我有以下HttpGet()函数:
HttpGet request = new HttpGet(url);
request.setHeader("User-Agent", userAgent);
request.setHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
request.setHeader("Accept-Language", "en-US,en;q=0.5");
if (!cookies.equals(""))
request.setHeader("Cookie", this.cookies);
for (Map.Entry<String, String> header : tempHeaders.entrySet())
{
request.setHeader(header.getKey(), header.getValue());
}
tempHeaders.clear();
HttpResponse response = client.execute(request);
这个函数是封装Apache的HttpClient的Browser()类的一部分。当我在小程序查看器中运行小程序时,一切都很好。然而,当我将小程序嵌入到页面中时,我会得到以下异常:
java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:80" "connect,resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:117)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
**at vidinstant.HttpBrowser.Get(HttpBrowser.java:60)**
at vidinstant.ServerThread$1.run(ServerThread.java:201)
at vidinstant.ServerThread$1.run(ServerThread.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at vidinstant.ServerThread.GetLink(ServerThread.java:196)
at vidinstant.ServerThread.run(ServerThread.java:95)
您可以看到异常的"源"在Browser类中的第60行,更准确地说,是上面代码摘录中的这一行:
HttpResponse response = client.execute(request);
我已经对applet.jar进行了自签名,清单文件中有一行"权限:所有权限"。
为什么我会得到这个异常,为什么访问被拒绝?在浏览器中运行小程序的用户单击"允许"one_answers"不阻止",但它仍然不起作用。Apache的library.jar也必须签名吗?他们需要在清单中有"所有许可"吗?如何在用户不必篡改Java策略文件的情况下获得运行此类函数的权限
Apache的library.jar也必须签名吗?
是的。不允许"90%"安全。部署的代码被认为是安全的,。。或者不安全。