We're having difficulties getting past the mixed code error for Java webstart. In summary, we have our main JNLP file, we've signed all of our code that it loads directly. We've added the all-permissions option to the main JNLP. The main class it loads also comes from a signed jar.

我们在克服Java webstart的混合代码错误时遇到了困难。总之，我们有我们的主要JNLP文件，我们已经签署了它直接加载的所有代码。我们已将all-permissions选项添加到主JNLP中。它加载的主类也来自一个签名的jar。

When the main class kicks off a little down the road it fires off some things that need to load some unsigned resources that are pulled in from JNLP B. None of JNLP B's resources are signed and they do not need any special permissions.

当主要类开始时，它会触发一些需要加载从JNLP B中提取的未签名资源的东西。没有JNLP B的资源被签名且它们不需要任何特殊权限。

All of the signed code has been setup based on the mixed code documentation from Oracle and the jar files have been set with manifests of "Trusted-Library: true" before signing.

所有已签名的代码都是基于Oracle的混合代码文档设置的，并且jar文件在签名之前已经设置了“Trusted-Library：true”的清单。

When the unsigned code is attempted to be loaded by the signed code we get a class not found error like so:

当尝试通过签名代码加载未签名的代码时，我们得到一个类未找到错误，如下所示：

java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

    Caused by: java.lang.NoClassDefFoundError: org/some/external/package/that/is/not/signed
at org.our.signed.package.main(Main.java:87)
... 9 more

    Caused by: java.lang.ClassNotFoundException: org.some.external.package.that.is.not.signed
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
... 10 more

Here's the scenario in the JNLP's:

以下是JNLP中的情景：

JNLP A: (summarized)

JNLP答:(总结）

<jnlp spec="1.5+" codebase="...." href="......">
  <information>
   ...etc
  </information>
   <security>
     <all-permissions/>
   </security>
   <resources>
      <j2se version="1.6+" initial-heap-size="80m" max-heap-size="256m" href="http://java.sun.com/products/autodl/j2se"/>
      <jar href="signedJar_1.jar" download="eager" main="true"/>
      <jar href="signedJar_2.jar" download="eager" main="false"/>
      <extension name="unsigned_ext" href="unsigned.jnlp"/>
  </resources>
  <application-desc main-class="(FROM SIGNED CLASS in signedJar_1.jar)"/>
</jnlp>

JNLP B (the unsigned.jnlp loader)

JNLP B（unsigned.jnlp加载器）

<jnlp spec="1.5+" codebase="....." href="......">
  <information>
   ...etc
  </information>
  <resources>
    <jar href="unsigned.jar"/>
  </resources>
  <component-desc/>
</jnlp>

We have noted that the security exceptions are working correctly, because if we move the unsigned jar into the the JNLP that has all-permissions and has signed jars, we get the expected security exceptions that Java won't let us mix the signed code with Trusted-Library: true and unsigned code with no manifest attributes.

我们已经注意到安全异常正常工作，因为如果我们将未签名的jar移动到具有所有权限并且已经签署了jar的JNLP中，我们就会获得Java不会让签名代码与之混合的预期安全异常。 Trusted-Library：没有清单属性的true和unsigned代码。

Ideas? Is there a reason the classloader can't find the java files from the unsigned code? Is there something special we are missing to allow signed code to run unsigned code? I've only seen the cases where people have problems getting unsigned code to run signed code, which I can understand.

想法？有没有理由类加载器无法从无符号代码中找到java文件？我们缺少一些特殊的东西来允许签名代码运行未签名的代码吗？我只看到了人们在使用未签名的代码运行签名代码时遇到问题的情况，我可以理解。

1 个解决方案

#1

---