[rfc][icedtea-web] Allow for remembering unsigned applet warning decision for entire codebase

Adam Domurad adomurad at redhat.com
Thu Apr 11 10:31:06 PDT 2013 

On 04/05/2013 09:06 AM, Jiri Vanek wrote:
> On 04/04/2013 06:43 PM, Adam Domurad wrote:
>> As discussed between Jiri and myself. This allows for the decision 
>> chosen with unsigned applet confirmation to apply to an entire 
>> codebase, and not just a single applet.
>>
>> 2013-04-04 Adam Domurad <adomurad at redhat.com>
>>
>> Allow remembering applet confirmation for whole codebase.
>> * netx/net/sourceforge/jnlp/resources/Messages.properties:
>> Added SRememberAppletOnly, SRememberCodebase messages
>> * netx/net/sourceforge/jnlp/security/SecurityDialogs.java
>> (showUnsignedWarningDialog): Use UnsignedWarningAction
>> * 
>> netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java
>> (UnsignedAppletTrustWarningDialog): Use UnsignedWarningAction
>> * net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java:
>> Introduce UnsignedWarningAction, add additional confirmation choices
>> * 
>> netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
>> Support remembering action for entire codebase.
>>
>> Happy hacking,
>> -Adam
>
> Ok. Nothing directly against this patch. Working fine and so this can 
> go to head (after nit is fixed) and we will see users feedback after 
> 1.4 will be out unless you *want* to think about it little bit more:)
>
> Only nit (and RFC IRC here:) - Do you think you can show both 
> documentbase and codebase to the user?
> You have now text say "Unsigned  Applet from CODEBASE wants to run...."
> I would like "Unsugned applet from page DOCUMENTBASE with code from 
> CODEBASE  wants to run..." And in radio button then
>
> +SRememberCodebase=For site {0}
>
> where {0} will be CODEBASE (as it is what you are allowing.
> (maybe it will need some Layout changes as codebase can grow, but you 
> have the radiobuttons on separate row so it should be ok)
>
> My concerns are about codebase. Well, it is quite hidden information 
> for user but there is mostly what one expects.
> My imagination runs in ways like:
> "allow just htis appelt" => A 1365157531641 
> \Qhttp://localhost:34556/JavascriptSet.html\E 
> \Qhttp://localhost:34556/\E JavascriptSet.jar (ou  how I miss main 
> class here...)
> "allow everything from page http://localhost:34556/JavascriptSet.html" 
> => A 1365157531641 \Qhttp://localhost:34556/JavascriptSet.html\E .*
> "allow everything from domain http://localhost:34556/" => A 
> 1365157531641 \Qhttp://localhost:34556\E.* .*
> allow everything from codebase http://localhost:34556/" => A 
> 1365157531641 .* \Qhttp://localhost:34556/\E
>
> Both last two can have longer path "where to cut":
> http://domain.net/dir2/dir1/dir0/page.html
> Then best for me would be to allow/deny:
> http://domain.net/dir2/dir1/dir0/page.html
> http://domain.net/dir2/dir1/dir0/.*
> http://domain.net/dir2/dir1/.*
> http://domain.net/dir2/.*
> http://domain.net/.*
> And some combinations with .* and without it and so on....
>
>
> :) But I know you do not like this. One of the reasons I wont your 
> patch in is, that I'm not sure how to intelligently connect codebase 
> and documentbase :-/ So this can be nice task for some new person. And 
> less code/logic == less errors.
>
> J.
>
> ps, thank you for disagreeing with me on several topics in this issue;)

OK, as requested.
For reference: http://i.imgur.com/mmGUaiK.png

Changes:
2013-XX-XX  Adam Domurad  <adomurad at redhat.com>

         Present more information in unsigned applet confirmation.
         * netx/net/sourceforge/jnlp/resources/Messages.properties
         (SRememberCodebase): Add codebase parameter.
         (SUnsignedDetail): Change layout, add documentbase parameter.
         * 
netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java
         (setupInfoPanel): Pass documentbase to SUnsignedDetail.
         (createCheckBoxPanel): Ensure left-alignment.
         (createButtonPanel): Less spacing above button.

Happy hacking,
-Adam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: applet-trust-warning-more-info.patch
Type: text/x-patch
Size: 4106 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20130411/2bb321bc/applet-trust-warning-more-info.patch

More information about the distro-pkg-dev mailing list