问题描述

我正在尝试通过 Webstart 加载带有未签名库的已签名 jar.但是，我收到尝试将沙盒 jar 作为 Trusted-Library 打开"错误.我从我的 jnlp 文件中删除了所有权限设置，如果让它在那里(我不想这样做)，我的库会收到 classnotdefined 异常.我正在使用 Netbeans 以可信库设置对我的 jar 进行签名.如果我签署了图书馆(不是我的，而是 GPL)，它会起作用吗?

I'm trying to load a signed jar with an unsigned library through Webstart. However I get a "attempt to open sandboxed jar as Trusted-Library" error. I removed the all permissions setting from my jnlp file, if let it there (which I prefer not to), I get a classnotdefined exception for my library.I'm using Netbeans to sign my jar with Trusted Library setting.Would it work if I signed the library (which is not mine, but GPL'ed)?

所有都在本地工作，顺便说一句，只是不是来自 Webstart.谢谢，凯

All is working locally, btw, just not from Webstart.Thanks,Kaj

清单文件:

Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.2
Trusted-Library: true
X-COMMENT: Main-Class will be added automatically by build
Class-Path: lib/tools.jar
Created-By: 1.7.0-b147 (Oracle Corporation)
Main-Class: customcompile.CustomCompile

Name: customcompile/Source.class
SHA-256-Digest: WFa1FC4Q07sE3S9XxmUSEpgUKjvjYo81urGSiiLNBYY=

Name: customcompile/Output.class
SHA-256-Digest: Sc8oRhAcYYrEtWY5iA56bNKx4EuHQHgFfHmXRSYV474=

Name: customcompile/CustomCompile.class
SHA-256-Digest: WYmy6ny6BU6sYFqJCwxSUPsbTWbpvBuPurYuwnZR5sM=

Name: customcompile/MemoryClassLoader.class
SHA-256-Digest: 0bUNmC+gI7dkGFzEmDvAqdOv15UmHOQS8dDVi9FxGFU=

Name: META-INF/INDEX.LIST
SHA-256-Digest: komZP7Un7Uyi8XTq+HvpbZtNF5cfPC8TmGiPBfcO3qk=

Name: customcompile/MemoryFileManager.class
SHA-256-Digest: GorTXt3N3GZ2kUHry7qBfAOgUuYvhWHE3S+SGEjzR7k=

我也发现了一些关于这个主题的信息(http://download.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html ):最下面找到一个关于混合代码的问答，建议在库上设置一个懒惰模式，对我没有任何作用.

I found some info on the subject as well ( http://download.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html ):at the bottom one finds a Q&A about mixed code, suggesting setting a lazy mode on the library, which did not do anything for me.

推荐答案

您应该能够在 混合签名和未签名代码.特别参见 在没有混合的情况下安全部署签名应用程序和小程序代码警告.

You should be able to find answers in Mixing Signed and Unsigned Code. See especially Deploying Signed Applications and Applets Securely Without a Mixed Code Warning.

注意上面的清单有..

..
Trusted-Library: true
X-COMMENT: Main-Class will be added automatically by build
Trusted-Only: true
..

它应该是 Trusted-Library 或 Trusted-Only (AFAIU) 中的一个.在这种情况下，它应该是 Trusted-Library.

It should be one or the other of Trusted-Library or Trusted-Only (AFAIU). In this case it should be Trusted-Library.

这篇关于Java Webstart 尝试将 jar 沙盒化为“Trusted-Library"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！