1. 首页
  2. 问答
  3. 如何从未签名的小程序使用JAXB(无需签名)?

如何从未签名的小程序使用JAXB(无需签名)?

2010-01-18 61 views
2

我想从未签名的Applet中将Java对象编组为XML,反之亦然,并且我无法更改任何安全权限/策略文件或签名应用程序。如何从未签名的小程序使用JAXB(无需签名)?

我似乎得到一个安全异常,因为JAXB尝试访问字段或构造,它不能在applet沙箱。

运行浏览器的JRE 1.6.0_17

我也开到基于其他一些XML(或JSON)库解决方案,但曾尝试以下和几乎碰到了类似的问题; - XStream的 - GSON

鉴于(类似)的下列对象:

@XmlType 
@XmlRootElement 
public class SimpleObject { 

    public String sampleText; 

    public SimpleObject() { 
    } 

    public String getSampleText() { 
     return sampleText; 
    } 

    public void setSampleText(String sampleText) { 
     this.sampleText = sampleText; 
    } 
}

而下面这个简单的JAXB代码:

public void actionPerformed(ActionEvent e) { 
    try { 
     JAXBContext jc = JAXBContext.newInstance(SimpleObject.class); 
     Marshaller marshaller = jc.createMarshaller(); 
     marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); 

     SimpleObject object = new SimpleObject(); 
     object.setSampleText("Hello"); 

     marshaller.marshal(object, System.out); 
    } 
    catch (JAXBException e1) { 
     throw new RuntimeException(e1); 
    } 
}

我得到以下异常:

Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers) 
    at java.security.AccessControlContext.checkPermission(Unknown Source) 
    at java.security.AccessController.checkPermission(Unknown Source) 
    at java.lang.SecurityManager.checkPermission(Unknown Source) 
    at java.lang.SecurityManager.checkMemberAccess(Unknown Source) 
    at java.lang.Class.checkMemberAccess(Unknown Source) 
    at java.lang.Class.getDeclaredConstructor(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator.hasDefaultConstructor(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator.hasDefaultConstructor(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.ClassInfoImpl.<init>(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeClassInfoImpl.<init>(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.createClassInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.createClassInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getClassInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getClassInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getTypeInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getTypeInfo(Unknown Source) 
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.getTypeInfoSet(Unknown Source) 
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.<init>(Unknown Source) 
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl$JAXBContextBuilder.build(Unknown Source) 
    at com.sun.xml.internal.bind.v2.ContextFactory.createContext(Unknown Source) 
    at com.sun.xml.internal.bind.v2.ContextFactory.createContext(Unknown Source) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
    at java.lang.reflect.Method.invoke(Unknown Source) 
    at javax.xml.bind.ContextFinder.newInstance(Unknown Source) 
    at javax.xml.bind.ContextFinder.find(Unknown Source) 
    at javax.xml.bind.JAXBContext.newInstance(Unknown Source) 
    at javax.xml.bind.JAXBContext.newInstance(Unknown Source) 
    at nz.co.zeal.maker.application.actions.build.JAXBTestAction.actionPerformed(JAXBTestAction.java:24) 
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) 
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) 
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) 
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source) 
    at javax.swing.AbstractButton.doClick(Unknown Source) 
    at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source) 
    at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source) 
    at java.awt.Component.processMouseEvent(Unknown Source) 
    at javax.swing.JComponent.processMouseEvent(Unknown Source) 
    at java.awt.Component.processEvent(Unknown Source) 
    at java.awt.Container.processEvent(Unknown Source) 
    at java.awt.Component.dispatchEventImpl(Unknown Source) 
    at java.awt.Container.dispatchEventImpl(Unknown Source) 
    at java.awt.Component.dispatchEvent(Unknown Source) 
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) 
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) 
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) 
    at java.awt.Container.dispatchEventImpl(Unknown Source) 
    at java.awt.Component.dispatchEvent(Unknown Source) 
    at java.awt.EventQueue.dispatchEvent(Unknown Source) 
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) 
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) 
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) 
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source) 
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source) 
    at java.awt.EventDispatchThread.run(Unknown Source)

来源

2010-01-18 Richard Perfect

回答

2

我从来没有完全想到这一点。我所做的是获取一个名为Flexjson的相当简单的JSON库。它也抛出了类似的安全异常,但该库足够简单,因此我能够关闭导致Applet中的异常的库代码并带有布尔标志。

来源

2010-01-23 19:41:42

0

我也尝试用JAXB找到一个没有任何成功的解决方案。

我使用ADB绑定切换到Axis2(1.5.4),但它也尝试访问系统属性,这些属性在安全管理器检查时失败。

最后,我用AspectJ和使用重写System.getProperty()调用时,他们无法返回空的方面有一个可行的解决方案一起。由于Axis2所需的所有属性都是非关键的,所以这种方法很有效。我还需要申请在org.apache.axiom.util.stax.dialect.StAXDialectDetector.getRootUrlForResource一个方面()始终返回null,因为它试图让这也是一个安全管理器下失败ClassLoader.getSystemClassLoader()调用。这又是一次非关键性的呼叫。得到AspectJ在构建时重写Axis2类,它作为未签名的applet运行。

这是一个非常混乱的解决方案,但至少它工作。

我无法得到相同的AspectJ hack与JAXB一起工作,因为如果JAXB与applet捆绑在一起,我们需要做的事情是JAXB需要直接访问不在安全管理器下运行的类的私有字段AspectJ用于重写类)。

来源

2011-05-01 23:10:35 prunge

0

这可能会解决您的问题。我知道它解决我的:)

public void actionPerformed(ActionEvent e) { 
    try { 
    JAXBContext jc = AccessController.doPrivileged(new PrivilegedExceptionAction<JAXBContext>() { 

     public JAXBContext run() throws JAXBException { 

      // needs to run here otherwise throws AccessControlException 
      return JAXBContext.newInstance(SimpleObject.class); 
     } 
    });   
     Marshaller marshaller = jc.createMarshaller(); 
     marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); 

     SimpleObject object = new SimpleObject(); 
     object.setSampleText("Hello"); 

     marshaller.marshal(object, System.out); 
    } 
    catch (JAXBException e1) { 
     throw new RuntimeException(e1); 
    } 
    } catch (PrivilegedActionException e2) { 
    throw new RuntimeException(e2); 
    } 
}

希望它可以帮助

来源

2014-07-25 15:53:35 Martins

相关问题

 相关问题