在为客户提供的软件中,我们必须阅读给定的URL来解析其内容.此外,客户需要激活Tomcat-Security-Manager以让Java-Policies控制程序的功能.
现在,通过读取URL,发生异常"javax.net.ssl.SSLKeyException:RSA premaster secret error",但仅在某些条件下:
安全违规发生在Java代码中的某个地方,限制在我们的代码库中的AllPermission不会阻止错误.
那么,有人有一个想法,即为Java 6设置哪个权限,以便它可以处理HTTPS?
其他信息:它在一个tomcat中运行,在一个带有OpenJDK的Debian-Linux上运行.
编辑:我在变量JAVA_OPTS中向Tomcats/etc/default/tomcat6添加了Java-Param"-Djava.security.debug = access,failure".但在日志中我没有其他消息.在触发它们之前,代码可能会询问权限吗?
EDIT2:我找到了正确的位置并获得了完整的堆栈跟踪(删除了特定的客户部分):
javax.net.ssl.SSLKeyException: RSA premaster secret error
at [...]
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at java.lang.Thread.run(Thread.java:701)
Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:141)
at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:191)
... 14 more
EDIT3:到目前为止,我假设Java类URL用于访问资源的内容.但这是不真实的.它使用Grails-Code将Groovy-URL-object与getText()方法一起使用:
new URL(params.url).text
错误发生在这一行.这是Grails-version 2.2.4.