为什么Java 7要求已签名应用程序的网络权限?
问题描述:
从Java 7 Update 5开始,我的Java Web Start应用程序正在请求建立连接的权限.该应用程序已使用有效的证书签名.
Since Java 7 Update 5 my Java Web Start application is requesting the permission to establish connections. The application is signed with a valid certificate.
显示带有以下文本的弹出窗口:
A popup is displayed with the following text:
该应用已请求建立与以下对象的连接的权限 www.example.com.您要允许此操作吗? [确定] [取消]
The application has requested permission to establish connections to www.example.com. Do you want to allow this action? [OK] [Cancel]
在拒绝请求后,我在控制台上得到了此跟踪:
On rejecting the request I get this trace on the console:
Uncaught error fetching image:
java.lang.SecurityException
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
at sun.awt.image.ImageRepresentation.imageComplete(Unknown Source)
at sun.awt.image.InputStreamImageSource.errorConsumer(Unknown Source)
at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
at sun.awt.image.ImageFetcher.run(Unknown Source)
这是请求许可时的线程转储:
And here is the thread dump when the permission is requested:
"Image Fetcher 2" daemon prio=8 tid=0x04198000 nid=0xc24 in Object.wait() [0x0470e000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x1d67b050> (a java.lang.Object)
at java.lang.Object.wait(Object.java:503)
at com.sun.javaws.ui.JavawsSysRun.delegate(Unknown Source)
- locked <0x1d67b050> (a java.lang.Object)
at com.sun.deploy.util.DeploySysRun.execute(Unknown Source)
at com.sun.deploy.util.DeploySysRun$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.util.DeploySysRun.executePrivileged(Unknown Source)
at com.sun.deploy.ui.UIFactory.showApiDialog(Unknown Source)
at com.sun.deploy.uitoolkit.impl.awt.ui.UIFactoryImpl.showMessageDialog(Unknown Source)
at com.sun.deploy.uitoolkit.impl.awt.ui.UIFactoryImpl.showMessageDialog(Unknown Source)
at com.sun.jnlp.ApiDialog.askUser(Unknown Source)
at com.sun.jnlp.ApiDialog.askUser(Unknown Source)
at com.sun.jnlp.ApiDialog.askConnect(Unknown Source)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.deploy.cache.Cache.getCurrentIP(Unknown Source)
at com.sun.deploy.cache.Cache.isCacheEntryIPValid(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromIdxFiles(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.net.DownloadEngine.isUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.DeployCacheHandler.get(Unknown Source)
- locked <0x12fd06d0> (a java.lang.Object)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
- locked <0x12fd0728> (a sun.net.www.protocol.http.HttpURLConnection)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
- locked <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
- locked <0x12fd09b8> (a sun.net.www.http.HttpClient)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
- locked <0x12fd0a40> (a sun.net.www.protocol.http.HttpURLConnection)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startDTDEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDTDScannerImpl.setInputSource(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.dispatch(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(Unknown Source)
at com.sun.deploy.net.CrossDomainXML$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
- locked <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
at sun.awt.image.ImageFetcher.run(Unknown Source)
"AWT-EventQueue-0" prio=6 tid=0x0315f800 nid=0xc80 waiting on condition [0x037cf000]
java.lang.Thread.State: WAITING (parking)
at sun.misc.Unsafe.park(Native Method)
- parking to wait for <0x1d6b46a8> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
at java.util.concurrent.locks.LockSupport.park(Unknown Source)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(Unknown Source)
at java.awt.EventQueue.getNextEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
"javawsApplicationMain" prio=6 tid=0x040b4c00 nid=0x1198 in Object.wait() [0x0461f000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x1db95260> (a java.awt.MediaTracker)
at java.awt.MediaTracker.waitForID(Unknown Source)
- locked <0x1db95260> (a java.awt.MediaTracker)
at javax.swing.ImageIcon.loadImage(Unknown Source)
- locked <0x1db95260> (a java.awt.MediaTracker)
at javax.swing.ImageIcon.<init>(Unknown Source)
at javax.swing.ImageIcon.<init>(Unknown Source)
at com.mycompany.myapp.j.c(Unknown Source)
at com.mycompany.myapp.j.<init>(Unknown Source)
at com.mycompany.myapp.MainClass.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
"CacheCleanUpThread" daemon prio=6 tid=0x03232800 nid=0x1048 waiting for monitor entry [0x0390f000]
java.lang.Thread.State: BLOCKED (on object monitor)
at com.sun.deploy.net.CrossDomainXML.quickCheck(Unknown Source)
- waiting to lock <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.deploy.cache.Cache.getCurrentIP(Unknown Source)
at com.sun.deploy.cache.Cache.isCacheEntryIPValid(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromFile(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromFile(Unknown Source)
at com.sun.deploy.cache.CleanupThread.getCurrentCacheSize(Unknown Source)
at com.sun.deploy.cache.CleanupThread.run(Unknown Source)
- locked <0x1d6b5518> (a java.lang.Object)
"Javaws Secure Thread" daemon prio=6 tid=0x03158c00 nid=0xb9c in Object.wait() [0x0377f000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x12fd1e58> (a java.awt.EventQueue$1AWTInvocationLock)
at java.lang.Object.wait(Object.java:503)
at java.awt.EventQueue.invokeAndWait(Unknown Source)
- locked <0x12fd1e58> (a java.awt.EventQueue$1AWTInvocationLock)
at javax.swing.SwingUtilities.invokeAndWait(Unknown Source)
at com.sun.deploy.ui.DialogTemplate.setVisible(Unknown Source)
at com.sun.deploy.ui.UIFactory$10.execute(Unknown Source)
at com.sun.javaws.ui.JavawsSysRun$SecureThread.doWork(Unknown Source)
at com.sun.javaws.ui.JavawsSysRun$SecureThread.run(Unknown Source)
- locked <0x1d67b050> (a java.lang.Object)
该应用程序包含一个欢迎屏幕,该屏幕从网站获取图像,然后关闭该屏幕,并显示主应用程序窗口.仅在欢迎屏幕出现之前显示警告.启动该应用程序后,尽管该应用程序启动了多个连接,也不会显示其他警告.
The application consists in a welcome screen that fetches images from a website, this screen is then dismissed and the main application window appears. The warning is displayed only before the welcome screen appears. Once the application is started no other warning is displayed despite several connections initiated by the application.
是什么原因导致此问题?这是Java 7u5的回归还是新功能?在发行说明.
What is causing this issue? Is this a regression in Java 7u5 or a new feature? I haven't seen any reference to this in the release notes.
谢谢
答
我们也遇到了这种情况,有时还会与安全弹出窗口结合使用,从而有时会导致死锁. (由于其他Webstart错误).这很可能是由于发行说明中7u5中的7177094的修复".我试图对您的Bug#7177349进行评论,但没有对此发表评论.
We're running into this as well combined with the security popup sometimes causing a deadlock. (due to other webstart bugs). This is most likely due to the 'fix' for 7177094 in 7u5 from the release notes. I tried to but this comment on your bug # 7177349, but comments on it were not available.