java - 尽管使用 AllPermission java 策略，但反序列化对象时仍出现 SecurityException

Question

在我的 XPages 应用程序中，我通过序列化某些对象并将其保存到备份文档中的 MIME 实体来备份它们。为了稍后重新加载对象，我使用以下服务器端 JavaScript 函数进行反序列化:

var entity:NotesMIMEEntity=doc.getMIMEEntity(field);
if (!entity) return null;
var stream:NotesStream=session.createStream();
entity.getContentAsBytes(stream);
stream.setPosition(0);
var ois:java.io.ObjectInputStream=new java.io.ObjectInputStream(new java.io.ByteArrayInputStream(stream.read()));
var o=ois.readObject(); // ERROR OCCURS IN THIS LINE
ois.close();
entity.recycle();
doc.closeMIMEEntities(false,field);

当我尝试从流中读取对象时，会引发异常:

java.lang.SecurityException: Java bridge is not allowed

我已经在java.policy文件中设置了java.security.AllPermission，所以我不知道为什么会引发这个异常。我还发现只有当我在 Notes 客户端 中运行应用程序时才会出现此问题，但当我通过 Domino 服务器在浏览器中运行它时一切正常。

谁能告诉我如何解决这个问题？

PS:这是 SecurityException 的完整跟踪:

