我们的小程序在更新为java 1.7.0_45 后,已停止使用 HTTPS 。他们在1.7.0_40和所有较低版本上工作,即使使用1.7.0_45也可以在HTTP上工作。
由于没有ServerName定义,我能找到的所有引用都指向了java 7引入的握手异常,但这不适用于我们的applet。
Java控制台警告我,小程序 已初始化,已启动并可见 并且未显示任何错误。但是,小程序不显示(小程序与IE,Mozilla和Chrome兼容,并且所有行为都会重现)。从Intellij Idea
中的源代码启动applet时也会发生这种情况过去几天我一直在研究这个问题,但没有找到解释。你们中的任何人都知道为什么会这样吗?
编辑 - 我也保留了java控制台,但这是我发现的:
在以前的java版本中,会出现一个弹出式警告,询问用户是否信任该来源。如果用户允许访问,则导入我们的证书。使用1.7.0_45时,证书默认阻止。
我现在还没有转而研究这种方法。我会在找到后立即发布答案,但如果有人有任何提示,我们将非常感激。
Java控制台输出:
PluginMain: starting applet ID 1 in parent window 0xb05f0 with parameters:
Document base = https://myServer:myPort/AppletHome.html
mayscript=true
hspace=0
rmihost=#HOSTNAME#
align=BOTTOM
width=320
code=MyClass.class
height=250
scriptable=false
rmiport=31308
language=en
archive=myjars.jar
vspace=0
enablecookie=true
codebase=https://myserver:myport/
amactivated=false
----
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
security: Blacklist revocation check is enabled
security: blacklist: created: NEED_LOAD, lastModified: 1385559768744
security: blacklist: hasBeenModifiedSince 1385560033627 (we have 1385559768744)
security: Trusted libraries list check is enabled
security: Certificate revocation enabled. Disable security validation optimizations.
security: Reset cached validation for https://myHost:myPort/data/myJar.jar.
---
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Check if certificate can be verified using certificates in Root CA certificate store
我认为这可能就是问题所在:
security: Certificate has failed the verification with the SSL Root CA certificates
security: Invalid certificate from HTTPS server
但输出总结如此:
security: Certificate revocation enabled. Disable security validation optimizations.
Missing Application-Name: manifest attribute for: https://myHost:myPort/data/myJar.jar
Missing Permissions manifest attribute for: https://myHost:myPort/data/myJar.jar
Missing Codebase manifest attribute for: https://myHost:myPort/data/myJar.jar
security: Validate the certificate chain using CertPath API
security: SHA-256Certificate finger print: certificateFingerPrint1
security: SHA-256Certificate finger print: certificateFingerPrint2
security: SHA-256Certificate finger print: certificateFingerPrint3
security: The OCSP support is enabled
security: The CRL support is enabled
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
security: OCSP Response: GOOD
security: Certificate validation succeeded using OCSP/CRL
basic: updateValidationResultsForApplet update
cache: Mark prevalidated: https://myHost:myPort/data/myJar.jar true tm=1385628443976 cert=1425427199000
basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
security: SHA-256Certificate finger print: certificateFingerPrint1
security: SHA-256Certificate finger print: certificateFingerPrint2
security: SHA-256Certificate finger print: certificateFingerPrint3
basic: Applet initialized
basic: Starting applet
basic: completed perf rollup
basic: Applet made visible
basic: Applet started
basic: Told clients applet is started
答案 0 :(得分:0)
对于调试applet,我建议配置插件(控制面板/ Java / Advanced)以在启动时打开java控制台并显示任何跟踪,调试消息和异常。你能用Java控制台输出吗?
如果可能的话,我还建议使用HTTP发布applet,因为Java VM有时会出现HTTPS问题(不受信任的https连接,需要数字证书的连接)等等。
另一方面,Java现在需要JARs的META-INF / MANIFEST(例如,Caller-Allowable-Codebase)文件中的附加属性,例如:
Manifest-Version: 1.0
Implementation-Title: mypackage
Implementation-Version: build01
Specification-Vendor: My company
Application-Name: My applet
Caller-Allowable-Codebase: *
Implementation-Vendor: My company
Application-Library-Allowable-Codebase: *
Name: com/company/package
Permissions: all-permissions
Specification-Title: My spec
Specification-Version: 1.0.0
Codebase: *