Fatal编程技术网
  • java/
  • Java 如何授予小程序读取系统属性的权限?

Java 如何授予小程序读取系统属性的权限?

java

Java 如何授予小程序读取系统属性的权限?,java,applet,system-properties,Java,Applet,System Properties,我有一个Java小程序正在尝试读取http.strictPostRedirect系统属性 代码不是我的(它是Java的;所以我不能更改它)。但您可以在网上找到代码: HttpURLConnection.java: if (method.equals("POST") && !Boolean.getBoolean("http.strictPostRedirect") && (stat!=307)) { /* The HTTP/1.1 spec says tha

我有一个Java小程序正在尝试读取
http.strictPostRedirect
系统属性

代码不是我的(它是Java的;所以我不能更改它)。但您可以在网上找到代码:

HttpURLConnection.java

if (method.equals("POST") && !Boolean.getBoolean("http.strictPostRedirect") && (stat!=307)) 
{
   /* The HTTP/1.1 spec says that a redirect from a POST 
    * *should not* be immediately turned into a GET, and
    * that some HTTP/1.0 clients incorrectly did this.
    * Correct behavior redirects a POST to another POST.
    * Unfortunately, since most browsers have this incorrect
    * behavior, the web works this way now.  Typical usage
    * seems to be:
    *   POST a login code or passwd to a web page.
    *   after validation, the server redirects to another
    *     (welcome) page
    *   The second request is (erroneously) expected to be GET
    * 
    * We will do the incorrect thing (POST-->GET) by default.
    * We will provide the capability to do the "right" thing
    * (POST-->POST) by a system property, "http.strictPostRedirect=true"
    */
    ...
}

java.security.AccessControlException: access denied (java.util.PropertyPermission http.strictPostRedirect read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.lang.Boolean.getBoolean(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
基本故障来自于调用:

Boolean.getBoolean("http.strictPostRedirect")
这导致了一场灾难。显然,我不允许读取
http.strictPostRedirect
系统属性。试图读取它会抛出一个AccessControlException

if (method.equals("POST") && !Boolean.getBoolean("http.strictPostRedirect") && (stat!=307)) 
{
   /* The HTTP/1.1 spec says that a redirect from a POST 
    * *should not* be immediately turned into a GET, and
    * that some HTTP/1.0 clients incorrectly did this.
    * Correct behavior redirects a POST to another POST.
    * Unfortunately, since most browsers have this incorrect
    * behavior, the web works this way now.  Typical usage
    * seems to be:
    *   POST a login code or passwd to a web page.
    *   after validation, the server redirects to another
    *     (welcome) page
    *   The second request is (erroneously) expected to be GET
    * 
    * We will do the incorrect thing (POST-->GET) by default.
    * We will provide the capability to do the "right" thing
    * (POST-->POST) by a system property, "http.strictPostRedirect=true"
    */
    ...
}

java.security.AccessControlException: access denied (java.util.PropertyPermission http.strictPostRedirect read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.lang.Boolean.getBoolean(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
因此,如果我没有权限读取系统属性的权限

if (method.equals("POST") && !Boolean.getBoolean("http.strictPostRedirect") && (stat!=307)) 
{
   /* The HTTP/1.1 spec says that a redirect from a POST 
    * *should not* be immediately turned into a GET, and
    * that some HTTP/1.0 clients incorrectly did this.
    * Correct behavior redirects a POST to another POST.
    * Unfortunately, since most browsers have this incorrect
    * behavior, the web works this way now.  Typical usage
    * seems to be:
    *   POST a login code or passwd to a web page.
    *   after validation, the server redirects to another
    *     (welcome) page
    *   The second request is (erroneously) expected to be GET
    * 
    * We will do the incorrect thing (POST-->GET) by default.
    * We will provide the capability to do the "right" thing
    * (POST-->POST) by a system property, "http.strictPostRedirect=true"
    */
    ...
}

java.security.AccessControlException: access denied (java.util.PropertyPermission http.strictPostRedirect read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.lang.Boolean.getBoolean(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
如何获得系统属性的读取权限

显然,必须有一个允许我读取系统属性的设置,否则Sun不会有透明地尝试访问它的代码

这是一个全球范围的机器设置吗?它是一个域范围的设置吗?这是机器范围的设置吗?它是按用户设置的吗?是否为每个小程序设置?它是每次调用的设置吗?它是与特定版本的Java运行时引擎相关的设置吗

tl;dr:如何避免崩溃

读取系统属性 Java确实有一个:

  • java.class.path
  • java.home
  • user.dir
  • user.home
  • user.name
我的系统属性
http.strictPostRedirect
,不在该列表中。那为什么我不能读呢

另见
此处的“修复”是对小程序进行数字签名,然后在提示时说服用户确认代码

Java的系统属性列表不是小程序无法读取的:

  • java.class.path
  • java.home
  • user.dir
  • 用户主页
  • 用户名
我的系统属性http.strictPostRedirect不在该列表中。那为什么我不能读呢

这是沙盒应用程序所需的属性的“短列表”。不识字。还有很多。例如,
user
下的任何内容都不允许1。只考虑那些“典型”。

  • 在沙盒应用程序中的输出
    • 显然,必须有一个允许我读取系统属性的设置,否则Sun不会有透明地尝试访问它的代码

    对。请参阅上面的修复