OpenWebStart 和 log4j2 的 Java webstart 应用程序安全问题

问题描述 投票:0回答:1

我正在将一些自动签名的 WebStart (WS) 应用程序从 Oracle 的 Java 8 迁移到 OpenJDK11+OpenWebStart。但是,我在迁移后遇到了奇怪的 

java.io.FilePermission
错误(换句话说,当使用 Oracle 的 WS 启动应用程序的 JNLP 时,它工作正常,但使用 OpenWebStart 时会触发该错误)。错误来自保存在远程服务器中的 log4j2 日志文件。

我已将其添加到 JAR 的 MANIFEST.MF 中,但没有任何效果:

Codebase: *.mydomain.edu
Permissions: all-permissions

我发现解决错误的方法是用这个手动更改

java.policy
文件(在
~/.config/icedtea-web/security
):

grant codeBase "*.mydomain.edu" {
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, execute, delete";
};

(当然,这不是推荐的解决方案,因为应用程序被许多不同的用户使用。)

我的问题是:我怎样才能以更稳健的方式解决这个问题?有没有办法在 JAR 文件中包含自定义 

java.policy
?或者 OpenWebStart 需要我缺少的额外 log4j2 配置?

PS:我试图在 OpenWebStart 论坛 上发帖,但我的帐户由于某种原因没有被激活。

更新:我已经测试过从 Windows 机器上启动这个应用程序,它工作得很好!因此,

java.io.FilePermission
错误与我的Linux RHEL8系统有关。

java log4j2 jnlp redhat-openjdk openwebstart
1个回答
0
投票

我不知道到底是什么原因造成的,但我找到了解决它的方法。我查看了 OWS 错误消息,发现它与 log4j(在底部)有关。

我使用的是 log4j 2.17,但仍然使用 log4j 1.x 语法来编写日志。我需要将语法更新为 log4j 2.x,它在 Windows 和 Linux 中都运行良好。

OWS错误:

WARNING: package javax.jnlp not in java.desktop
[myuser][ITW-CORE][2023-03-10 08:48:26.431 MST][WARN ][net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker][My Tool#428b8743] This application does not specify a Codebase in its manifest. Please verify with the applet''s vendor. Continuing. See: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html for details.
[myuser][ITW-CORE][2023-03-10 08:48:26.554 MST][WARN ][net.sourceforge.jnlp.JNLPFile][AWT-EventQueue-0#23a5fd2] Application title was not found in manifest. Check with application vendor
[myuser][ITW-CORE][2023-03-10 08:48:26.813 MST][WARN ][net.sourceforge.jnlp.JNLPFile][My Tool#428b8743] Application title was not found in manifest. Check with application vendor
Exception in thread "My Tool" java.lang.RuntimeException: java.lang.ExceptionInInitializerError[myuser][ITW-CORE][2023-03-10 08:48:27.707 MST][ERROR][net.sourceforge.jnlp.Launcher][My Tool#428b8743]
General Throwable encountered:
java.lang.ExceptionInInitializerError
    at org.apache.log4j.Logger.getLogger(Logger.java:117)
    at edu.mydomain.clientMain.<clinit>(clientMain.java:29)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:406)
    at net.sourceforge.jnlp.Launcher.access$300(Launcher.java:71)
    at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:660)
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/logs/client.log" "write")
    at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
    at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
    at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:272)
    at java.base/java.lang.SecurityManager.checkWrite(SecurityManager.java:752)
    at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:225)
    at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:158)
    at org.apache.log4j.FileAppender.setFile(FileAppender.java:294)
    at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207)
    at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165)
    at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307)
    at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:172)
    at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:104)
    at org.apache.log4j.PropertyConfigurator.parseAppender(PropertyConfigurator.java:809)
    at org.apache.log4j.PropertyConfigurator.parseCategory(PropertyConfigurator.java:735)
    at org.apache.log4j.PropertyConfigurator.configureRootCategory(PropertyConfigurator.java:615)
    at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:502)
    at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:547)
    at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:483)
    at org.apache.log4j.LogManager.<clinit>(LogManager.java:127)
    ... 9 more


    at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:681)
Caused by: java.lang.ExceptionInInitializerError
    at org.apache.log4j.Logger.getLogger(Logger.java:117)
    at edu.mydomain.clientMain.<clinit>(clientMain.java:29)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:406)
    at net.sourceforge.jnlp.Launcher.access$300(Launcher.java:71)
    at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:660)
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/logs/client.log" "write")
    at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
    at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
    at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:272)
    at java.base/java.lang.SecurityManager.checkWrite(SecurityManager.java:752)
    at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:225)
    at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:158)
    at org.apache.log4j.FileAppender.setFile(FileAppender.java:294)
    at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207)
    at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165)
    at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307)
    at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:172)
    at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:104)
    at org.apache.log4j.PropertyConfigurator.parseAppender(PropertyConfigurator.java:809)
    at org.apache.log4j.PropertyConfigurator.parseCategory(PropertyConfigurator.java:735)
    at org.apache.log4j.PropertyConfigurator.configureRootCategory(PropertyConfigurator.java:615)
    at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:502)
    at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:547)
    at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:483)
    at org.apache.log4j.LogManager.<clinit>(LogManager.java:127)
    ... 9 more
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.