我需要通过applet访问本地运行的 LDAP ,以便根据自己的组织安全性对用户进行身份验证。
但是当我点击登录按钮并且applet尝试连接到10.0.215.45服务器时,它会发出以下异常
network: Connecting http://qa.mycompany.com/loginldap/jndi.properties with proxy=DIRECT
network: Connecting http://qa.mycompany.com/loginldap/jndi.properties with cookie "__utma=3105202.1962924881.1410333072.1410351890.1411365879.4; __utmz=3105202.1410333072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _bcvm_vrid_3210241798524429162=9098969101660648460T0DA4F9342F9A96696C8032E97870412050BB1ADC5C79D4B5EAA03F617D96473191202EB66601664B00D33A3B14F5A765452D84B6F8C4149A8E9235E8EEFB41FE; inproducttranslatemode=false"
network: Connecting http:// 10.0.215.45 :389/crossdomain.xml with proxy=DIRECT
network: Connecting http:// 10.0.215.45 :389/ with proxy=DIRECT
java.security.AccessControlException: access denied ("java.net.SocketPermission" "10.0.215.45:389" "connect,resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkConnect(Unknown Source)
我在构建过程中自行签署了applet jar
<target name="dist" depends="clean,compile" description="generate the distribution">
<mkdir dir="${dist}" />
<copy todir="${build}">
<fileset file="${src}/conf.properties" />
</copy>
<jar jarfile="${dist}/${module-jar-file}" basedir="${build}">
<manifest>
<attribute name="Permissions" value="sandbox" />
<attribute name="Codebase" value="*.mycompany.com" />
<attribute name="Application-Library-Allowable-Codebase" value="*.mycompany.com" />
<attribute name="Application-Name" value="Company - SSO" />
<attribute name="Main-Class" value="com.mycompany.authentication.sso.Application"/>
<attribute name="Entry-Point" value="com.mycompany.authentication.sso.applet.Applet" />
</manifest>
</jar>
<signjar jar="${dist}/${module-jar-file}" alias="signalias" keystore="keystore" storepass="storepass">
</signjar>
<copy todir="${dist}">
<fileset file="resources/index.html" />
</copy>
我的整体架构就像
>>>>>>>>>>>>>> INTERNET <<<<<<<<<<<<<<<
+-------------------------+
+ +
+ +
+ qa.mycompany.com + <= applet is hosted here
+ SERVER +
+ +
+-------------------------+
**************************************************************************************
>>>>>>>>>>>>>> LOCAL NETWORK <<<<<<<<<<<<<<<
+-----------------------------------------------+
+ +
+ http://qa.mycompany.com/loginldap +
+ +
+-----------------------------------------------+
+ +
+ +
+ Client browser downloading applet + =======||
+ and running + ||
+ + ||
+-----------------------------------------------+ ||
||
|| (10.0.215.45)
|| +------------+
======>> + +
+ LDAP +
+ +
+------------+
答案 0 :(得分:1)
以下是我如何运作
<attribute name="Permissions"
value=" 沙箱 " />更改为<attribute name="Permissions"
value=" 所有权限 " /> 这至少开始并在浏览器中运行我的applet。稍后对于生产环境,我可以拥有正确的SSL证书,并根据我的要求分配适当的权限。