导入了证书,但还是显示 java.security.AccessControlException: access denied (java.io.FilePermission c:\tomcat\webapps\examples\jsp read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:273) at java.security.AccessController.checkPermission(AccessController.java:404) at java.lang.SecurityManager.checkPermission(SecurityManager.java:545) at java.lang.SecurityManager.checkRead(SecurityManager.java:890) at java.io.File.exists(File.java:680) at com.esri.mo.file.shp.ShapefileFolder.getLayerSource(Unknown Source) at com.esri.mo.ui.bean.r.getLayer(Unknown Source) at com.esri.mo.ui.bean.Layer.getLayer(Unknown Source) at com.esri.mo.ui.bean.Map.addImpl(Unknown Source) at java.awt.Container.add(Container.java:301) at test.Index_2.init(Index_2.java:17) at sun.applet.AppletPanel.run(AppletPanel.java:344) at java.lang.Thread.run(Thread.java:539)
一: c:\zzz\SignedAppletDemo>jar cvf myapplet.jar *.* 新增清单(mainfest) 新增:classes/(读入=0)(写出=0)(存入0%) 新增:classes/SignedAppletDemo.htm(读入=180)(写出=127)(压缩29%) 新增:classes/SignedAppletDemo.class(读入=1692)(写出=982)(压缩41%) 新增:SignedAppletDemo.class(读入=1692)(写出=982)(压缩41%) 新增:SignedAppletDemo.java(读入=1237)(写入=578)(压缩53%) 新增:SignedAppletDemo.jcp(读入=678)(写入=328)(压缩51%) 新增:SignedAppletDemo.jcw(读入=288)(写入=179)(压缩37%)执行完此步后,在signedappletdemo文件夹下产生myapplet.jar文件,主要是.class文件二: c:\zzz\SignedAppletDemo>keytool -genkey -keystore mystore.store -alias my.store Enter keystore password:791229 What is your first and last name? [Unknown]:kaven What is the name of your organizational unit? [Unknown]:ibm What is the nameof your organization? [Unknown]:computer What is the name of your City or Locality? [Unknown]:shanghai What is the name of your State or Province? [Unknown]:shanghai What is the two-letter country code for this unit? [Unknown]:cn Is <CN=kaven,OU=ibm,O=computer,L=shanghai,ST=shanghai,C=cn> correct? [no]:yEnter key password for <my.store> (RETURN if same as keystore password):执行完此步后,目录下出现mystore.store文件,为密钥库,此密钥库别名为my.store。三: c:\zzz\SignedAppletDemo>keytool -export -keystore mystore.store -alias my.store -file mycert.cer Enter keystore password:791229 Certificate stored in file <mycert.cer> 执行完此步后,目录下出现mycert.cer文件,就是一张证书四: c:\zzz\SignedAppletDemo>jarsigner -keystore mystore.store myapplet.jar my.store Enter Passphrase for keystore:791229此步骤是对密钥库签名然后把myapplet.jar,mystore.store,mycert.cer复制到用户目录下。以上是服务器所做步骤 以下是客户机所做步骤五: c:\zzz\SignedAppletDemo>keytool -import -keystore client.store -alias my.store -file mycert.cer Enter keystore password:791229 Serial number:Mon May 27 09:34:39 CST 2002 until:Sun Aug 25 09:34:39 CST 2002 Certificate fingerprints: MD5: 0C:4C:FB:2E:2A:21:60:F5:45:35:A1:40:B6:8D:4E:93 SHA1: 33:9E:67:C7:8F:BE:8B:DE:31:A4:46:80:7F:1E:27:50:90:7A:FD:6B Trust this certificate? [no]:y Certificate was added to keystore
用户同意接收该证书,信任该证书颁发者的所有作品,也就是把收到的证书导入本地密钥库。 六: 修改用户的policy文件,文件名为.java.policy放在用户主目录下。 七: 对接收的文件进行验证 C:\zzz\SignedAppletDemo>jarsigner -verify -verbose -keystore mystore.store myapplet.jar 530 Mon May 27 09:41:50 CST 2002 META-INF/MANIFEST.MF 583 Mon May 27 09:41:56 CST 2002 META-INF/MY_STORE.SF 1016 Mon May 27 09:41:56 CST 2002 META-INF/MY_STORE.DSA 0 Mon May 27 09:30:46 CST 2002 META-INF/ 0 Sun May 26 23:07:04 CST 2002 classes/ smk 180 Sun May 26 23:07:04 CST 2002 classes/SignedAppletDemo.htm smk 1692 Sun May 26 23:07:30 CST 2002 classes/SignedAppletDemo.class smk 1692 Sun May 26 23:07:30 CST 2002 SignedAppletDemo.class smk 1237 Sun May 26 23:07:20 CST 2002 SignedAppletDemo.java smk 678 Sun May 26 23:07:04 CST 2002 SignedAppletDemo.jcp smk 288 Sun May 26 23:07:04 CST 2002 SignedAppletDemo.jcw s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scopejar verified.八: 打开接收文件 C:\zzzSignedAppletDemo>jar -vxf myapplet.jar 展开:META-INF/MANIFEST.MF 展开:META-INF/MY_STORE.SF 展开:META-INF/MY_STORE.DSA 创建:META-INF/ 创建:classes/ 展开:classes/SignedAppletDemo.htm 展开:classes/SignedAppletDemo.class 展开:SignedAppletDemo.class 展开:SignedAppletDemo.java 展开:SignedAppletDemo.jcp 展开:SignedAppletDemo.jcw那么用户就得到所有被签名的文件。九: 在用户端把生成的证书导入,即安装证书。
