Applet数字签名突破Applet的安全限制,读写本地文件
第1步 编写applet程序:在src创建myApplet类
|
import java.applet.Applet; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.net.HttpURLConnection; import java.net.URL; public class myApplet extends Applet { private static final long serialVersionUID = 1L; private static final String clientFilePath = "c:/temp"; @Override public void init() { String url = getParameter("url"); String fileName = getParameter("fileName"); //删除旧的文件 deleteOldFile(); //下载远程文件到本地,保存在c:/temp fileName = clientFilePath + "/" + fileName; downloadFile(url, fileName); //启动本地文件 startNow(fileName); } public void deleteOldFile() { File file = new File(clientFilePath); if (!file.exists()) { file.mkdir(); } File files = new File(clientFilePath); if (files.isDirectory()) { String[] fileList = files.list(); for (int i = 0; i < fileList.length; i++) { File delFile = new File(clientFilePath + "/" + fileList[i]); delFile.delete(); } } }
/** * 获取远程文件 * @param remoteFilePath 远程文件路径 * @param localFilePath 本地文件路径 */ public void downloadFile(String remoteFilePath, String localFilePath) { URL urlfile = null; HttpURLConnection httpUrl = null; BufferedInputStream bis = null; BufferedOutputStream bos = null; File f = new File(localFilePath); try { urlfile = new URL(remoteFilePath); httpUrl = (HttpURLConnection)urlfile.openConnection(); httpUrl.connect(); bis = new BufferedInputStream(httpUrl.getInputStream()); bos = new BufferedOutputStream(new FileOutputStream(f)); int len = 2048; byte[] b = new byte[len]; while ((len = bis.read(b)) != -1) { bos.write(b, 0, len); } bos.flush(); bis.close(); httpUrl.disconnect(); } catch (Exception e) { e.printStackTrace(); } finally { try { bis.close(); bos.close(); } catch (IOException e) { e.printStackTrace(); } } }
/** * 启动可行性文件或应用程序 * @param fileName */ public void startNow(String fileName) { try { Runtime.getRuntime().exec(new String[] {fileName}); } catch (Exception e) { e.printStackTrace(); } } } |
第2步: 编译myApplet.java,并压缩成myapplet.jar文件:
进入工程的WebRoot\WEB-INF\classes下,执行
jar cvf myapplet.jar myApplet.class
第3步:使用keytool命令生成密钥库
keytool -genkey -dname "cn=my Company, ou=my Software, o= my Company, c=China" -alias myapplet -keypass myapplet -storepass myapplet -validity 365 -keystore .\myapplet
这段命令将会创建一个数字文件放在当前目录的二进制文件 myapplet中。该证书的别名是 myapplet(通过 -alias 指定),密钥的密码是myapplet( -keypass 命令指定),存储密钥的文件密码也是myapplet( - storepass 命令指定),证书的有效期是 365 天(通过 -validity 指定)。
备注:
(1)检查下这份证书文件的内容:
keytool -list -keystore .\myapplet-storepass myapplet
(2)有时可能需要导出证书供人使用,可以执行下面的命令
keytool -export -keystore .\myapplet -storepass myapplet -file myapplet.cer -alias myapplet
第3步:对 JAR 文件进行数字签名
jarsigner -verbose -keystore .\myapplet myapplet.jar myapplet
第4步:在WebRoot中创建业务目录,如myapplet,将myapplet.class和myapplet.jar拷贝到该目下,新建jsp,页面内容为
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<%
String url=request.getParameter("url");
String fileName=request.getParameter("fileName");
request.setAttribute("url",url);
request.setAttribute("fileName",fileName);
%>
</head>
<body>
<center>
<applet code="JoinconfApplet.class" archive="econference.jar" name="econf"
width="0" height="0" MAYSCRIPT>
<PARAM NAME="url" VALUE="${url }">
<PARAM NAME="fileName" VALUE="${fileName }">
</center>
</applet>
</body>
</html>