小程序

小程序

关注
发信
关注(28)粉丝(399)

“访问被拒绝"从浏览器小程序使用 JDBC 时

本文介绍了“访问被拒绝"从浏览器小程序使用 JDBC 时的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 Java 小程序,可以查询 Oracle 数据库中的数据.从 IDE 内部运行时,它运行良好.但是当我将它作为嵌入在网页中的小程序运行时,我在类加载器中收到拒绝访问"错误,而且我不知道它对我的要求是什么:

I have a java applet that queries an Oracle database for data. When run from inside an IDE, it functions just fine. But when I run it as an applet embedded in a webpage, I get an "access denied" error in the class loader, and I haven't the foggiest notion what it is requiring of me:

Sep 06, 2011 12:58:48 PM oracle.jdbc.driver.OracleDriver registerMBeans
WARNING: Error while registering Oracle JDBC Diagnosability MBean.
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
                at java.security.AccessControlContext.checkPermission(Unknown Source)
                at java.security.AccessController.checkPermission(Unknown Source)
                at java.lang.SecurityManager.checkPermission(Unknown Source)
                at java.lang.Thread.getContextClassLoader(Unknown Source)
                at oracle.jdbc.driver.ClassRef.<init>(ClassRef.java:75)
                at oracle.jdbc.driver.ClassRef.newInstance(ClassRef.java:51)
                at oracle.jdbc.driver.OracleDriver.registerMBeans(OracleDriver.java:311)
                at oracle.jdbc.driver.OracleDriver$1.run(OracleDriver.java:199)
                at java.security.AccessController.doPrivileged(Native Method)
                at oracle.jdbc.driver.OracleDriver.<clinit>(OracleDriver.java:195)
                at java.lang.Class.forName0(Native Method)
                at java.lang.Class.forName(Unknown Source)
                at com.binderton.oracle.ConnectionManager.open(ConnectionManager.java:17)
                at com.sun.javafx.applet.FXApplet2$2.run(Unknown Source)
                at com.sun.javafx.application.PlatformImpl$3.run(Unknown Source)
                at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
                at com.sun.glass.ui.win.WinApplication.access$100(Unknown Source)
                at com.sun.glass.ui.win.WinApplication$1$1.run(Unknown Source)
                at java.lang.Thread.run(Unknown Source)
java.lang.ExceptionInInitializerError
                at java.lang.Class.forName0(Native Method)
                at java.lang.Class.forName(Unknown Source)
                at com.binderton.oracle.ConnectionManager.open(ConnectionManager.java:17)
                at com.sun.javafx.applet.FXApplet2$2.run(Unknown Source)
                at com.sun.javafx.application.PlatformImpl$3.run(Unknown Source)
                at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
                at com.sun.glass.ui.win.WinApplication.access$100(Unknown Source)
                at com.sun.glass.ui.win.WinApplication$1$1.run(Unknown Source)
                at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" getClassLoader")
                at java.security.AccessControlContext.checkPermission(Unknown Source)
                at java.security.AccessController.checkPermission(Unknown Source)
                at java.lang.SecurityManager.checkPermission(Unknown Source)
                at java.lang.Thread.getContextClassLoader(Unknown Source)
                at oracle.jdbc.driver.ClassRef.<init>(ClassRef.java:75)
                at oracle.jdbc.driver.ClassRef.newInstance(ClassRef.java:51)
                at oracle.jdbc.driver.OracleDriver.<clinit>(OracleDriver.java:260)
                ... 12 more
Got ErrorEvent[url=null label=Failed to start application. cause=null

推荐答案

Applet 在具有非常严格的安全规则的环境中运行.您至少需要签署您的小程序.

Applets runs in an environment with very restrictive security rules. You need at least to sign your applet.

但是,这里的问题更大,在小程序中执行 JDBC 是一个非常糟糕的主意.小程序的源代码是公开可用的,因此很容易被黑客入侵.您应该真正为此创建一个网络服务,然后让您的小程序访问该网络服务.使用网络服务,您的小程序将能够仅通过 HTTP 请求/响应与数据库交换信息.使用 Web 服务,您可以向公众隐藏数据库访问详细信息、JDBC 和 SQL 代码.

But, the problem is bigger here, doing JDBC inside an applet is a very bad idea. The applet's source code is publicitly available and is thus sensitive for easy hacks. You should really create a webservice for that instead and then let your applet access that webservice instead. With a webservice, your applet will be able to exchange information with the DB by just HTTP requests/responses. With a webservice you hide the DB access details, JDBC and SQL code from the public.

具体如何创建网络服务取决于服务器环境和使用的编程语言.例如,在 Java EE 中,您已经可以为此使用一个简单的 Servlet,而且 JAX-RS 和 JAX-WS 分别支持 restful (XML/JSON) 和 XML Web 服务.小程序没有任何安全限制,允许连接其地址可通过 getCodeBase() 例如

How exactly to create a webservice depends on the server environment and the programming language used. In Java EE for example, you could already use a simple Servlet for this, but also JAX-RS and JAX-WS is supported for restful (XML/JSON) and XML webservices respectively. An applet is without any security restrictions allowed to connect with its host whose address is available by getCodeBase() E.g.

InputStream response = new URL(getCodeBase(), "servlet?foo=bar").openStream();
// ...

这篇关于“访问被拒绝"从浏览器小程序使用 JDBC 时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-15 09:06
Powered by LMLPHP ©2024 小程序 0.001724