java.security.AccessControlException: access denied (java.io.FilePermission c:\tomcat\webapps\examples\jsp read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:273)
at java.security.AccessController.checkPermission(AccessController.java:404)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkRead(SecurityManager.java:890)
at java.io.File.exists(File.java:680)
at com.esri.mo.file.shp.ShapefileFolder.getLayerSource(Unknown Source)
at com.esri.mo.ui.bean.r.getLayer(Unknown Source)
at com.esri.mo.ui.bean.Layer.getLayer(Unknown Source)
at com.esri.mo.ui.bean.Map.addImpl(Unknown Source)
at java.awt.Container.add(Container.java:301)
at test.Index_2.init(Index_2.java:17)
at sun.applet.AppletPanel.run(AppletPanel.java:344)
at java.lang.Thread.run(Thread.java:539)
c:\zzz\SignedAppletDemo>jar cvf myapplet.jar *.*
新增清单(mainfest)
新增:classes/(读入=0)(写出=0)(存入0%)
新增:classes/SignedAppletDemo.htm(读入=180)(写出=127)(压缩29%)
新增:classes/SignedAppletDemo.class(读入=1692)(写出=982)(压缩41%)
新增:SignedAppletDemo.class(读入=1692)(写出=982)(压缩41%)
新增:SignedAppletDemo.java(读入=1237)(写入=578)(压缩53%)
新增:SignedAppletDemo.jcp(读入=678)(写入=328)(压缩51%)
新增:SignedAppletDemo.jcw(读入=288)(写入=179)(压缩37%)执行完此步后,在signedappletdemo文件夹下产生myapplet.jar文件,主要是.class文件二:
c:\zzz\SignedAppletDemo>keytool -genkey -keystore mystore.store -alias my.store
Enter keystore password:791229
What is your first and last name?
[Unknown]:kaven
What is the name of your organizational unit?
[Unknown]:ibm
What is the nameof your organization?
[Unknown]:computer
What is the name of your City or Locality?
[Unknown]:shanghai
What is the name of your State or Province?
[Unknown]:shanghai
What is the two-letter country code for this unit?
[Unknown]:cn
Is <CN=kaven,OU=ibm,O=computer,L=shanghai,ST=shanghai,C=cn> correct?
[no]:yEnter key password for <my.store>
(RETURN if same as keystore password):执行完此步后,目录下出现mystore.store文件,为密钥库,此密钥库别名为my.store。三:
c:\zzz\SignedAppletDemo>keytool -export -keystore mystore.store -alias my.store -file mycert.cer
Enter keystore password:791229
Certificate stored in file <mycert.cer>
执行完此步后,目录下出现mycert.cer文件,就是一张证书四:
c:\zzz\SignedAppletDemo>jarsigner -keystore mystore.store myapplet.jar my.store
Enter Passphrase for keystore:791229此步骤是对密钥库签名然后把myapplet.jar,mystore.store,mycert.cer复制到用户目录下。以上是服务器所做步骤
以下是客户机所做步骤五:
c:\zzz\SignedAppletDemo>keytool -import -keystore client.store -alias my.store -file mycert.cer
Enter keystore password:791229
Serial number:Mon May 27 09:34:39 CST 2002 until:Sun Aug 25 09:34:39 CST 2002
Certificate fingerprints:
MD5: 0C:4C:FB:2E:2A:21:60:F5:45:35:A1:40:B6:8D:4E:93
SHA1: 33:9E:67:C7:8F:BE:8B:DE:31:A4:46:80:7F:1E:27:50:90:7A:FD:6B
Trust this certificate? [no]:y
Certificate was added to keystore
用户同意接收该证书,信任该证书颁发者的所有作品,也就是把收到的证书导入本地密钥库。
六:
修改用户的policy文件,文件名为.java.policy放在用户主目录下。
七:
对接收的文件进行验证
C:\zzz\SignedAppletDemo>jarsigner -verify -verbose -keystore mystore.store myapplet.jar
530 Mon May 27 09:41:50 CST 2002 META-INF/MANIFEST.MF
583 Mon May 27 09:41:56 CST 2002 META-INF/MY_STORE.SF
1016 Mon May 27 09:41:56 CST 2002 META-INF/MY_STORE.DSA
0 Mon May 27 09:30:46 CST 2002 META-INF/
0 Sun May 26 23:07:04 CST 2002 classes/
smk 180 Sun May 26 23:07:04 CST 2002 classes/SignedAppletDemo.htm
smk 1692 Sun May 26 23:07:30 CST 2002 classes/SignedAppletDemo.class
smk 1692 Sun May 26 23:07:30 CST 2002 SignedAppletDemo.class
smk 1237 Sun May 26 23:07:20 CST 2002 SignedAppletDemo.java
smk 678 Sun May 26 23:07:04 CST 2002 SignedAppletDemo.jcp
smk 288 Sun May 26 23:07:04 CST 2002 SignedAppletDemo.jcw s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scopejar verified.八:
打开接收文件
C:\zzzSignedAppletDemo>jar -vxf myapplet.jar
展开:META-INF/MANIFEST.MF
展开:META-INF/MY_STORE.SF
展开:META-INF/MY_STORE.DSA
创建:META-INF/
创建:classes/
展开:classes/SignedAppletDemo.htm
展开:classes/SignedAppletDemo.class
展开:SignedAppletDemo.class
展开:SignedAppletDemo.java
展开:SignedAppletDemo.jcp
展开:SignedAppletDemo.jcw那么用户就得到所有被签名的文件。九:
在用户端把生成的证书导入,即安装证书。