Tag Archives: Java

双击运行的jar包

Posted on by No Comments ↓

让jar包可以双击运行,其实很简单

1.写一个manifest.mf文件,里面只有两行
第一行为Main-Class
第二行为空行
注意冒号后面有一个空格

Main-Class: YourClassName

2.用jar命令打包

jar -cvfm xxx.jar xxx.mf classfiles

3.然后就可以运行了

要注意,双击运行jar包时,
系统会调用javaw而不是java,
因此命令行输出是看不到的。

JNI简单例子1

Posted on by No Comments ↓

1.Java代码CallApi.java

class CallApi{
    private native String showMessageBox(String msg);
    private native double getRandomDouble();

    static{
        try{
            System.loadLibrary("CallApi");
            System.out.println("Loaded CallApi");
        }catch(UnsatisfiedLinkError e){
            //nothing to do
            System.out.println("Couldn't load CallApi");
            System.out.println(e.getMessage());
        }
    }

    public static void main(String args[]){
        CallApi api = new CallApi();
        double randomNumber = api.getRandomDouble();
        String retval = api.showMessageBox("Hello from Java!\n"+
            "The native random number: "+randomNumber);
            System.out.println("The native string: "+retval);
    }
}

2.生成dll的CallApi.h文件

javah -classpath . -jni CallApi

/* DO NOT EDIT THIS FILE - it is machine generated */
#include <jni.h>
/* Header for class CallApi */

#ifndef _Included_CallApi
#define _Included_CallApi
#ifdef __cplusplus
extern "C" {
#endif
/*
 * Class:     CallApi
 * Method:    showMessageBox
 * Signature: (Ljava/lang/String;)Ljava/lang/String;
 */
JNIEXPORT jstring JNICALL Java_CallApi_showMessageBox
  (JNIEnv *, jobject, jstring);

/*
 * Class:     CallApi
 * Method:    getRandomDouble
 * Signature: ()D
 */
JNIEXPORT jdouble JNICALL Java_CallApi_getRandomDouble
  (JNIEnv *, jobject);

#ifdef __cplusplus
}
#endif
#endif

3.手写dll的CallApi.c文件

#include"CallApi.h"
#include <windows.h>
#include <time.h>

//#pragma comment(lib,"user32.lib")

JNIEXPORT jstring JNICALL Java_CallApi_showMessageBox
  (JNIEnv *env, jobject thisObject, jstring js)
{
    //first convert jstring to const char for use in MessageBox
    const jbyte* argvv = (*env)->GetStringUTFChars(env, js, NULL);
    char* argv =(char *) argvv;

    //Call MessageBoxA
    MessageBox(NULL, argv, "Called from Java!", MB_ICONEXCLAMATION | MB_OK);
    return js;

}


JNIEXPORT jdouble JNICALL Java_CallApi_getRandomDouble
  (JNIEnv *env, jobject thisObject)
{
    double num1;
    srand((unsigned)(time(0)));
    num1 = ((double)rand()/(double)RAND_MAX);

    return num1;
}

4.编译
注意1:要引用jdk下的include目录下文件,因此要增加引用文件路径
注意2:用MT而不是MD

5.运行

java -Djava.library.path=. CallApi

jnlp的SingleInstanse

Posted on by No Comments ↓ 
//实现SingleInstanceListener接口
class SISListener implements SingleInstanceListener
{
    public void newActivation(String[] params)
    {
        //处理传入参数
    }
}

//获取服务
SingleInstanceService sis; 
try
{ 
    sis = (SingleInstanceService)ServiceManager.lookup("javax.jnlp.SingleInstanceService");
} 
catch (UnavailableServiceException e) 
{ 
    sis=null; 
}

//程序启动时注册SingleInstanceListener
SISListener sisL = new SISListener();
sis.addSingleInstanceListener(sisL);

//程序退出时移除SingleInstanceListener
sis.removeSingleInstanceListener(sisL);
System.exit(0);

