[fyi][icedtea-web] backend and itw-settings for extended applets security
Adam Domurad
adomurad at redhat.com
Mon Feb 25 12:22:13 PST 2013
On 02/25/2013 12:40 PM, Jiri Vanek wrote:
> On 02/21/2013 11:07 PM, Adam Domurad wrote:
>> On 02/20/2013 04:53 PM, Adam Domurad wrote:
>>> Here are some proposed fixes. Thanks.
>>>
>>> - comapre -> compare typo fix
>>> - Never return from a finally block! (Eclipse underlines the whole
>>> finally block as a warning.)
>>> See
>>> http://weblogs.java.net/blog/staufferjames/archive/2007/06/_dont_return_in.html
>>> - Added a null check so we don't compare if a null archive list is
>>> stored.
>>>
>>> - Adam
>>>
>>>
>>
>> Ignore that one, this trumps it.
>>
>> OK. I tried to separate what would be considered changes to Jiri's
>> part out.
>> AppletSecuritySettings.java had to be moved out of sun.applet to make
>> it accessible.
>>
>> First apply Jiris latest patch, then the rest of them with
>> integrated-dialogue2.patch last.
>>
>> Here are the patches. Will make a ChangeLog sometime soon.
>>
>> All the applet security levels should be working in this patch, as
>> well it should honour the global
>> applet settings.
>>
>> Red/green text indicates if you've accepted a patch before.
>>
>> Further implementation question:
>> - Currently when many applets share a single classloader on a page
>> and one is rejected, it'd be nice
>> if the it did not ask for rejection for all the other applets. It is
>> tricky to get this right.
>> Perhaps rejecting a certain unique key should be permanent for a
>> session ? There should be no harm,
>> as you can always restart your browser if you accidentally hit
>> reject. And indeed there is harm in
>> the other direction, if you reject an applet but accidentally hit OK
>> for one of the other applet
>> dialogues that come up.
>>
>> Let me know of any issues.
>>
>> Happy hacking,
>> -Adam
>
>
> ugh. Next round of backend:
>
> My OriginalPatch, added filtering for table and removed mainClass -
> all as separate changes.
> Also agreedChangesToLockingFile.diff ( I agree with your changes,
> nextTime I will merge them inside)
> I have rewritten your strength matching algorithm -
> newMAtchByStrength.diff - I hope it will still suits (the only change
> was actually to returnimidiately when strong match is found - return
> first week otherwise)
>
> Thanx for suggestions, as Omair suggested - lets fire this! (means
> merge above, add tests and push)
>
> ps: I hope I have not forget some occurence of mainCLass somewhere :-/
> pps: test tests and tests on my side :-/
Great.
Mainclass:
> diff -r 98060d84ad58
> netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
> ---
> a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
> Mon Feb 25 16:26:29 2013 +0100
> +++
> b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
> Mon Feb 25 18:32:10 2013 +0100
> @@ -37,11 +37,11 @@
>
> import java.util.Date;
> import javax.swing.table.AbstractTableModel;
> +import net.sourceforge.jnlp.runtime.Translator;
> import
> net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
> import
> net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletActionEntry;
> import net.sourceforge.jnlp.security.appletextendedsecurity.UrlRegEx;
> import
> net.sourceforge.jnlp.security.appletextendedsecurity.impl.UnsignedAppletActionStorageExtendedImpl;
> -import net.sourceforge.jnlp.runtime.Translator;
>
> public class UnsignedAppletActionTableModel extends AbstractTableModel {
>
> @@ -50,7 +50,7 @@
> Translator.R("APPEXTSECguiTableModelTableColumnDateOfAction"),
> Translator.R("APPEXTSECguiTableModelTableColumnDocumentBase"),
> Translator.R("APPEXTSECguiTableModelTableColumnCodeBase"),
> - Translator.R("APPEXTSECguiTableModelTableColumnMainClass"),
> + //Translator.R("APPEXTSECguiTableModelTableColumnMainClass"),
I noticed you kept the translator stuff as comments, but I'd be in
favour of just dropping it. Theres already too many comments in ITW that
have long-forgotten purpose :-)
> Translator.R("APPEXTSECguiTableModelTableColumnArchives")};
>
> public
> UnsignedAppletActionTableModel(UnsignedAppletActionStorageExtendedImpl
> back) {
> @@ -86,10 +86,10 @@
> if (columnIndex == 3) {
> return UrlRegEx.class;
> }
> - if (columnIndex == 3) {
> + if (columnIndex == 4) {
> return String.class;
> }
> - if (columnIndex == 3) {
> + if (columnIndex == 5) {
> return String.class;
> }
> return Object.class;
> @@ -129,9 +129,6 @@
