问题描述

我最近在通过 JNLP 启动我的应用程序时遇到了一个问题.我现在把它缩小到一个 java.security.AccessControlException，它拒绝我关闭我的 ExecuterService.

I recently stumbled across a problem when starting my application via JNLP. I now narrowed it down to a java.security.AccessControlException, which denies me to shut down my ExecuterService.

所以，我做了一些阅读，发现我需要权限 (modifyThread) 才能成功关闭服务.我还发现我应该使用 <security>-tag(在 JNLP 文件中)来请求它，但我对如何使用感到有些困惑.

So, I did some reading and found out that I'll need the permission (modifyThread) to successfully shut down the service. I also found out that I should use the <security>-tag (in the JNLP-file) to request it, but I'm a little confused about how.

标签文档 说:

[...] 如果指定了 all-permissions 元素，应用程序将拥有对客户端计算机和本地网络的完全访问权限.如果应用程序请求完全访问，那么所有 JAR 文件必须是签名.将提示用户 [...]

通过阅读本文，我觉得我可以选择获得all 或no 权限……这似乎是一个令人困惑的实现.因为我只需要一个来关闭我的服务.

From reading this it seems to me, that I can choose to either get all or no permissions... which seems like a confusing Implementation. Because I only need the one to shutdown my service.

我还阅读了这篇文章，告诉我我不应该请求所有权限，因为我会打开用户计算机以获取恶意代码.

I also read this article, telling me that I should not request all permissions, because I would then open up the users computer for malicious code.

那么，有没有一种方法可以指定我只需要特定的权限(modifyThread)并且因此不需要对我的 jar 进行签名?还是我必须采用签署我的罐子并要求一切"的方法?

So, is there a way to specify that I only need the specific permission (modifyThread) and I therefor don't need to sign my jar? Or will I have to go with the "sign my jar and request everything"-approach?

推荐答案

是的.JWS 权限分为 3 个级别，唯一允许修改线程的级别是 all-permissions.

Yes. JWS permissions come in 3 levels, the only one where modifying threads is permitted, is all-permissions.

• 沙盒化.提供非常有限的环境.仅允许使用 JNLP API 服务访问打印机和本地文件系统等内容，这些服务在提示用户后提供更有限的 File 形式.带着窗户横幅来.只能与自己的服务器通信.
• j2ee-application-client-permissions - 提供那些不提示的 JNLP API 服务(在用户接受数字签名代码后)移除窗口横幅.
• all-permissions - 几乎任何东西，包括替换现有的安全管理器(是的，即使所有权限"代码在 JWS 中也有一个安全管理器 - 这只是非常宽容).

• Sand-boxed. Provides a very limited environment. Access to things like printers and the local file-system is only permitted using the JNLP API services, which provide more limited forms of File after prompting the user. Come with window banners. Can only communicate with own server.
• j2ee-application-client-permissions - provide those JNLP API services unprompted (after the user accepts the digitally signed code) removes the window banners.
• all-permissions - pretty much anything, including replacing the existing security manager (yes, even 'all permissions' code gets a security manager in JWS - it is just very lenient).

还从 JNLP 中获取链接 &JWS 页面.我个人可以推荐这些总结和链接.

Also chase the links from the JNLP & JWS pages. I can personally recommend those summaries & links.

这篇关于JNLP 获得许可的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！