我有以下 HttpGet() 函数:
HttpGet request = new HttpGet(url);
request.setHeader("User-Agent", userAgent);
request.setHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
request.setHeader("Accept-Language", "en-US,en;q=0.5");
if (!cookies.equals(""))
request.setHeader("Cookie", this.cookies);
for (Map.Entry<String, String> header : tempHeaders.entrySet())
{
request.setHeader(header.getKey(), header.getValue());
}
tempHeaders.clear();
HttpResponse response = client.execute(request);
该函数是封装 Apache HttpClient 的 Browser() 类的一部分。当我在小程序查看器中运行小程序时,一切正常。但是,当我将小程序嵌入到页面中时,出现以下异常:
java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:80" "connect,resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:117)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
**at vidinstant.HttpBrowser.Get(HttpBrowser.java:60)**
at vidinstant.ServerThread$1.run(ServerThread.java:201)
at vidinstant.ServerThread$1.run(ServerThread.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at vidinstant.ServerThread.GetLink(ServerThread.java:196)
at vidinstant.ServerThread.run(ServerThread.java:95)
您可以看到异常的“来源”位于 Browser 类中的第 60 行,更准确地说,是上面代码摘录中的这一行:
HttpResponse response = client.execute(request);
我已经对小程序 .jar 进行了自签名, list 文件中包含“权限:所有权限”行。
为什么会出现此异常以及访问被拒绝?在浏览器中运行该小程序的用户单击“允许”和“不阻止”,但它仍然不起作用。 Apache 的库 .jar 也必须签名吗?他们的 list 中是否需要拥有“所有权限”?如何获得运行此类功能的权限,而用户不必摆弄他们的 Java 策略文件?
最佳答案
Do Apache's library .jars have to be signed too?
是的。不允许“90%”安全。部署的代码要么被认为是安全的,要么是不安全的。
关于Java 小程序 AccessControlException (apache httpclient),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20588856/