java.lang.SecurityException: Java bridge is not allowed
at com.ibm.jscript.types.JavaAccessObject.<init>(Unknown Source)
at com.ibm.jscript.types.FBSUtility.wrapAsObject(Unknown Source)
at com.ibm.jscript.types.FBSUtility.wrap(Unknown Source)
at com.ibm.jscript.types.FBSValue.readValue(Unknown Source)
at com.ibm.jscript.types.FBSDefaultObject.readExternal(Unknown Source)
at com.ibm.jscript.std.ObjectObject.readExternal(Unknown Source)
at java.io.ObjectInputStream.readExternalData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.ibm.jscript.types.JavaAccessObject.call(Unknown Source)
at com.ibm.jscript.types.FBSObject.call(Unknown Source)
at com.ibm.jscript.ASTTree.ASTCall.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTVariableDecl.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTTry.interpret(Unknown Source)
at com.ibm.jscript.std.FunctionObject._executeFunction(Unknown Source)
at com.ibm.jscript.std.FunctionObject.executeFunction(Unknown Source)
at com.ibm.jscript.std.FunctionObject.call(Unknown Source)
at com.ibm.jscript.types.FBSObject.call(Unknown Source)
at com.ibm.jscript.ASTTree.ASTCall.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTAssign.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTIf.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTTry.interpret(Unknown Source)
at com.ibm.jscript.std.FunctionObject._executeFunction(Unknown Source)
at com.ibm.jscript.std.FunctionObject.executeFunction(Unknown Source)
at com.ibm.jscript.std.FunctionObject.call(Unknown Source)
at com.ibm.jscript.types.FBSObject.call(Unknown Source)
at com.ibm.jscript.ASTTree.ASTCall.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTAssign.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTForIn.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTTry.interpret(Unknown Source)
at com.ibm.jscript.std.FunctionObject._executeFunction(Unknown Source)
at com.ibm.jscript.std.FunctionObject.executeFunction(Unknown Source)
at com.ibm.jscript.std.FunctionObject.call(Unknown Source)
at com.ibm.jscript.types.FBSObject.call(Unknown Source)
at com.ibm.jscript.ASTTree.ASTCall.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTBlock.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTTry.interpret(Unknown Source)
at com.ibm.jscript.std.FunctionObject._executeFunction(Unknown Source)
at com.ibm.jscript.std.FunctionObject.executeFunction(Unknown Source)
at com.ibm.jscript.std.FunctionObject.call(Unknown Source)
at com.ibm.jscript.types.FBSObject.call(Unknown Source)
at com.ibm.jscript.ASTTree.ASTCall.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTUnaryOp.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTIf.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTProgram.interpret(Unknown Source)
at com.ibm.jscript.ASTTree.ASTProgram.interpretEx(Unknown Source)
at com.ibm.jscript.JSExpression._interpretExpression(Unknown Source)
at com.ibm.jscript.JSExpression.access$1(Unknown Source)
at com.ibm.jscript.JSExpression$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Unknown Source)
at com.ibm.jscript.JSExpression.interpretExpression(Unknown Source)
at com.ibm.jscript.JSExpression.evaluateValue(Unknown Source)
at com.ibm.jscript.JSExpression.evaluateValue(Unknown Source)
at com.ibm.xsp.javascript.JavaScriptInterpreter.interpret(Unknown Source)
at com.ibm.xsp.binding.javascript.JavaScriptMethodBinding.invoke(Unknown Source)
at com.ibm.xsp.component.UIIncludeComposite.initBeforePageContents(Unknown Source)
at com.ibm.xsp.page.compiled.AbstractCompiledPage.initComponent(Unknown Source)
at com.ibm.xsp.page.compiled.AbstractCompiledPage.createTree(Unknown Source)
at com.ibm.xsp.page.compiled.AbstractCompiledPage.addComponent(Unknown Source)
at com.ibm.xsp.component.UIIncludeComposite.buildContents(Unknown Source)
at com.ibm.xsp.page.compiled.AbstractCompiledPage.initComponent(Unknown Source)
at com.ibm.xsp.page.compiled.CompiledComponentBuilder.buildChildren(Unknown Source)
at com.ibm.xsp.page.compiled.CompiledComponentBuilder.buildAll(Unknown Source)
at com.ibm.xsp.component.UIViewRootEx.buildContents(Unknown Source)
at com.ibm.xsp.component.UIViewRootEx2.buildContents(Unknown Source)
at com.ibm.xsp.page.compiled.AbstractCompiledPage.initComponent(Unknown Source)
at com.ibm.xsp.page.compiled.AbstractCompiledPage.createTree(Unknown Source)
at com.ibm.xsp.page.compiled.AbstractCompiledPage.createViewRoot(Unknown Source)
at com.ibm.xsp.application.ViewHandlerExImpl._createViewRoot(Unknown Source)
at com.ibm.xsp.application.ViewHandlerExImpl.createViewRoot(Unknown Source)
at com.ibm.xsp.application.ViewHandlerExImpl.doCreateView(Unknown Source)
at com.ibm.xsp.application.ViewHandlerEx.createView(Unknown Source)
at com.ibm.xsp.webapp.FacesServlet.serviceView(Unknown Source)
at com.ibm.xsp.webapp.FacesServletEx.serviceView(Unknown Source)
at com.ibm.xsp.webapp.FacesServlet.service(Unknown Source)
at com.ibm.xsp.webapp.FacesServletEx.service(Unknown Source)
at com.ibm.xsp.webapp.DesignerFacesServlet.service(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.ComponentModule.invokeServlet(Unknown Source)
at com.ibm.domino.xsp.module.nsf.NSFComponentModule.invokeServlet(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.ComponentModule$AdapterInvoker.invokeServlet(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.ComponentModule$ServletInvoker.doService(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.ComponentModule.doService(Unknown Source)
at com.ibm.domino.xsp.module.nsf.NSFComponentModule.doService(Unknown Source)
at com.ibm.domino.xsp.module.nsf.NSFService.doServiceInternal(Unknown Source)
at com.ibm.domino.xsp.module.nsf.NSFService.access$0(Unknown Source)
at com.ibm.domino.xsp.module.nsf.NSFService$NsfServiceRequest.call(Unknown Source)
at com.ibm.domino.xsp.module.nsf.NSFService$NsfServiceRequest.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at com.ibm.domino.xsp.module.nsf.NSFService$NsfServiceThread.run(Unknown Source)

Answer 1

这是在 Domino 9.0.x 中吗？

在 XPiNC 中，Java 安全设置不是由服务器管理，而是由相关 Notes 客户端管理。在用户安全设置中的其他人做什么>使用工作站选项卡上，R9 中为每个签名者添加了一个“加载 Java 代码”复选框。 XPiNC 应用程序的签名者需要勾选此项。