发表新帖
发表新帖

signed applet gives AccessControlException: access denied, when calling from javascript

后端 未结
关注
4 2071
名媛妹妹
名媛妹妹 2020-12-11 08:21

I have an easy self-signed an applet (done with keytool and the jarsigner):

public class NetAppletLauncher extends JApplet {

    private static final long s
相关标签:
4条回答
  • 佛祖请我去吃肉
    2020-12-11 08:30

    Solved the problem with, in Java:

    exec(getParameter("command"));

    and then in JavaScript:

    <script type="text/javascript">

function exec( command ) {

    var applet = "<applet id='applet' style='visibility: hidden' name='applet' archive='NetAppletLauncher4.jar' code='src.NetsetAppletLauncher' width='20' height='20' MAYSCRIPT ><param name='command' value='" + command + "' />Sorry, you need a Java-enabled browser.</applet>";

    var body = document.getElementsByTagName("body")[0];
    var div = document.createElement("div");
    div.innerHTML = applet;
    body.appendChild(div);

}

</script>
    0 讨论(0)
  • 無奈伤痛
    2020-12-11 08:38

    Actually, calling applet from javascript behaves as calling unsigned applet (as specified in the jsnote: http://docs.oracle.com/javase/tutorial/deployment/applet/security.html#jsNote. That is fine and is valid when you're using a class you are not allowed to change, but since you're the author of the java class you can always wrap that specific method you need to call from javascript to be executed in the privileged mode, like this:

    AccessController.doPrivileged(new PrivilegedAction<String>() {
    @Override
    public String run() {
        exec(command);
        return null;
    }
});

    And it should work ok. (This is what is suggested in the upvoted comment by @Jean-Philippe Jodoin but the link provided there is broken)

    0 讨论(0)
  • 一个人的身影
    2020-12-11 08:39

    I agree : it is prohibited to manipulate a signed applet from javascript, and the workaround is to rewrite the applet tag in javascript in the page document.

    I found this source with a bit of theory proving we are right http://docs.oracle.com/javase/tutorial/deployment/applet/security.html#jsNote

    0 讨论(0)
  • 感情败类
    2020-12-11 08:48

    The Java 2 security model requires (roughly) that every frame on the stack must be granted a permission for the access control context (acc) to have that permission. JavaScript is on the stack and does not have file access permissions.

    0 讨论(0)
 看不清?
提交回复
热议问题