Applet自签名

Posted on by No Comments ↓

1、修改Applet主Jar包的Manifest文件,添加下面几行,然后重新打包

Application-Name: AppletTest
Implementation-version: 1.0
Application-Library-Allowable-Codebase: *
Permissions: sandbox
Caller-Allowable-Codebase: * localhost 127.0.0.1

2、生成keystore及key

#生成私钥
keytool -validity 10000 -genkey -alias xxxxxx -keypass xxxxxx -storepass xxxxxx -keystore xxxxxx.jks -dname "CN=(R&D),O=(ATS),C=(CN)" -keyalg RSA

导出证书

#证书DER格式
keytool -exportcert -alias xxxxxx -keypass xxxxxx -keystore xxxxxx.jks -storepass xxxxxx -file xxxxxx.der
#证书PEM格式
keytool -exportcert -alias xxxxxx -keypass xxxxxx -keystore xxxxxx.jks -storepass xxxxxx -rfc -file xxxxxx.pem

枚举证书

keytool -list -keystore xxxxxx.jks

3、签名

jarsigner -keystore xxxxxx.jks -storepass xxxxxx -keypass xxxxxx xxxxxx.jar xxxxxx

4、验证

JARsigner -verbose -verify  xxxxxx.jar

5、信任签名证书,下面两种方式用一种就好了
5.1、导入CA证书(按用OS登录户全局,自签名Jar)

#下面的方式,与java控制面板导入证书效果相同

#win7
keytool -import -trustcacerts -keystore "%userprofile%\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs" -alias "" -file XXXXXX.cer -storepass "" -noprompt

#winxp
keytool -import -trustcacerts -keystore "%APPDATA%\Sun\Java\Deployment\security\trusted.certs" -alias "" -file XXXXXX.cer -storepass "" -noprompt

5.2、导入CA证书(按JDR/JRE全局,自签名Jar)

keytool -import -trustcacerts -file XXXXXX.der -alias NMyCA1024 -keystore %JRE_HOME%\lib\security\cacerts -storepass changeit

6、如果自签名证书还是不行的话
到java控制面板,安全中,把你的网站添加到信任列表就好了。

Jar包签名

Posted on by No Comments ↓

1、生成keystore及key

#生成私钥
keytool -validity 10000 -genkey -alias xxxxxx -keypass xxxxxx -storepass xxxxxx -keystore xxxxxx.jks -dname "CN=(R&D),O=(ATS),C=(CN)" -keyalg RSA

导出证书

#证书DER格式
keytool -exportcert -alias xxxxxx -keypass xxxxxx -keystore xxxxxx.jks -storepass xxxxxx -file xxxxxx.der
#证书PEM格式
keytool -exportcert -alias xxxxxx -keypass xxxxxx -keystore xxxxxx.jks -storepass xxxxxx -rfc -file xxxxxx.pem

枚举证书

keytool -list -keystore xxxxxx.jks

2、签名

jarsigner -keystore xxxxxx.jks -storepass xxxxxx -keypass xxxxxx xxxxxx.jar xxxxxx

3、验证

JARsigner -verbose -verify  xxxxxx.jar

JAAS配置

Posted on by No Comments ↓

1.web.xml

  <!-- JAAS认证 -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>protected-resource</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
      <url-pattern>*.action</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>NEOJAAS</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <description>JAASTest Roles</description>
    <role-name>NEOJAAS</role-name>
  </security-role>

2.login.jsp

<form method="post" action="j_security_check"&#93;
  <label>用户名</label>
  <input name="j_username" type="text" maxlength="32" class="login-text"/>
  <label>密&nbsp;&nbsp;&nbsp;码</label>
  <input name="j_password" type="password" maxlength="32" class="login-text"/>
  <input type="submit" class="stuff" value="登&nbsp;录" />
</form>

