java - 小程序可以动态加载jar吗？

Question

我想在单击小程序上的特定按钮时加载 jar。

我想避免在加载小程序时提示用户针对 jar 的安全警告，但单击按钮时应该出现警告。

我正在使用 WebStart。

代码及错误如下。

    Policy.setPolicy(new Policy() {
        public PermissionCollection getPermissions(CodeSource codesource) {
            Permissions perms = new Permissions();
            perms.add(new AllPermission());
            return (perms);
        }

        public void refresh() {
        }
    });

    System.setSecurityManager(null);

    ClassLoader wcl = MainApplet.class.getClassLoader();

    URL[] urls = new URL[1];
    String protocol="http";
    String host="localhost";
    int port = 8080;
    String file = "MB/download/ubikey-1.0.2.5.jar";
    //      String url = URLEncoder("http://localhost:11090/MultiToolkitDemo/download/ubikey-1.0.2.5.jar");
    urls[0] = new URL(protocol, host, port, file);


    try {
        ds = (DownloadService) ServiceManager
                .lookup("javax.jnlp.DownloadService");

        // determine if a particular resource is cached
        URL url = new URL(
                "http://localhost:8080/MB/download/ubikey-1.0.2.5.jar");
        boolean cached = ds.isResourceCached(url, "1.0");
        // remove the resource from the cache
        if (cached) {
            ds.removeResource(url, "1.0");
        }
        // reload the resource into the cache
        DownloadServiceListener dsl = ds.getDefaultProgressWindow();
        ds.loadResource(url, "1.0", dsl);
    } catch (Exception e) {
        e.printStackTrace();
    }
    URLClassLoader cl = new URLClassLoader(urls, wcl);
    try {
        cl.loadClass("kr.co.JUBIKey.JUBIKeyManager");
    } catch (ClassNotFoundException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    }

错误如下。

cache: MemoryCache replacing http://localhost:8080/MB/download/ubikey-1.0.2.5.jar (refcnt=2). Was: URL: http://localhost:8080/MB/download/ubikey-1.0.2.5.jar | /Users/rnd/Library/Application Support/Oracle/Java/Deployment/cache/6.0/14/2e04ea0e-6e999798-1.0-.idx Now: URL: http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz | /Users/rnd/Library/Application Support/Oracle/Java/Deployment/cache/6.0/32/5c664da0-4e2b1d6e.idx
cache: Reading Signers from 3607 http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz | /Users/rnd/Library/Application Support/Oracle/Java/Deployment/cache/6.0/32/5c664da0-4e2b1d6e.idx
cache: Done readSigners(http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz)
cache:  Read manifest for http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz: read=130 full=7460
basic: Plugin2ClassLoader.isTrustedByPolicy called 
basic: Plugin2ClassLoader.isTrustedByPolicy returns false 
security: resource name "kr/co/JUBIKey/JUBIKeyManager.class" in http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz : java.lang.SecurityException: attempted to open sandboxed jar http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz as a Trusted-Library
Exception in thread "AWT-EventQueue-2" java.lang.SecurityException: attempted to open sandboxed jar http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz as a Trusted-Library
    at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.JNLP2ClassLoader.findClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    at com.ktnet.pki.multibrowser.util.JnlpUtil.loadJar(JnlpUtil.java:69)
    at com.ktnet.pki.multibrowser.dialog.SelectCertificateDlg$10.run(SelectCertificateDlg.java:1945)
    at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:251)
    at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:733)
    at java.awt.EventQueue.access$200(EventQueue.java:103)
    at java.awt.EventQueue$3.run(EventQueue.java:694)
    at java.awt.EventQueue$3.run(EventQueue.java:692)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:703)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
    at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)

Answer 1

I want to avoid user to be prompted with security warning against the jar when the applet is loaded, but warning should be appeared when the button is clicked.

不。那不是一个选择。安全检查在应用程序之前执行。使其出现在屏幕上。