/hg/release/icedtea6-1.8: netx: error out when unsigned jnlp app...
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Wed Jul 21 10:03:26 PDT 2010
changeset baf9e63a16aa in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=baf9e63a16aa
author: Omair Majid <omajid at redhat.com>
date: Wed Jul 21 13:02:49 2010 -0400
netx: error out when unsigned jnlp applications request permissions
2010-07-20 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties:
Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(setSecurity): Can now throw a LaunchException if the JNLP file
requests permissions but the jars are unsigned.
diffstat:
3 files changed, 26 insertions(+), 9 deletions(-)
ChangeLog | 8 ++++
netx/net/sourceforge/jnlp/resources/Messages.properties | 2 +
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 25 +++++++++------
diffs (70 lines):
diff -r 2489bca2d112 -r baf9e63a16aa ChangeLog
--- a/ChangeLog Tue Jul 20 16:52:27 2010 -0400
+++ b/ChangeLog Wed Jul 21 13:02:49 2010 -0400
@@ -1,3 +1,11 @@ 2010-07-20 Man Lung Wong <mwong at redhat
+2010-07-20 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
+ Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo.
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+ (setSecurity): Can now throw a LaunchException if the JNLP file requests
+ permissions but the jars are unsigned.
+
2010-07-20 Man Lung Wong <mwong at redhat.com>
* netx/net/sourceforge/jnlp/SecurityDesc.java:
diff -r 2489bca2d112 -r baf9e63a16aa netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Tue Jul 20 16:52:27 2010 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 21 13:02:49 2010 -0400
@@ -50,6 +50,8 @@ LNotLaunchableInfo=File must be a JNLP a
LNotLaunchableInfo=File must be a JNLP application, applet, or installer type.
LCantDetermineMainClass=Unknown Main-Class.
LCantDetermineMainClassInfo=Could not determine the main class for this application.
+LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars.
+LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed.
JNotApplet=File is not an applet.
JNotApplication=File is not an application.
diff -r 2489bca2d112 -r baf9e63a16aa netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Jul 20 16:52:27 2010 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 21 13:02:49 2010 -0400
@@ -167,7 +167,7 @@ public class JNLPClassLoader extends URL
}
- private void setSecurity() {
+ private void setSecurity() throws LaunchException {
URL codebase = null;
@@ -196,15 +196,22 @@ public class JNLPClassLoader extends URL
}
} else { //regular jnlp file
- /**
- * If the application is signed, then we set the SecurityDesc to the
- * <security> tag in the jnlp file. Note that if an application is
- * signed, but there is no <security> tag in the jnlp file, the
- * application will get sandbox permissions.
- * If the application is unsigned, we ignore the <security> tag and
- * use a sandbox instead.
+ /*
+ * Various combinations of the jars being signed and <security> tags being
+ * present are possible. They are treated as follows
+ *
+ * Jars JNLP File Result
+ *
+ * Signed <security> Appropriate Permissions
+ * Signed no <security> Sandbox
+ * Unsigned <security> Error
+ * Unsigned no <security> Sandbox
+ *
*/
- if (signing == true) {
+ if (! file.getSecurity().getSecurityType().equals(SecurityDesc.SANDBOX_PERMISSIONS) && !signing) {
+ throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo"));
+ }
+ else if (signing == true) {
this.security = file.getSecurity();
} else {
this.security = new SecurityDesc(file,
More information about the distro-pkg-dev
mailing list