一些用户获得安全exception:尝试将沙盒jar打开为Trusted-Library
我们在应用程序登录页面上使用applet。 Applet包含2个类。 Jar已签署(ca证书)。 清单文件包含:“Trusted-Library:true。
它适用于大多数用户,但有些用户遇到applet问题,因为JVM报告安全例外:尝试将沙盒jar打开为Trusted-Library。
你知道它为什么不适合他们吗?
例如,User1具有Java插件10.21.2.11 JRE版本1.7.0_21-b11 Java HotSpot(TM)客户端VM。 他尝试使用Firefox 21和IE 8.0.6001.18702。
JVM报告一般exception:
basic: Plugin2ClassLoader.addURL parent called for https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar basic: Plugin2ClassLoader.addURL parent called for https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar security: Accessing keys and certificate in Mozilla user profile: null security: JSS is not configured security: Blacklist revocation check is enabled security: blacklist: created: NEED_LOAD, lastModified: 1374827364000 security: blacklist: hasBeenModifiedSince 1374827396921 (we have 1374827364000) security: Trusted libraries list check is enabled security: blacklist: hasBeenModifiedSince 1374827583375 (we have 1374827364000) network: Cache entry found [url: https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar, version: null] prevalidated=false/0 cache: Adding MemoryCache entry: https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar cache: Resource https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar has expired. network: Connecting https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar with proxy=DIRECT security: blacklist: hasBeenModifiedSince 1374827435937 (we have 1374827364000) security: blacklist: hasBeenModifiedSince 1374827390640 (we have 1374827364000) security: blacklist: hasBeenModifiedSince 1374827583375 (we have 1374827364000) network: CleanupThread used 268961 us network: Connecting http://www.sod.pfron.org.pl:443/ with proxy=DIRECT security: Loading Root CA certificates from C:\Program Files\Java\jre1.7.0_21\lib\security\cacerts security: Loaded Root CA certificates from C:\Program Files\Java\jre1.7.0_21\lib\security\cacerts security: Loading SSL Root CA certificates from C:\Program Files\Java\jre1.7.0_21\lib\security\cacerts security: Loaded SSL Root CA certificates from C:\Program Files\Java\jre1.7.0_21\lib\security\cacerts security: Loading Deployment SSL certificates from C:\Documents and Settings\Marek\Dane aplikacji\Sun\Java\Deployment\security\trusted.jssecerts security: Loaded Deployment SSL certificates from C:\Documents and Settings\Marek\Dane aplikacji\Sun\Java\Deployment\security\trusted.jssecerts security: Loading certificates from Deployment session certificate store security: Loaded certificates from Deployment session certificate store security: Checking if SSL certificate is in Deployment permanent certificate store security: Check if certificate can be verified using certificates in Root CA certificate store security: Certificate to be verified: [ ] security: Certificate has been verified with Root CA certificates successfully security: Invalid certificate from HTTPS server basic: Dialog type is not candidate for embedding security: Saving certificates in Deployment session certificate store security: Saved certificates in Deployment session certificate store network: ResponseCode for https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar : 304 network: Encoding for https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar : null network: Disconnect connection to https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar cache: Reading Signers from 3935 https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar | C:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\60\6283407c-46587e7d.idx cache: Done readSigners(https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar) cache: Read manifest for https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar: read=273 full=273 basic: Plugin2ClassLoader.isTrustedByPolicy called basic: Plugin2ClassLoader.isTrustedByPolicy returns false security: resource name "pl/computerland/sod/prezentacja/klient/cienki/applet/JavaVersion.class" in https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar : java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library security: resource name "pl/computerland/sod/prezentacja/klient/cienki/applet/JavaVersion.class" in https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar : java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library basic: exception: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library. java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Ignored exception: java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library basic: exception: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library. java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Ignored exception: java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library basic: Dialog type is not candidate for embedding basic: Dialog type is not candidate for embedding basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@5dcf43 security: Reset deny session certificate store basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@1b93cf8 security: Reset deny session certificate store 我们有类似的问题。 对我们来说问题是客户端机器上的jre \ lib \ security \ java.policy文件被修改了,增加了:
grant { permission java.security.AllPermission; };
如果删除它,则错误消失。 同样在我们的测试中,如果我们删除Trusted-Library,错误就会消失:true,但考虑到新的Java applet规则,这不是一个真正的选择。
我们还在https://forums.oracle.com/message/11238296#11238296上发布了这些信息,但暂时没有回复。