> return source.getCodeBase();
> }
> if (columnIndex == 4) {
> - return source.getMainClass();
> - }
> - if (columnIndex == 5) {
> return
> UnsignedAppletActionEntry.createArchivesString(source.getArchives());
> }
> return null;
> @@ -152,7 +149,6 @@
> new Date(),
> new UrlRegEx(s),
> new UrlRegEx(s),
> - null,
> null));
> fireTableRowsInserted(i, i + 1);
> }
> diff -r 98060d84ad58
> netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
> ---
> a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
> Mon Feb 25 16:26:29 2013 +0100
> +++
> b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
> Mon Feb 25 18:32:10 2013 +0100
> @@ -186,7 +186,7 @@
> + "\n (" +
> Translator.R("APPEXTSECguiPanelAppletInfoHederPart2",
> i.getUnsignedAppletAction(),
> DateFormat.getInstance().format(i.getTimeStamp()))
> + "\n " +
> Translator.R("APPEXTSECguiTableModelTableColumnDocumentBase") + ": " +
> i.getDocumentBase().getFilteredRegEx()
> + "\n " +
> Translator.R("APPEXTSECguiTableModelTableColumnCodeBase") + ": " +
> i.getCodeBase().getFilteredRegEx()
> - + "\n " +
> Translator.R("APPEXTSECguiTableModelTableColumnMainClass") + ": " +
> ((i.getMainClass() == null) ? "" : i.getMainClass())
> + //+ "\n " +
> Translator.R("APPEXTSECguiTableModelTableColumnMainClass") + ": " +
> ((i.getMainClass() == null) ? "" : i.getMainClass())
> + "\n " +
> Translator.R("APPEXTSECguiTableModelTableColumnArchives") + ": " +
> UnsignedAppletActionEntry.createArchivesString(i.getArchives());
> }
>
> @@ -540,7 +540,7 @@
> lastDoc = s1;
> lastCode = s2;
> try {
> - List<UnsignedAppletActionEntry> i =
> currentModel.back.getMatchingItems(s1, s2, null, null);
> + List<UnsignedAppletActionEntry> i =
> currentModel.back.getMatchingItems(s1, s2, null);
> if (i == null || i.isEmpty()) {
> JOptionPane.showMessageDialog(this,
> Translator.R("APPEXTSECguiPanelNoMatch"));
> } else {
> diff -r 98060d84ad58
> netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java
> ---
> a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java
> Mon Feb 25 16:26:29 2013 +0100
> +++
> b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java
> Mon Feb 25 18:32:10 2013 +0100
> @@ -47,7 +47,6 @@
> private Date timeStamp;
> private UrlRegEx documentBase;
> private UrlRegEx codeBase;
> - private String mainClass;
> private List<String> archives;
>
> public static UnsignedAppletActionEntry createFromString(String s) {
> @@ -57,26 +56,21 @@
> new Date(new Long(split[1])),
> new UrlRegEx(split[2]),
> null,
> - null,
> null);
> if (split.length > 3) {
> nw.setCodeBase(new UrlRegEx(split[3]));
> }
> if (split.length > 4) {
> - nw.setMainClass(split[4]);
> - }
> - if (split.length > 5) {
> - nw.setArchives(createArchivesList(s.substring(s.indexOf(split[4]) +
> split[4].length()).trim()));
> +
> nw.setArchives(createArchivesList(s.substring(s.lastIndexOf(split[3])
> + split[3].length()).trim()));
> }
> return nw;
> }
>
> - public UnsignedAppletActionEntry(ExecuteUnsignedApplet
> unsignedAppletAction, Date timeStamp, UrlRegEx documentBase, UrlRegEx
> codeBase, String mainClass, List<String> archives) {
> + public UnsignedAppletActionEntry(ExecuteUnsignedApplet
> unsignedAppletAction, Date timeStamp, UrlRegEx documentBase, UrlRegEx
> codeBase, List<String> archives) {
> this.unsignedAppletAction = unsignedAppletAction;
> this.timeStamp = timeStamp;
> this.documentBase = documentBase;
> this.codeBase = codeBase;
> - this.mainClass = mainClass;
> this.archives = archives;
>
> }
> @@ -96,7 +90,6 @@
> + " " + ((timeStamp == null) ? "1" : timeStamp.getTime())
> + " " + ((documentBase == null) ? "" :
> documentBase.getRegEx())
> + " " + ((codeBase == null) ? "" : codeBase.getRegEx())
> - + " " + ((mainClass == null) ? "" : mainClass)
> + " " + createArchivesString(archives);
> }
>
> @@ -132,14 +125,6 @@
> this.codeBase = codeBase;
> }
>
> - public String getMainClass() {
> - return mainClass;
> - }
> -
> - public void setMainClass(String mainClass) {
> - this.mainClass = mainClass;
> - }
> -
> public List<String> getArchives() {
> return archives;
> }
> diff -r 98060d84ad58
> netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
> ---
> a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
> Mon Feb 25 16:26:29 2013 +0100
> +++
> b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
> Mon Feb 25 18:32:10 2013 +0100
> @@ -1,19 +1,37 @@
> -/*
> - Copyright (C) 2013 Red Hat
> +/* Copyright (C) 2013 Red Hat, Inc.
