代码之家  ›  专栏  ›  技术社区  ›  Richard Perfect

如何从未签名的小程序中使用JAXB(无需签名)?

gson xstream jaxb applet
  •  2
  • Richard Perfect  · 技术社区  · 14 年前

    我想从一个未签名的小程序中将Java对象转换成XML,反之亦然,我不能更改任何安全权限/策略文件,也不能对应用程序进行签名。

    我似乎遇到了一个安全异常,因为JAXB试图访问它在小程序沙箱中无法访问的字段或构造函数。

    -XStream -格森

    给定(类似)以下对象: 

    @XmlType
@XmlRootElement
public class SimpleObject {

    public String sampleText;

    public SimpleObject() {
    }

    public String getSampleText() {
        return sampleText;
    }

    public void setSampleText(String sampleText) {
        this.sampleText = sampleText;
    }
}

    以及以下简单的JAXB代码: 

    public void actionPerformed(ActionEvent e) {
    try {
        JAXBContext jc = JAXBContext.newInstance(SimpleObject.class);
        Marshaller marshaller = jc.createMarshaller();
        marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);

        SimpleObject object = new SimpleObject();
        object.setSampleText("Hello");

        marshaller.marshal(object, System.out);
    }
    catch (JAXBException e1) {
        throw new RuntimeException(e1);
    }
}

    我得到以下例外情况: 

    Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkMemberAccess(Unknown Source)
    at java.lang.Class.checkMemberAccess(Unknown Source)
    at java.lang.Class.getDeclaredConstructor(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator.hasDefaultConstructor(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator.hasDefaultConstructor(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ClassInfoImpl.<init>(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeClassInfoImpl.<init>(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.createClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.createClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getTypeInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getTypeInfo(Unknown Source)
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.getTypeInfoSet(Unknown Source)
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.<init>(Unknown Source)
    at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl$JAXBContextBuilder.build(Unknown Source)
    at com.sun.xml.internal.bind.v2.ContextFactory.createContext(Unknown Source)
    at com.sun.xml.internal.bind.v2.ContextFactory.createContext(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at javax.xml.bind.ContextFinder.newInstance(Unknown Source)
    at javax.xml.bind.ContextFinder.find(Unknown Source)
    at javax.xml.bind.JAXBContext.newInstance(Unknown Source)
    at javax.xml.bind.JAXBContext.newInstance(Unknown Source)
    at nz.co.zeal.maker.application.actions.build.JAXBTestAction.actionPerformed(JAXBTestAction.java:24)
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at javax.swing.AbstractButton.doClick(Unknown Source)
    at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
    at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
    3 回复  |  直到 14 年前
        1
  •  2
  •   Richard Perfect    14 年前

        2
  •  0
  •   prunge    13 年前

    我还试图用JAXB找到一个解决方案,但没有成功。

    最后,通过使用AspectJ和一个重写System.getProperty()调用以在失败时返回null的方面,我找到了一个可行的解决方案。由于Axis2所需的所有属性都是非关键性的,因此无论如何,这是可行的。我还需要在org.apache.axiom.util.stax.dial.StatxDialectDetector.getRootUrlForResource()上应用一个方面,以始终返回null,因为它试图进行ClassLoader.getSystemClassLoader()调用,但在安全管理器下也失败了。这似乎又是一个非关键性的呼吁。让AspectJ在构建时重写Axis2类,它作为未签名的小程序运行。

    我无法使用JAXB进行同样的AspectJ攻击,因为JAXB需要直接访问类的私有字段,如果JAXB与小程序捆绑在一起(如果使用AspectJ重写类,我们需要这样做),这些类就不在安全管理器下运行。

        3
  •  0
  •   Martins    10 年前

    这可能会解决你的问题。我知道它解决了我的问题:) 

    public void actionPerformed(ActionEvent e) {
    try {
    JAXBContext jc = AccessController.doPrivileged(new PrivilegedExceptionAction<JAXBContext>() {

        public JAXBContext run() throws JAXBException {

            // needs to run here otherwise throws AccessControlException
            return JAXBContext.newInstance(SimpleObject.class);
        }
    });         
        Marshaller marshaller = jc.createMarshaller();
        marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);

        SimpleObject object = new SimpleObject();
        object.setSampleText("Hello");

        marshaller.marshal(object, System.out);
    }
    catch (JAXBException e1) {
        throw new RuntimeException(e1);
    }
    } catch (PrivilegedActionException e2) {
    throw new RuntimeException(e2);
    }
}

    推荐文章
    leoll2  ·  泛型类的XStream反序列化返回java。lang.对象
    6 年前
    Black  ·  xstream。fromXML返回一个类
    6 年前
    hotzst stevops  ·  调试没有默认构造函数的XStream
    7 年前
    Marcus Rigonati  ·  XStream-在自定义转换器中生成类(解组)
    7 年前
    Syed  ·  将XML字符串转换为Map,并使用Java获取键和值对
    9 年前
    Igor  ·  更换Xstream设施
    9 年前
    tosovvoj  ·  类型ad子类型的XStream集合
    10 年前
    Aditya Kaushik  ·  XStream错误解决方案
    11 年前
    zak  ·  Spring oxm的使用
    11 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号