/hg/release/icedtea6-1.7: netx: error out when unsigned jnlp app...
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Wed Jul 21 09:56:28 PDT 2010
changeset 87c67dea5e0a in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=87c67dea5e0a
author: Omair Majid <omajid at redhat.com>
date: Wed Jul 21 12:55:35 2010 -0400
netx: error out when unsigned jnlp applications request permissions
2010-07-20 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties:
Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(setSecurity): Can now throw a LaunchException if the JNLP file
requests permissions but the jars are unsigned.
diffstat:
3 files changed, 27 insertions(+), 9 deletions(-)
ChangeLog | 8 +++++
rt/net/sourceforge/jnlp/resources/Messages.properties | 2 +
rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 26 +++++++++++------
diffs (63 lines):
diff -r 40a2a5a54fce -r 87c67dea5e0a ChangeLog
--- a/ChangeLog Wed Jul 21 17:31:46 2010 +0100
+++ b/ChangeLog Wed Jul 21 12:55:35 2010 -0400
@@ -1,3 +1,11 @@ 2010-07-21 Andrew John Hughes <ahughes
+2010-07-21 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
+ Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo.
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+ (setSecurity): Can now throw a LaunchException if the JNLP file requests
+ permissions but the jars are unsigned.
+
2010-07-21 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Add NIO2 changes.
diff -r 40a2a5a54fce -r 87c67dea5e0a rt/net/sourceforge/jnlp/resources/Messages.properties
--- a/rt/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 21 17:31:46 2010 +0100
+++ b/rt/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 21 12:55:35 2010 -0400
@@ -50,6 +50,8 @@ LNotLaunchableInfo=File must be a JNLP a
LNotLaunchableInfo=File must be a JNLP application, applet, or installer type.
LCantDetermineMainClass=Unknown Main-Class.
LCantDetermineMainClassInfo=Could not determine the main class for this application.
+LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars.
+LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed.
JNotApplet=File is not an applet.
JNotApplication=File is not an application.
diff -r 40a2a5a54fce -r 87c67dea5e0a rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 21 17:31:46 2010 +0100
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 21 12:55:35 2010 -0400
@@ -185,15 +185,23 @@ public class JNLPClassLoader extends URL
}
} else { //regular jnlp file
- /**
- * If the application is signed, then we set the SecurityDesc to the
- * <security> tag in the jnlp file. Note that if an application is
- * signed, but there is no <security> tag in the jnlp file, the
- * application will get sandbox permissions.
- * If the application is unsigned, we ignore the <security> tag and
- * use a sandbox instead.
- */
- if (signing == true) {
+ /*
+ * Various combinations of the jars being signed and <security> tags being
+ * present are possible. They are treated as follows
+ *
+ * Jars JNLP File Result
+ *
+ * Signed <security> Appropriate Permissions
+ * Signed no <security> Sandbox
+ * Unsigned <security> Error
+ * Unsigned no <security> Sandbox
+ *
+ */
+
+ if (!file.getSecurity().getSecurityType().equals(SecurityDesc.SANDBOX_PERMISSIONS) && !signing) {
+ throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo"));
+ }
+ else if (signing == true) {
this.security = file.getSecurity();
} else {
this.security = new SecurityDesc(file,
More information about the distro-pkg-dev
mailing list