Tomcat中的Realm

Posted on by No Comments ↓

Realm其实就是一个存放用户名,密码及角色的一个“数据库”。
Tomcat中的Realm有下面几种,你也可以使用自己的Realm,只要实现org.apache.catalina.Realm就可以了。

1.JDBCRealm
授权信息存在关系数据库中, 通过JDBC驱动访问
数据库中必须至少有两张表,表示用户及角色
用户表必须至少有两个字段,用户名及密码
角色表必须至少有两个字段,用户名及角色

create table users (
  user_name         varchar(15) not null primary key,
  user_pass         varchar(15) not null
);

create table user_roles (
  user_name         varchar(15) not null,
  role_name         varchar(15) not null,
  primary key (user_name, role_name)
);

<Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="org.gjt.mm.mysql.Driver"
  connectionURL="jdbc:mysql://localhost/authority?user=dbuser&amp;password=dbpass"
  userTable="users" userNameCol="user_name" userCredCol="user_pass"
  userRoleTable="user_roles" roleNameCol="role_name"/>

2.DataSourceRealm
授权信息存在关系数据库中, 通过JNDI JDBC数据源访问
数据库中必须至少有两张表,表示用户及角色
用户表必须至少有两个字段,用户名及密码
角色表必须至少有两个字段,用户名及角色

create table users (
  user_name         varchar(15) not null primary key,
  user_pass         varchar(15) not null
);

create table user_roles (
  user_name         varchar(15) not null,
  role_name         varchar(15) not null,
  primary key (user_name, role_name)
);

<Realm className="org.apache.catalina.realm.DataSourceRealm"
  dataSourceName="jdbc/authority"
  userTable="users" userNameCol="user_name" userCredCol="user_pass"
  userRoleTable="user_roles" roleNameCol="role_name"/>

3.JNDIRealm
授权信息存在LDAP目录服务器中,通过JNDI提供者访问

<Realm className="org.apache.catalina.realm.JNDIRealm"
  connectionName="cn=Manager,dc=mycompany,dc=com"
  connectionPassword="secret"
  connectionURL="ldap://localhost:389"
  userPassword="userPassword"
  userPattern="uid={0},ou=people,dc=mycompany,dc=com"
  roleBase="ou=groups,dc=mycompany,dc=com"
  roleName="cn"
  roleSearch="(uniqueMember={0})"
/>

4.UserDatabaseRealm
默认配置,只是用于少量用户
授权信息存在用户数据JNDI资源中,该资源通常是一个XML文档 (conf/tomcat-users.xml)

<tomcat-users>
  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="role1"  password="tomcat" roles="role1"  />
  <user name="both"   password="tomcat" roles="tomcat,role1" />
</tomcat-users>

5.MemoryRealm
授权信息存在内存中的对象集合中,该对象集合来自XML文档 (conf/tomcat-users.xml).
仅用于测试。

6.JAASRealm
通过JAAS框架访问授权信息,最灵活最开放的一种授权方式。
如果前面几种方式满足不了你的需求,可以先试试这种方式。

<Realm className="org.apache.catalina.realm.JAASRealm"
  appName="MyFooRealm"
  userClassNames="org.foobar.realm.FooUser"
  roleClassNames="org.foobar.realm.FooRole"/>

7.CombinedRealm
采用多种方式授权。

<Realm className="org.apache.catalina.realm.CombinedRealm" >
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
    resourceName="UserDatabase"/>
  <Realm className="org.apache.catalina.realm.DataSourceRealm"
    dataSourceName="jdbc/authority"
    userTable="users" userNameCol="user_name" userCredCol="user_pass"
    userRoleTable="user_roles" roleNameCol="role_name"/>
</Realm>

8.LockOutRealm
多次登录失败后,锁定用户

<Realm className="org.apache.catalina.realm.LockOutRealm" >
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
    resourceName="UserDatabase"/>
</Realm>

最后,如果你需要加密密码,那么需要只需要在Realm配置中指定所用的摘要算法就可以了

digest="MD5"
digest="SHA"

参考文章