/hg/icedtea-web: use deployment-specific user and system level p...
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Tue Jan 4 12:22:50 PST 2011
changeset 94ec09d9d634 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=94ec09d9d634
author: Omair Majid <omajid at redhat.com>
date: Tue Jan 04 15:22:41 2011 -0500
use deployment-specific user and system level policy files to grant
additional permissions
2011-01-04 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java: Add
systemJnlpPolicy and userJnlpPolicy. (JNLPPolicy): Initialize
the new policies. (getPermissions): Consult the extra policies
as well to determine the resulting permissions to be granted.
(getPolicyFromConfig): New method. Create a new Policy instance to
delegate to for system- and user-level policies.
diffstat:
2 files changed, 67 insertions(+), 3 deletions(-)
ChangeLog | 10 +++
netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java | 60 +++++++++++++++++++--
diffs (116 lines):
diff -r e65820401742 -r 94ec09d9d634 ChangeLog
--- a/ChangeLog Tue Jan 04 15:12:40 2011 -0500
+++ b/ChangeLog Tue Jan 04 15:22:41 2011 -0500
@@ -1,3 +1,13 @@ 2011-01-04 Omair Majid <omajid at redhat.
+2011-01-04 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java: Add
+ systemJnlpPolicy and userJnlpPolicy.
+ (JNLPPolicy): Initialize the new policies.
+ (getPermissions): Consult the extra policies as well to determine the
+ resulting permissions to be granted.
+ (getPolicyFromConfig): New method. Create a new Policy instance to
+ delegate to for system- and user-level policies.
+
2011-01-04 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/SecurityDesc.java: Add
diff -r e65820401742 -r 94ec09d9d634 netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java Tue Jan 04 15:12:40 2011 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java Tue Jan 04 15:22:41 2011 -0500
@@ -16,8 +16,12 @@
package net.sourceforge.jnlp.runtime;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.security.*;
import java.util.Enumeration;
+
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
/**
* Policy for JNLP environment. This class delegates to the
@@ -40,10 +44,19 @@ public class JNLPPolicy extends Policy {
/** the previous policy */
private static Policy systemPolicy;
+ /** the system level policy for jnlps */
+ private Policy systemJnlpPolicy = null;
+
+ /** the user-level policy for jnlps */
+ private Policy userJnlpPolicy = null;
+
protected JNLPPolicy() {
shellSource = JNLPPolicy.class.getProtectionDomain().getCodeSource();
systemSource = Policy.class.getProtectionDomain().getCodeSource();
systemPolicy = Policy.getPolicy();
+
+ systemJnlpPolicy = getPolicyFromConfig(DeploymentConfiguration.KEY_SYSTEM_SECURITY_POLICY);
+ userJnlpPolicy = getPolicyFromConfig(DeploymentConfiguration.KEY_USER_SECURITY_POLICY);
}
/**
@@ -62,11 +75,27 @@ public class JNLPPolicy extends Policy {
PermissionCollection clPermissions = cl.getPermissions(source);
+ Enumeration<Permission> e;
+ CodeSource appletCS = new CodeSource(JNLPRuntime.getApplication().getJNLPFile().getSourceLocation(), (java.security.cert.Certificate[]) null);
+
// systempolicy permissions need to be accounted for as well
- CodeSource appletCS = new CodeSource(JNLPRuntime.getApplication().getJNLPFile().getSourceLocation(), (java.security.cert.Certificate[]) null);
- Enumeration e = systemPolicy.getPermissions(appletCS).elements();
+ e = systemPolicy.getPermissions(appletCS).elements();
while (e.hasMoreElements())
- clPermissions.add((Permission) e.nextElement());
+ clPermissions.add(e.nextElement());
+
+ // and so do permissions from the jnlp-specific system policy
+ if (systemJnlpPolicy != null) {
+ e = systemJnlpPolicy.getPermissions(appletCS).elements();
+ while (e.hasMoreElements())
+ clPermissions.add(e.nextElement());
+ }
+
+ // and permissiosn from jnlp-specific user policy too
+ if (userJnlpPolicy != null) {
+ e = userJnlpPolicy.getPermissions(appletCS).elements();
+ while (e.hasMoreElements())
+ clPermissions.add(e.nextElement());
+ }
return clPermissions;
}
@@ -93,6 +122,31 @@ public class JNLPPolicy extends Policy {
return result;
}
+ /**
+ * Constructs a delegate policy based on a config setting
+ * @param key a KEY_* in DeploymentConfiguration
+ * @return a policy based on the configuration set by the user
+ */
+ private Policy getPolicyFromConfig(String key) {
+ Policy policy = null;
+ String policyLocation = null;
+ DeploymentConfiguration config = JNLPRuntime.getConfiguration();
+ policyLocation = config.getProperty(key);
+ if (policyLocation != null) {
+ try {
+ URI policyUri = new URI(policyLocation);
+ policy = getInstance("JavaPolicy", new URIParameter(policyUri));
+ } catch (IllegalArgumentException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ } catch (URISyntaxException e) {
+ e.printStackTrace();
+ }
+ }
+ return policy;
+ }
+
public boolean implies(ProtectionDomain domain, Permission permission) {
//Include the permissions that may be added during runtime.
PermissionCollection pc = getPermissions(domain.getCodeSource());
More information about the distro-pkg-dev
mailing list