use*_*044 2 java jce amazon-web-services openjdk-11
我有一个用 openJDK (Amazon Correto 11) 和 openJFX 编写的应用程序。
当我在本地运行应用程序时 - 一切正常。但是当我从网络共享执行应用程序时出现异常:
java.lang.ExceptionInInitializerError
at java.base/javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
at java.base/javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2624)
at java.base/javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2646)
at java.base/sun.security.ssl.SSLCipher.isUnlimited(SSLCipher.java:540)
at java.base/sun.security.ssl.SSLCipher.<init>(SSLCipher.java:472)
at java.base/sun.security.ssl.SSLCipher.<clinit>(SSLCipher.java:174)
at java.base/sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:67)
at java.base/sun.security.ssl.SSLContextImpl.getApplicableSupportedCipherSuites(SSLContextImpl.java:348)
at java.base/sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:579)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:315)
at java.base/java.security.Provider$Service.getImplClass(Provider.java:1848)
at java.base/java.security.Provider$Service.newInstance(Provider.java:1824)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:168)
at org.apache.http.ssl.SSLContexts.createDefault(SSLContexts.java:51)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.getSocketFactory(SSLConnectionSocketFactory.java:194)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.getDefaultRegistry(PoolingHttpClientConnectionManager.java:115)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.<init>(PoolingHttpClientConnectionManager.java:122)
at com.mashape.unirest.http.options.Options.refresh(Options.java:72)
at com.mashape.unirest.http.options.Options.<clinit>(Options.java:46)
at com.mashape.unirest.http.HttpClientHelper.prepareRequest(HttpClientHelper.java:151)
at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:131)
at com.mashape.unirest.request.BaseRequest.asString(BaseRequest.java:56)
at myapp.util.MyTaxNumberValidator$3.run(MyTaxNumberValidator.java:185)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:120)
... 27 more
Caused by: java.lang.SecurityException: Can't read cryptographic policy directory: unlimited
at java.base/javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:326)
at java.base/javax.crypto.JceSecurity$1.run(JceSecurity.java:111)
at java.base/javax.crypto.JceSecurity$1.run(JceSecurity.java:108)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:107)
... 27 more
我使用命令运行一个应用程序:
\\\some-network-share\app\jre\bin\javaw.exe -jar myapp.jar
因为在这个网络共享上,我复制了 Amazon Correto 11 JDK 文件和我用于该应用程序的其他库。
我在另一个线程中运行 get 请求,该线程抛出异常。
我怎样才能克服这个问题?
请帮忙。
我尝试了不同的库:1. OkHttpClient 2. Java Unirest
但在两个相同的错误中。
java.lang.ExceptionInInitializerError
at java.base/javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
at java.base/javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2624)
at java.base/javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2646)
at java.base/sun.security.ssl.SSLCipher.isUnlimited(SSLCipher.java:540)
at java.base/sun.security.ssl.SSLCipher.<init>(SSLCipher.java:472)
at java.base/sun.security.ssl.SSLCipher.<clinit>(SSLCipher.java:174)
at java.base/sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:67)
at java.base/sun.security.ssl.SSLContextImpl.getApplicableSupportedCipherSuites(SSLContextImpl.java:348)
at java.base/sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:579)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:315)
at java.base/java.security.Provider$Service.getImplClass(Provider.java:1848)
at java.base/java.security.Provider$Service.newInstance(Provider.java:1824)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:168)
at org.apache.http.ssl.SSLContexts.createDefault(SSLContexts.java:51)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.getSocketFactory(SSLConnectionSocketFactory.java:194)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.getDefaultRegistry(PoolingHttpClientConnectionManager.java:115)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.<init>(PoolingHttpClientConnectionManager.java:122)
at com.mashape.unirest.http.options.Options.refresh(Options.java:72)
at com.mashape.unirest.http.options.Options.<clinit>(Options.java:46)
at com.mashape.unirest.http.HttpClientHelper.prepareRequest(HttpClientHelper.java:151)
at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:131)
at com.mashape.unirest.request.BaseRequest.asString(BaseRequest.java:56)
at myapp.util.MyTaxNumberValidator$3.run(MyTaxNumberValidator.java:185)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:120)
... 27 more
Caused by: java.lang.SecurityException: Can't read cryptographic policy directory: unlimited
at java.base/javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:326)
at java.base/javax.crypto.JceSecurity$1.run(JceSecurity.java:111)
at java.base/javax.crypto.JceSecurity$1.run(JceSecurity.java:108)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:107)
... 27 more
编辑 1我添加了额外的堆栈跟踪 - 请检查
线索在您的堆栈跟踪中的最后一个原因:
Caused by: java.lang.SecurityException: Can't read cryptographic policy directory: unlimited
通过java.security.properties从正在运行的 JVM 中检查来验证您的安全策略的来源 :
System.getProperty("java.security.properties");
它应该存在并指向一个文件。检查该文件并确保它具有以下属性,crypto.policy=unlimited并且可以从策略文件所在的位置获得称为无限制的文件夹。策略文件本身应说明在何处查找此文件夹。
对于科雷托来说 <jre_home>/conf/security/policy/
您可以通过启动 JVM 并将策略文件的位置传递给它来修改安全策略的位置:
java -Djava.security.properties==/conf/security/java.security
或java -Djava.security.properties=/conf/security/java.security
=第一种情况下的附加符号将导致 Java 仅使用您指向的文件中的属性。
第二个选项将添加/更新文件中定义的属性。
| 归档时间: |
|
| 查看次数: |
5604 次 |
| 最近记录: |