>
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 2 of the License, or
> - (at your option) any later version.
> + This file is part of IcedTea.
>
> - This program is distributed in the hope that it will be useful, but
> - WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + IcedTea is free software; you can redistribute it and/or
> + modify it under the terms of the GNU General Public License as
> published by
> + the Free Software Foundation, version 2.
> +
> + IcedTea is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> General Public License for more details.
>
> You should have received a copy of the GNU General Public License
> - along with this program; if not, write to the Free Software
> - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + along with IcedTea; see the file COPYING. If not, write to
> + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
> Boston, MA
> + 02110-1301 USA.
> +
> + Linking this library statically or dynamically with other modules is
> + making a combined work based on this library. Thus, the terms and
> + conditions of the GNU General Public License cover the whole
> + combination.
> +
> + As a special exception, the copyright holders of this library give you
> + permission to link this library with independent modules to produce an
> + executable, regardless of the license terms of these independent
> + modules, and to copy and distribute the resulting executable under
> + terms of your choice, provided that you also meet, for each linked
> + independent module, the terms and conditions of the license of that
> + module. An independent module is a module which is not derived from
> + or based on this library. If you modify this library, you may extend
> + this exception to your version of the library, but you are not
> + obligated to do so. If you do not wish to do so, delete this
> + exception statement from your version.
> */
> package net.sourceforge.jnlp.security.appletextendedsecurity;
>
> @@ -50,7 +68,7 @@
> * @param archives
> * @return
> */
> - public UnsignedAppletActionEntry getMatchingItem(String
> documentBase, String codeBase, String mainClass, List<String> archives);
> + public UnsignedAppletActionEntry getMatchingItem(String
> documentBase, String codeBase, List<String> archives);
>
> /**
> * Shortcut getMatchingItem(documentBase, null,null,null)
> diff -r 98060d84ad58
> netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java
> ---
> a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java
> Mon Feb 25 16:26:29 2013 +0100
> +++
> b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java
> Mon Feb 25 18:32:10 2013 +0100
> @@ -166,9 +166,6 @@
> source.setCodeBase(new UrlRegEx((String)
> aValue));
> }
> if (columnIndex == 4) {
> - source.setMainClass((String) aValue);
> - }
> - if (columnIndex == 5) {
> source.setArchives(UnsignedAppletActionEntry.createArchivesList((String)
> aValue));
> }
>
> diff -r 98060d84ad58
> netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java
> ---
> a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java
> Mon Feb 25 16:26:29 2013 +0100
> +++
> b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java
> Mon Feb 25 18:32:10 2013 +0100
> @@ -131,8 +131,8 @@
> }
>
> @Override
> - public UnsignedAppletActionEntry getMatchingItem(String
> documentBase, String codeBase, String mainClass, List<String> archives) {
> - List<UnsignedAppletActionEntry> results =
> getMatchingItems(documentBase, codeBase, mainClass, archives);
> + public UnsignedAppletActionEntry getMatchingItem(String
> documentBase, String codeBase, List<String> archives) {
> + List<UnsignedAppletActionEntry> results =
> getMatchingItems(documentBase, codeBase, archives);
> if (results == null || results.isEmpty()) {
> return null;
> }
> @@ -150,7 +150,7 @@
> return results.get(0);
> }
>
> - public List<UnsignedAppletActionEntry> getMatchingItems(String
> documentBase, String codeBase, String mainClass, List<String> archives) {
> + public List<UnsignedAppletActionEntry> getMatchingItems(String
> documentBase, String codeBase, List<String> archives) {
> List<UnsignedAppletActionEntry> result = new ArrayList();
> lock();
> try {
> @@ -159,7 +159,7 @@
> return result;
> }
> for (UnsignedAppletActionEntry unsignedAppletActionEntry
> : items) {
> - if (isMatching(unsignedAppletActionEntry,
> documentBase, codeBase, mainClass, archives)) {
> + if (isMatching(unsignedAppletActionEntry,
> documentBase, codeBase, archives)) {
> result.add(unsignedAppletActionEntry);
> }
> }
> @@ -171,7 +171,7 @@
> return result;
> }
>
> - private boolean isMatching(UnsignedAppletActionEntry
> unsignedAppletActionEntry, String documentBase, String codeBase,
> String mainClass, List<String> archives) {
> + private boolean isMatching(UnsignedAppletActionEntry
> unsignedAppletActionEntry, String documentBase, String codeBase,
> List<String> archives) {
> boolean result = true;
> if (documentBase != null && !documentBase.trim().isEmpty()) {
> result = result &&
> documentBase.matches(unsignedAppletActionEntry.getDocumentBase().getRegEx());
> @@ -179,10 +179,6 @@
> if (codeBase != null && !codeBase.trim().isEmpty()) {
> result = result &&
> codeBase.matches(unsignedAppletActionEntry.getCodeBase().getRegEx());
> }
> - if (mainClass != null && !mainClass.trim().isEmpty()) {
> - result = result &&
> mainClass.equals(unsignedAppletActionEntry.getMainClass());
> - }
> -
> if (archives != null) {
> result = result && compareArchives(archives,
> unsignedAppletActionEntry.getArchives());
> }
> @@ -195,6 +191,15 @@
> }
>
> private boolean compareArchives(List<String> archives,
> List<String> saved) {
> + if (archives == null && saved !=null){
> + return false;
> + }
> + if (archives != null && saved ==null){
> + return false;
> + }
> + if (archives == null && saved ==null){
> + return true;
> + }
> if (archives.size() != saved.size()) {
> return false;
> }
> @@ -220,16 +225,16 @@
>
> @Override
> public UnsignedAppletActionEntry
> getMatchingItemByDocumentBase(String documentBase) {
> - return getMatchingItem(documentBase, null, null, null);
> + return getMatchingItem(documentBase, null, null);
> }
>
> @Override
> public UnsignedAppletActionEntry getMatchingItemByCodeBase(String
> codeBase) {
> - return getMatchingItem(null, codeBase, null, null);
> + return getMatchingItem(null, codeBase, null);
> }
>
> @Override
> public UnsignedAppletActionEntry getMatchingItemByBases(String
> documentBase, String codeBase) {
> - return getMatchingItem(documentBase, codeBase, null, null);
> + return getMatchingItem(documentBase, codeBase, null);
> }
> }
> diff -r 98060d84ad58
> tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java
> ---
> a/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java
> Mon Feb 25 16:26:29 2013 +0100
> +++
> b/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java
> Mon Feb 25 18:32:10 2013 +0100
> @@ -59,22 +59,20 @@
> f2 = File.createTempFile("itwMatching", "testFile2");
> f3 = File.createTempFile("itwMatching", "testFile3");
> f4 = File.createTempFile("itwMatching", "testFile4");
> - ServerAccess.saveFile("A 123456 .* .* main jar1,jar2", f1);
> - ServerAccess.saveFile("A 123456 .* \\Qbla\\E main jar1,jar2",
> f2);
> + ServerAccess.saveFile("A 123456 .* .* jar1,jar2", f1);
> + ServerAccess.saveFile("A 123456 .* \\Qbla\\E jar1,jar2", f2);
> }
>
> @Test
> public void allMatchingDocAndCode() {
> UnsignedAppletActionStorageImpl i1 = new
> UnsignedAppletActionStorageImpl(f1);
> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla",
> "blaBla", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla",
> "blaBla", Arrays.asList(new String[]{"jar1", "jar2"}));
> Assert.assertNotNull("r1 should be found", r1);
> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("blah",
> "blaBla", "main", Arrays.asList(new String[]{"jar2", "jar1"}));
> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("blah",
> "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
> Assert.assertNotNull("r3 should be found", r1);
> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla",
> "blaBlam", "wrong_main", Arrays.asList(new String[]{"jar1", "jar2"}));
> - Assert.assertNull("r2 should NOT be found", r2);
> - UnsignedAppletActionEntry r4 = i1.getMatchingItem("blha",
> "blaBlam", "main", Arrays.asList(new String[]{"jar2", "wrong_jar"}));
> + UnsignedAppletActionEntry r4 = i1.getMatchingItem("blha",
> "blaBlam", Arrays.asList(new String[]{"jar2", "wrong_jar"}));
> Assert.assertNull("r4 should NOT be found", r4);
> - UnsignedAppletActionEntry r5 = i1.getMatchingItem("blaBla",
> "blaBlaBla", "main", Arrays.asList(new String[]{"jar2"}));
> + UnsignedAppletActionEntry r5 = i1.getMatchingItem("blaBla",
> "blaBlaBla", Arrays.asList(new String[]{"jar2"}));
> Assert.assertNull("r5 should NOT be found", r5);
>
> }
> @@ -82,13 +80,13 @@
> @Test
> public void allMatchingDocAndStrictCode() {
> UnsignedAppletActionStorageImpl i1 = new
> UnsignedAppletActionStorageImpl(f2);
> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("whatever",
> "bla", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("whatever",
> "bla", Arrays.asList(new String[]{"jar1", "jar2"}));
> Assert.assertNotNull("r1 should be found", r1);
> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("whatever",
> null, "main", Arrays.asList(new String[]{"jar2", "jar1"}));
> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("whatever",
> null, Arrays.asList(new String[]{"jar2", "jar1"}));
> Assert.assertNotNull("r3 should be found", r1);
> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla",
> "blaBlam", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
> + UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla",
> "blaBlam", Arrays.asList(new String[]{"jar1", "jar2"}));
> Assert.assertNull("r2 should NOT be found", r2);
> - UnsignedAppletActionEntry r4 = i1.getMatchingItem(null,
> "blaBlam", null, null);
> + UnsignedAppletActionEntry r4 = i1.getMatchingItem(null,
> "blaBlam", null);
> Assert.assertNull("r4 should NOT be found", r4);
>
> }
> @@ -96,19 +94,19 @@
> @Test
> public void allMatchingDocAndCodeWithNulls() {
> UnsignedAppletActionStorageImpl i1 = new
> UnsignedAppletActionStorageImpl(f1);
> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla",
> "blaBla", null, null);
> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla",
> "blaBla", null);
> Assert.assertNotNull("r1 should be found", r1);
> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("bla",
> "whatever", "", null);
> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("bla",
> "whatever", null);
> Assert.assertNotNull("r3 should be found", r1);
> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla",
> "blaBla", null, Arrays.asList(new String[]{"jar2", "jar1"}));
> + UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla",
> "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
> Assert.assertNotNull("r2 should be found", r2);
> - UnsignedAppletActionEntry r4 = i1.getMatchingItem("bla",
> "blaBla", "main", null);
> + UnsignedAppletActionEntry r4 = i1.getMatchingItem("bla",
> "blaBla", null);
> Assert.assertNotNull("r4 should be found", r4);
> - UnsignedAppletActionEntry r5 = i1.getMatchingItem("",
> "blaBla", "main", Arrays.asList(new String[]{"jar2", "jar1"}));
> + UnsignedAppletActionEntry r5 = i1.getMatchingItem("",
> "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
> Assert.assertNotNull("r5 should be found", r5);
> - UnsignedAppletActionEntry r6 = i1.getMatchingItem(null, null,
> "main", Arrays.asList(new String[]{"jar2", "jar1"}));
> + UnsignedAppletActionEntry r6 = i1.getMatchingItem(null,
> null, Arrays.asList(new String[]{"jar2", "jar1"}));
> Assert.assertNotNull("r6 should be found", r6);
> - UnsignedAppletActionEntry r7 = i1.getMatchingItem(null, null,
> "main", Arrays.asList(new String[]{"jar2", "jar11"}));
> + UnsignedAppletActionEntry r7 = i1.getMatchingItem(null,
> null, Arrays.asList(new String[]{"jar2", "jar11"}));
> Assert.assertNull("r7 should NOT be found", r7);
>
Looks good to me.
agreedChangesToLockingFile -- agreed.
newMatchByStrength -- looks fine.
addingFilteringForTable:
This seems a bit overly complex TBH. I don't think the user needs to be
aware of the 'temporaries' at all. There are too many options as-is...
However it is done, so I will review it.
> diff -r 886c91766b45 -r b281229f08cc
> netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
> ---
> a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
> Mon Feb 25 12:50:15 2013 +0100
> +++
> b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
> Mon Feb 25 14:53:30 2013 +0100
> @@ -145,7 +145,7 @@
> }
>
> public void addRow() {
> - int i = back.toArray().length;
> + int i = back.toArray().length-1;
> String s = "\\Qhttp://localhost:80/\\E.*";
> back.add(new UnsignedAppletActionEntry(
> ExecuteUnsignedApplet.NEVER,
> @@ -163,7 +163,7 @@
> }
>
> public void clear() {
> - int i = getRowCount();
> + int i = getRowCount()-1;
> back.clear();
> fireTableRowsDeleted(0, i);
> }
> @@ -175,14 +175,14 @@
> }
>
> void moveUp(int selectedRow) {
> - int i = getRowCount();
> + int i = getRowCount()-1;
> back.moveUp(selectedRow);
> - fireTableRowsUpdated(i - 1, i);
> + fireTableRowsUpdated(i, i);
> }
>
> void moveDown(int selectedRow) {
> - int i = getRowCount();
> + int i = getRowCount()-1;
> back.moveDown(selectedRow);
> - fireTableRowsUpdated(i, i + 1);
> + fireTableRowsUpdated(i, i);
> }
> }
> diff -r 886c91766b45 -r b281229f08cc
> netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
> ---
> a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
> Mon Feb 25 12:50:15 2013 +0100
> +++
> b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
> Mon Feb 25 14:53:30 2013 +0100
> @@ -37,6 +37,8 @@
>
> import java.awt.BorderLayout;
> import java.awt.Component;
> +import java.awt.event.ActionEvent;
> +import java.awt.event.ActionListener;
> import java.awt.event.KeyAdapter;
> import java.awt.event.KeyEvent;
> import java.awt.event.KeyListener;
> @@ -57,6 +59,8 @@
> import javax.swing.JPanel;
> import javax.swing.JTable;
> import javax.swing.JTextField;
> +import javax.swing.RowFilter;
> +import javax.swing.RowFilter.Entry;
> import javax.swing.event.ChangeEvent;
> import javax.swing.event.ChangeListener;
> import javax.swing.event.ListSelectionEvent;
> @@ -66,6 +70,7 @@
> import javax.swing.table.TableCellEditor;
> import javax.swing.table.TableCellRenderer;
> import javax.swing.table.TableModel;
> +import javax.swing.table.TableRowSorter;
> import net.sourceforge.jnlp.config.DeploymentConfiguration;
> import net.sourceforge.jnlp.runtime.Translator;
> import
> net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
> @@ -88,6 +93,7 @@
> private javax.swing.JCheckBox filterRegexesCheckBox;
> private javax.swing.JComboBox mainPolicyComboBox;
> private javax.swing.JComboBox deleteTypeComboBox;
> + private javax.swing.JComboBox viewFilter;
> private javax.swing.JLabel globalBehaviourLabel;
> private javax.swing.JLabel securityLevelLabel;
> private javax.swing.JScrollPane userTableScrollPane;
> @@ -99,6 +105,8 @@
> private final UnsignedAppletActionStorageExtendedImpl globalBackEnd;
> private final UnsignedAppletActionTableModel customModel;
> private final UnsignedAppletActionTableModel globalModel;
> + private final ByPermanenciFilter customFilter;
> + private final ByPermanenciFilter globalFilter;
> private final DeploymentConfiguration conf;
> private javax.swing.JTable currentTable;
> private UnsignedAppletActionTableModel currentModel;
> @@ -143,7 +151,11 @@
> globalBackEnd = new
> UnsignedAppletActionStorageExtendedImpl(globalSettings);
> customModel = new UnsignedAppletActionTableModel(customBackEnd);
> globalModel = new UnsignedAppletActionTableModel(globalBackEnd);
> + customFilter = new ByPermanenciFilter(customModel);
> + globalFilter = new ByPermanenciFilter(globalModel);
> initComponents();
> + userTable.setRowSorter(customFilter);
> + globalTable.setRowSorter(globalFilter);
> this.conf = conf;
> AppletSecurityLevel gs = AppletSecurityLevel.getDefault();
> String s =
> conf.getProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL);
> @@ -154,8 +166,8 @@
> userTable.getSelectionModel().addListSelectionListener(new
> SingleSelectionListenerImpl(userTable));
> globalTable.getSelectionModel().addListSelectionListener(new
> SingleSelectionListenerImpl(globalTable));
>
> - userTable.addKeyListener(new deleteAdapter(userTable));
> - globalTable.addKeyListener(new deleteAdapter(globalTable));
> + userTable.addKeyListener(new DeleteAdapter(userTable));
> + globalTable.addKeyListener(new DeleteAdapter(globalTable));
> currentTable = userTable;
> currentModel = customModel;
> setButtons((!currentModel.back.isReadOnly()));
> @@ -246,6 +258,7 @@
> securityLevelLabel = new javax.swing.JLabel();
> globalBehaviourLabel = new javax.swing.JLabel();
> deleteTypeComboBox = new javax.swing.JComboBox();
> + viewFilter = new javax.swing.JComboBox();
> deleteButton = new javax.swing.JButton();
> testUrlButton = new javax.swing.JButton();
> addRowButton = new javax.swing.JButton();
> @@ -275,6 +288,45 @@
> mainPolicyComboBoxActionPerformed(evt);
> }
> });
> +
> + viewFilter.addActionListener(new ActionListener() {
> + @Override
> + public void actionPerformed(ActionEvent e) {
> + int i = viewFilter.getSelectedIndex();
> + switch (i) {
> + case 0:
> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetns);
> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetns);
> + break;
> + case 1:
> + customFilter.setRowFilter(ByPermanenciFilter.showTemporals);
> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporals);
> + break;
> + case 2:
> + customFilter.setRowFilter(ByPermanenciFilter.showAll);
> + globalFilter.setRowFilter(ByPermanenciFilter.showAll);
> + break;
> + case 3:
> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetnA);
> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetnA);
> + break;
> + case 4:
> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetnN);
> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetnN);
> + break;
> + case 5:
> + customFilter.setRowFilter(ByPermanenciFilter.showTemporalY);
> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporalY);
> + break;
> + case 6:
> + customFilter.setRowFilter(ByPermanenciFilter.showTemporalN);
> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporalN);
> + break;
> + }
> +
> + }
> + });
> +
>
> securityLevelLabel.setText(Translator.R("APPEXTSECguiPanelSecurityLevel"));
>
> @@ -287,6 +339,15 @@
> Translator.R("APPEXTSECguiPanelDeleteMenuAlly"),
> Translator.R("APPEXTSECguiPanelDeleteMenuAlln"),
> Translator.R("APPEXTSECguiPanelDeleteMenuAllAll")}));
> +
> + viewFilter.setModel(new javax.swing.DefaultComboBoxModel(new
> String[]{
> + Translator.R("APPEXTSECguiPanelShowOnlyPermanent"),
> + Translator.R("APPEXTSECguiPanelShowOnlyTemporal"),
> + Translator.R("APPEXTSECguiPanelShowAll"),
> + Translator.R("APPEXTSECguiPanelShowOnlyPermanentA"),
> + Translator.R("APPEXTSECguiPanelShowOnlyPermanentN"),
> + Translator.R("APPEXTSECguiPanelShowOnlyTemporalY"),
> + Translator.R("APPEXTSECguiPanelShowOnlyTemporalN")}));
>
> deleteButton.setText(Translator.R("APPEXTSECguiPanelDeleteButton"));
> deleteButton.setToolTipText(Translator.R("APPEXTSECguiPanelDeleteButtonToolTip"));
> @@ -383,7 +444,8 @@
> .addComponent(invertSelectionButton))
> .addGroup(layout.createSequentialGroup()
> .addComponent(askBeforeActionCheckBox).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
> -
> .addComponent(filterRegexesCheckBox))).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED,
> 93, Short.MAX_VALUE)
> +
> .addComponent(filterRegexesCheckBox).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED,
> 93, Short.MAX_VALUE)
> +
> .addComponent(viewFilter))).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
> .addComponent(helpButton,
> javax.swing.GroupLayout.PREFERRED_SIZE, 108,
> javax.swing.GroupLayout.PREFERRED_SIZE))).addContainerGap()));
> layout.setVerticalGroup(
> layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
> @@ -400,7 +462,8 @@
> .addComponent(invertSelectionButton,
> javax.swing.GroupLayout.DEFAULT_SIZE,
> javax.swing.GroupLayout.DEFAULT_SIZE,
> Short.MAX_VALUE)).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
> .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
> .addComponent(askBeforeActionCheckBox)
> - .addComponent(filterRegexesCheckBox)))
> + .addComponent(filterRegexesCheckBox)
> + .addComponent(viewFilter)))
> .addComponent(helpButton,
> javax.swing.GroupLayout.PREFERRED_SIZE, 53,
> javax.swing.GroupLayout.PREFERRED_SIZE)).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
> .addComponent(mainTabPanel,
> javax.swing.GroupLayout.DEFAULT_SIZE, 161,
> Short.MAX_VALUE).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
> .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
> @@ -561,7 +624,13 @@
>
> private void
> moveRowUpButtonActionPerformed(java.awt.event.ActionEvent evt) {
> int orig = currentTable.getSelectedRow();
> + if (orig<0 || orig>=currentTable.getRowCount()) {
> + return;
> + }
> int i = currentTable.convertRowIndexToModel(orig);
> + if (i<=0) {
> + return;
> + }
> currentModel.moveUp(i);
> reloadTable();
> if (orig >= 1) {
> @@ -571,7 +640,13 @@
>
> private void
> moveRowDownButtonActionPerformed(java.awt.event.ActionEvent evt) {
> int orig = currentTable.getSelectedRow();
> + if (orig<0 || orig>=currentTable.getRowCount()) {
> + return;
> + }
> int i = currentTable.convertRowIndexToModel(orig);
> + if (i>=currentTable.getRowCount()-1) {
> + return;
> + }
> currentModel.moveDown(i);
> reloadTable();
> if (orig < currentModel.getRowCount()) {
> @@ -720,7 +795,7 @@
> }
> }
>
> - private class SingleSelectionListenerImpl implements
> ListSelectionListener {
> + private final class SingleSelectionListenerImpl implements
> ListSelectionListener {
>
> private final JTable table;
>
> @@ -740,11 +815,11 @@
> }
> }
>
> - private class deleteAdapter implements KeyListener {
> + private final class DeleteAdapter implements KeyListener {
>
> private final JTable table;
>
> - public deleteAdapter(JTable table) {
> + public DeleteAdapter(JTable table) {
> this.table = table;
> }
>
> @@ -763,4 +838,82 @@
> public void keyReleased(KeyEvent e) {
> }
> }
> +
> +
> + private static final class ByPermanenciFilter extends
> TableRowSorter<UnsignedAppletActionTableModel> {
Permanent and Temporal are very confusing names for what I just consider
the 'decisions' and the 'hints'.
Anyway, ByPermanenciFilter -> ByPermanencyFilter
> +
> + private static final class ShowAll extends
> RowFilter<UnsignedAppletActionTableModel, Integer> {
> +
> + @Override
> + public boolean include(Entry<? extends
> UnsignedAppletActionTableModel, ? extends Integer> entry) {
> + return true;
> + }
> + }
> +
> + private static final class ShowPernamnetns extends
> RowFilter<UnsignedAppletActionTableModel, Integer> {
ShowPernamnetns -> ShowPermanents
> +
> + @Override
> + public boolean include(Entry<? extends
> UnsignedAppletActionTableModel, ? extends Integer> entry) {
> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet)
> entry.getModel().getValueAt(entry.getIdentifier(), 0);
> + return (o.equals(ExecuteUnsignedApplet.ALWAYS) ||
> o.equals(ExecuteUnsignedApplet.NEVER));
> + }
> + }
> +
> + private static final class ShowPernamnetnA extends
> RowFilter<UnsignedAppletActionTableModel, Integer> {
ShowPernamnetnA -> ShowPermanentA
I would just have this as 'ShowAlways' though, no ?
> +
> + @Override
> + public boolean include(Entry<? extends
> UnsignedAppletActionTableModel, ? extends Integer> entry) {
> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet)
> entry.getModel().getValueAt(entry.getIdentifier(), 0);
> + return (o.equals(ExecuteUnsignedApplet.ALWAYS));
> + }
> + }
> +
> + private static final class ShowPernamnetnN extends
> RowFilter<UnsignedAppletActionTableModel, Integer> {
ShowPernamnetnN -> ShowPermanentN
I would just have this as 'ShowNever' though, no ?
> +
> + @Override
> + public boolean include(Entry<? extends
> UnsignedAppletActionTableModel, ? extends Integer> entry) {
> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet)
> entry.getModel().getValueAt(entry.getIdentifier(), 0);
> + return (o.equals(ExecuteUnsignedApplet.NEVER));
> + }
> + }
> +
> + private static final class ShowTemporals extends
> RowFilter<UnsignedAppletActionTableModel, Integer> {
> +
> + @Override
> + public boolean include(Entry<? extends
> UnsignedAppletActionTableModel, ? extends Integer> entry) {
> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet)
> entry.getModel().getValueAt(entry.getIdentifier(), 0);
> + return (o.equals(ExecuteUnsignedApplet.YES) ||
> o.equals(ExecuteUnsignedApplet.NO));
> + }
> + }
> +
> + private static final class ShowTemporalY extends
> RowFilter<UnsignedAppletActionTableModel, Integer> {
Too many complications for something the user shouldn't really care
about managing IMO.
But anyway, I prefer ShowHasChosenYes
> +
> + @Override
> + public boolean include(Entry<? extends
> UnsignedAppletActionTableModel, ? extends Integer> entry) {
> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet)
> entry.getModel().getValueAt(entry.getIdentifier(), 0);
> + return (o.equals(ExecuteUnsignedApplet.YES));
> + }
> + }
> +
> + private static final class ShowTemporalN extends
> RowFilter<UnsignedAppletActionTableModel, Integer> {
See above, but anyway I prefer ShowHasChosenNo
> +
> + @Override
> + public boolean include(Entry<? extends
> UnsignedAppletActionTableModel, ? extends Integer> entry) {
> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet)
> entry.getModel().getValueAt(entry.getIdentifier(), 0);
> + return (o.equals(ExecuteUnsignedApplet.NO));
> + }
> + }
> + public static final ShowAll showAll = new ShowAll();
> + public static final ShowPernamnetns showPernamnetns = new
> ShowPernamnetns();
> + public static final ShowPernamnetnA showPernamnetnA = new
> ShowPernamnetnA();
> + public static final ShowPernamnetnN showPernamnetnN = new
> ShowPernamnetnN();
> + public static final ShowTemporals showTemporals = new
> ShowTemporals();
> + public static final ShowTemporalY showTemporalY = new
> ShowTemporalY();
> + public static final ShowTemporalN showTemporalN = new
> ShowTemporalN();
> +
> + public ByPermanenciFilter(UnsignedAppletActionTableModel model) {
> + super(model);
> + setRowFilter(showPernamnetns);
> + }
> + }
> }
> diff -r 886c91766b45 -r b281229f08cc
> netx/net/sourceforge/jnlp/resources/Messages.properties
> --- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Feb
> 25 12:50:15 2013 +0100
> +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Feb
> 25 14:53:30 2013 +0100
> @@ -528,4 +528,11 @@
> APPEXTSECguiPanelEmptyDoc=All document-bases must be full
> APPEXTSECguiPanelEmptyCode=All code-bases must be full
> APPEXTSECguiPanelTableValid=Table looks valid
> -APPEXTSECguiPanelTableInvalid=Invalid with following error: {0}
> \ No newline at end of file
> +APPEXTSECguiPanelTableInvalid=Invalid with following error: {0}
> +APPEXTSECguiPanelShowOnlyPermanent=Show only permanent records
> +APPEXTSECguiPanelShowOnlyTemporal=Show only temporal records
> +APPEXTSECguiPanelShowAll=Show all records
> +APPEXTSECguiPanelShowOnlyPermanentA=Show only allowed permanent records
> +APPEXTSECguiPanelShowOnlyPermanentN=Show only forbidden permanent records
> +APPEXTSECguiPanelShowOnlyTemporalY=Show only temporally allowed records
Funny, 'temporally' is technically a valid word here, but I'm sure you
meant 'temporarily' :-) but this is much clearer as 'Show previously
allowed applets'. Calling something that was allowed once 'temporarily
allowed' is confusing.
> +APPEXTSECguiPanelShowOnlyTemporalN=Show only temporally denied records
'Show previously denied applets'
> \ No newline at end of file
Overall not sure how I feel about this one, but I guess I'm OK with it
in the interest of getting this into HEAD.
BTW You never did give me that URL encoding suggestion :-)
-Adam
More information about the distro-pkg-dev
mailing list