问题描述

我已阅读无处不在未签名的Java小程序不得向任何服务器，但它起源applet的一个网络连接。这是我的应用程序确定，因为我的小程序只需要与服务器会话。然而，当我写了一个小程序测​​试，试图打开一个插座，我的开发计算机上的进程通信时，它抛出以下异常：

I have read everywhere that unsigned Java applets are not allowed to make network connections to any server but the one which originated the applet. This is OK for my application since my applet only needs to talk to the server. However, when I wrote a test applet to try opening a socket to communicate with a process on my development machine, it throws the following exception:

Error establishing socket connection:
java.security.AccessControlException:
  access denied (java.net.SocketPermission 127.0.0.1:11000 connect,resolve)

在code这引起了异常：

The code which caused the exception:

private void sendMsg(String msg) {
   Socket s = null;
   try {
      s = new Socket("localhost", 11000);
   }
   catch (Exception e) {
      System.err.println("Error establishing socket connection:");
      e.printStackTrace();
      return;
   }

   try {
      OutputStream out = s.getOutputStream();
      out.write(msg.getBytes());
      out.flush();
      s.shutdownOutput();
      s.close();
   }
   catch (Exception e) {
      System.err.println("Error in writing to the socket:");
      e.printStackTrace();
   }

起初我还以为是我的经验不足造成了我想念我的code的一个问题。不过，我得到试图运行的的例子。这使我相信，我其实有一个设置问题，或者默认的安全限制的误解。是否默认的安全管理器prevent您打开插座的机器运行，即使它也是服务于小程序的计算机的小程序？如果是这样，这是我的一个问题，因为部署的系统将需要允许用户记录在实际的服务器上以使用远程用户将使用相同​​的小程序。有没有我越来越不涉及签署applet的异常周围的方法吗？我不想去的麻烦，如果没有必要的。

At first I thought it was a problem in my code that my inexperience had caused me to miss. However, I get the same exception when trying to run the Talk Server example from the official Java Tutorials. This leads me to believe that I actually have a setup problem, or a misunderstanding of the default security restrictions. Does the default security manager prevent you from opening sockets to the machine running the applet even if it is also the machine serving the applet? If so, that is a problem for me because the deployed system will need to allow a user logged in on the actual server to use the same applet that a remote user would use. Is there a way around the exception I'm getting that doesn't involve signing the applet? I don't want to go to the trouble if not necessary.

注意：我知道这将是最好不要让用户从服务器访问小程序。这不是原来的设计，但实际的考虑不幸被迫对我这个实现的妥协。

NOTE: I know it would be better not to have users access the applet from the server. That wasn't the original design, but practical considerations unfortunately forced this implementation compromise on me.

的更新：的从一个Web服务器查看applet的页面解决问题。即使服务器为localhost。在Java中1.6.0_11该安全更新只适用于直接从本地文件系统加载的小程序。

UPDATE: Viewing the applet's page from a webserver solves the problem. Even if the server is localhost. The security update in Java 1.6.0_11 only applies to applets loaded directly from the local file system.

推荐答案

这是由于在最近的安全更新推出的插件中的变化。抱歉!从本地文件系统加载的小程序不再授予套接字权限到本地主机。

This is due to a change in the PlugIn introduced in a recent security update. Sorry! Applets loaded from the local file system are no longer granted socket permissions to localhost.

Java运行时环境（JRE）
  允许从本地加载code
  文件系统访问本地主机。这个
  可允许code是恶意
  放置在本地文件系统和
  随后运行，具有网络
  访问本地主机的不会
  否则被允许如果code组
  从远程主机加载。这可能是
  杠杆来窃取cookie并劫持
  会话（该地图的名称域
  本地主机）。

这篇关于Socket连接到未签名的Java小程序的源服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！