')"/>
<xsl:value-of select="$extXML/Child"/>
the transformation fails:
com.sun.org.apache.xalan.internal.xsltc.TransletException: java.security.AccessControlException: access denied (java.io.FilePermission /tmp/A.XML read)
at com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.documentF(LoadDocument.java:142)
at in.topLevel()
at in.transform()
at com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet.transform(AbstractTranslet.java:603)
at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:709)
at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:313)
at myxsltapplet.MyXSLTApplet.xsltTransform(MyXSLTApplet.java:66)
If this reference to external XML document is commented out everything work just fine.
Using a policy file solves this problem but unfortunately this is not an option.
I have implemented a URIResolver that I set for the TransformerFactory but I also get AccessControlException in it.
In the applet I have retrieved the SecurityManager and its AccessControlContext and logged out their hashcode:
SecurityManager: sun.plugin2.applet.Applet2SecurityManager@103fcaa
getSecurityContext(): java.security.AccessControlContext@17b2b2
I did the same in my URIResolver implementation and the AccessControlContext has changed:
SecurityManager: sun.plugin2.applet.Applet2SecurityManager@103fcaa
getSecurityContext(): java.security.AccessControlContext@ede64c
Calling checkPermission on the original AccessControlContext runs without exception.
Calling checkPermission on the new AccessControlContext accessible in my URIResolver:
AccessControlContext acc = (AccessControlContext) System.getSecurityManager().getSecurityContext();
acc.checkPermission(new FilePermission("/tmp/A.XML", "read"));
throws:
ERROR: 'java.security.AccessControlException: access denied (java.io.FilePermission /tmp/A.XML read)'
Is it a normal thing or a bug?
Thanks for any idea,
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
通常会阻止在浏览器中运行的软件访问本地文件。以下是原因的一些解释:
Software that runs in the browser is normally prevented from accessing local files. Here are some explanations of why: