[fyi][icedtea-web] backend and itw-settings for extended applets security

Tue Mar 26 07:11:19 PDT 2013

On 02/25/2013 09:22 PM, Adam Domurad wrote:
> On 02/25/2013 12:40 PM, Jiri Vanek wrote:
>> On 02/21/2013 11:07 PM, Adam Domurad wrote:
>>> On 02/20/2013 04:53 PM, Adam Domurad wrote:
>>>> Here are some proposed fixes. Thanks.
>>>>
>>>> - comapre -> compare typo fix
>>>> - Never return from a finally block! (Eclipse underlines the whole finally block as a warning.)
>>>> See http://weblogs.java.net/blog/staufferjames/archive/2007/06/_dont_return_in.html
>>>> - Added a null check so we don't compare if a null archive list is stored.
>>>>
>>>> - Adam
>>>>
>>>>
>>>
>>> Ignore that one, this trumps it.
>>>
>>> OK. I tried to separate what would be considered changes to Jiri's part out.
>>> AppletSecuritySettings.java had to be moved out of sun.applet to make it accessible.
>>>
>>> First apply Jiris latest patch, then the rest of them with integrated-dialogue2.patch last.
>>>
>>> Here are the patches. Will make a ChangeLog sometime soon.
>>>
>>> All the applet security levels should be working in this patch, as well it should honour the global
>>> applet settings.
>>>
>>> Red/green text indicates if you've accepted a patch before.
>>>
>>> Further implementation question:
>>> - Currently when many applets share a single classloader on a page and one is rejected, it'd be nice
>>> if the it did not ask for rejection for all the other applets. It is tricky to get this right.
>>> Perhaps rejecting a certain unique key should be permanent for a session ? There should be no harm,
>>> as you can always restart your browser if you accidentally hit reject. And indeed there is harm in
>>> the other direction, if you reject an applet but accidentally hit OK for one of the other applet
>>> dialogues that come up.
>>>
>>> Let me know of any issues.
>>>
>>> Happy hacking,
>>> -Adam
>>
>>
>> ugh. Next round of backend:
>>
>> My OriginalPatch, added filtering for table and removed mainClass - all as separate changes.
>> Also agreedChangesToLockingFile.diff ( I agree with your changes, nextTime I will merge them inside)
>> I have rewritten your strength matching algorithm - newMAtchByStrength.diff - I hope it will still suits (the only change was actually to returnimidiately when strong match is found - return first week otherwise)
>>
>> Thanx for suggestions, as Omair suggested - lets fire this! (means merge above, add tests and push)
>>
>> ps: I hope I have not forget some occurence of mainCLass somewhere :-/
>> pps: test tests and tests on my side :-/
>
> Great.
>
> Mainclass:
>
>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
>> --- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Mon Feb 25 16:26:29 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Mon Feb 25 18:32:10 2013 +0100
>> @@ -37,11 +37,11 @@
>>
>> import java.util.Date;
>> import javax.swing.table.AbstractTableModel;
>> +import net.sourceforge.jnlp.runtime.Translator;
>> import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
>> import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletActionEntry;
>> import net.sourceforge.jnlp.security.appletextendedsecurity.UrlRegEx;
>> import net.sourceforge.jnlp.security.appletextendedsecurity.impl.UnsignedAppletActionStorageExtendedImpl;
>> -import net.sourceforge.jnlp.runtime.Translator;
>>
>> public class UnsignedAppletActionTableModel extends AbstractTableModel {
>>
>> @@ -50,7 +50,7 @@
>> Translator.R("APPEXTSECguiTableModelTableColumnDateOfAction"),
>> Translator.R("APPEXTSECguiTableModelTableColumnDocumentBase"),
>> Translator.R("APPEXTSECguiTableModelTableColumnCodeBase"),
>> - Translator.R("APPEXTSECguiTableModelTableColumnMainClass"),
>> + //Translator.R("APPEXTSECguiTableModelTableColumnMainClass"),
>
> I noticed you kept the translator stuff as comments, but I'd be in favour of just dropping it. Theres already too many comments in ITW that have long-forgotten purpose :-)
>
>> Translator.R("APPEXTSECguiTableModelTableColumnArchives")};
>>
>> public UnsignedAppletActionTableModel(UnsignedAppletActionStorageExtendedImpl back) {
>> @@ -86,10 +86,10 @@
>> if (columnIndex == 3) {
>> return UrlRegEx.class;
>> }
>> - if (columnIndex == 3) {
>> + if (columnIndex == 4) {
>> return String.class;
>> }
>> - if (columnIndex == 3) {
>> + if (columnIndex == 5) {
>> return String.class;
>> }
>> return Object.class;
>> @@ -129,9 +129,6 @@
>> return source.getCodeBase();
>> }
>> if (columnIndex == 4) {
>> - return source.getMainClass();
>> - }
>> - if (columnIndex == 5) {
>> return UnsignedAppletActionEntry.createArchivesString(source.getArchives());
>> }
>> return null;
>> @@ -152,7 +149,6 @@
>> new Date(),
>> new UrlRegEx(s),
>> new UrlRegEx(s),
>> - null,
>> null));
>> fireTableRowsInserted(i, i + 1);
>> }
>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
>> --- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Mon Feb 25 16:26:29 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Mon Feb 25 18:32:10 2013 +0100
>> @@ -186,7 +186,7 @@
>> + "\n (" + Translator.R("APPEXTSECguiPanelAppletInfoHederPart2", i.getUnsignedAppletAction(), DateFormat.getInstance().format(i.getTimeStamp()))
>> + "\n " + Translator.R("APPEXTSECguiTableModelTableColumnDocumentBase") + ": " + i.getDocumentBase().getFilteredRegEx()
>> + "\n " + Translator.R("APPEXTSECguiTableModelTableColumnCodeBase") + ": " + i.getCodeBase().getFilteredRegEx()
>> - + "\n " + Translator.R("APPEXTSECguiTableModelTableColumnMainClass") + ": " + ((i.getMainClass() == null) ? "" : i.getMainClass())
>> + //+ "\n " + Translator.R("APPEXTSECguiTableModelTableColumnMainClass") + ": " + ((i.getMainClass() == null) ? "" : i.getMainClass())
>> + "\n " + Translator.R("APPEXTSECguiTableModelTableColumnArchives") + ": " + UnsignedAppletActionEntry.createArchivesString(i.getArchives());
>> }
>>
>> @@ -540,7 +540,7 @@
>> lastDoc = s1;
>> lastCode = s2;
>> try {
>> - List<UnsignedAppletActionEntry> i = currentModel.back.getMatchingItems(s1, s2, null, null);
>> + List<UnsignedAppletActionEntry> i = currentModel.back.getMatchingItems(s1, s2, null);
>> if (i == null || i.isEmpty()) {
>> JOptionPane.showMessageDialog(this, Translator.R("APPEXTSECguiPanelNoMatch"));
>> } else {
>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java
>> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java Mon Feb 25 16:26:29 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java Mon Feb 25 18:32:10 2013 +0100
>> @@ -47,7 +47,6 @@
>> private Date timeStamp;
>> private UrlRegEx documentBase;
>> private UrlRegEx codeBase;
>> - private String mainClass;
>> private List<String> archives;
>>
>> public static UnsignedAppletActionEntry createFromString(String s) {
>> @@ -57,26 +56,21 @@
>> new Date(new Long(split[1])),
>> new UrlRegEx(split[2]),
>> null,
>> - null,
>> null);
>> if (split.length > 3) {
>> nw.setCodeBase(new UrlRegEx(split[3]));
>> }
>> if (split.length > 4) {
>> - nw.setMainClass(split[4]);
>> - }
>> - if (split.length > 5) {
>> - nw.setArchives(createArchivesList(s.substring(s.indexOf(split[4]) + split[4].length()).trim()));
>> + nw.setArchives(createArchivesList(s.substring(s.lastIndexOf(split[3]) + split[3].length()).trim()));
>> }
>> return nw;
>> }
>>
>> - public UnsignedAppletActionEntry(ExecuteUnsignedApplet unsignedAppletAction, Date timeStamp, UrlRegEx documentBase, UrlRegEx codeBase, String mainClass, List<String> archives) {
>> + public UnsignedAppletActionEntry(ExecuteUnsignedApplet unsignedAppletAction, Date timeStamp, UrlRegEx documentBase, UrlRegEx codeBase, List<String> archives) {
>> this.unsignedAppletAction = unsignedAppletAction;
>> this.timeStamp = timeStamp;
>> this.documentBase = documentBase;
>> this.codeBase = codeBase;
>> - this.mainClass = mainClass;
>> this.archives = archives;
>>
>> }
>> @@ -96,7 +90,6 @@
>> + " " + ((timeStamp == null) ? "1" : timeStamp.getTime())
>> + " " + ((documentBase == null) ? "" : documentBase.getRegEx())
>> + " " + ((codeBase == null) ? "" : codeBase.getRegEx())
>> - + " " + ((mainClass == null) ? "" : mainClass)
>> + " " + createArchivesString(archives);
>> }
>>
>> @@ -132,14 +125,6 @@
>> this.codeBase = codeBase;
>> }
>>
>> - public String getMainClass() {
>> - return mainClass;
>> - }
>> -
>> - public void setMainClass(String mainClass) {
>> - this.mainClass = mainClass;
>> - }
>> -
>> public List<String> getArchives() {
>> return archives;
>> }
>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
>> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java Mon Feb 25 16:26:29 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java Mon Feb 25 18:32:10 2013 +0100
>> @@ -1,19 +1,37 @@
>> -/*
>> - Copyright (C) 2013 Red Hat
>> +/* Copyright (C) 2013 Red Hat, Inc.
>>
>> - This program is free software; you can redistribute it and/or modify
>> - it under the terms of the GNU General Public License as published by
>> - the Free Software Foundation; either version 2 of the License, or
>> - (at your option) any later version.
>> + This file is part of IcedTea.
>>
>> - This program is distributed in the hope that it will be useful, but
>> - WITHOUT ANY WARRANTY; without even the implied warranty of
>> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>> + IcedTea is free software; you can redistribute it and/or
>> + modify it under the terms of the GNU General Public License as published by
>> + the Free Software Foundation, version 2.
>> +
>> + IcedTea is distributed in the hope that it will be useful,
>> + but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>> General Public License for more details.
>>
>> You should have received a copy of the GNU General Public License
>> - along with this program; if not, write to the Free Software
>> - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>> + along with IcedTea; see the file COPYING. If not, write to
>> + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>> + 02110-1301 USA.
>> +
>> + Linking this library statically or dynamically with other modules is
>> + making a combined work based on this library. Thus, the terms and
>> + conditions of the GNU General Public License cover the whole
>> + combination.
>> +
>> + As a special exception, the copyright holders of this library give you
>> + permission to link this library with independent modules to produce an
>> + executable, regardless of the license terms of these independent
>> + modules, and to copy and distribute the resulting executable under
>> + terms of your choice, provided that you also meet, for each linked
>> + independent module, the terms and conditions of the license of that
>> + module. An independent module is a module which is not derived from
>> + or based on this library. If you modify this library, you may extend
>> + this exception to your version of the library, but you are not
>> + obligated to do so. If you do not wish to do so, delete this
>> + exception statement from your version.
>> */
>> package net.sourceforge.jnlp.security.appletextendedsecurity;
>>
>> @@ -50,7 +68,7 @@
>> * @param archives
>> * @return
>> */
>> - public UnsignedAppletActionEntry getMatchingItem(String documentBase, String codeBase, String mainClass, List<String> archives);
>> + public UnsignedAppletActionEntry getMatchingItem(String documentBase, String codeBase, List<String> archives);
>>
>> /**
>> * Shortcut getMatchingItem(documentBase, null,null,null)
>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java
>> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java Mon Feb 25 16:26:29 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java Mon Feb 25 18:32:10 2013 +0100
>> @@ -166,9 +166,6 @@
>> source.setCodeBase(new UrlRegEx((String) aValue));
>> }
>> if (columnIndex == 4) {
>> - source.setMainClass((String) aValue);
>> - }
>> - if (columnIndex == 5) {
>> source.setArchives(UnsignedAppletActionEntry.createArchivesList((String) aValue));
>> }
>>
>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java
>> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java Mon Feb 25 16:26:29 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java Mon Feb 25 18:32:10 2013 +0100
>> @@ -131,8 +131,8 @@
>> }
>>
>> @Override
>> - public UnsignedAppletActionEntry getMatchingItem(String documentBase, String codeBase, String mainClass, List<String> archives) {
>> - List<UnsignedAppletActionEntry> results = getMatchingItems(documentBase, codeBase, mainClass, archives);
>> + public UnsignedAppletActionEntry getMatchingItem(String documentBase, String codeBase, List<String> archives) {
>> + List<UnsignedAppletActionEntry> results = getMatchingItems(documentBase, codeBase, archives);
>> if (results == null || results.isEmpty()) {
>> return null;
>> }
>> @@ -150,7 +150,7 @@
>> return results.get(0);
>> }
>>
>> - public List<UnsignedAppletActionEntry> getMatchingItems(String documentBase, String codeBase, String mainClass, List<String> archives) {
>> + public List<UnsignedAppletActionEntry> getMatchingItems(String documentBase, String codeBase, List<String> archives) {
>> List<UnsignedAppletActionEntry> result = new ArrayList();
>> lock();
>> try {
>> @@ -159,7 +159,7 @@
>> return result;
>> }
>> for (UnsignedAppletActionEntry unsignedAppletActionEntry : items) {
>> - if (isMatching(unsignedAppletActionEntry, documentBase, codeBase, mainClass, archives)) {
>> + if (isMatching(unsignedAppletActionEntry, documentBase, codeBase, archives)) {
>> result.add(unsignedAppletActionEntry);
>> }
>> }
>> @@ -171,7 +171,7 @@
>> return result;
>> }
>>
>> - private boolean isMatching(UnsignedAppletActionEntry unsignedAppletActionEntry, String documentBase, String codeBase, String mainClass, List<String> archives) {
>> + private boolean isMatching(UnsignedAppletActionEntry unsignedAppletActionEntry, String documentBase, String codeBase, List<String> archives) {
>> boolean result = true;
>> if (documentBase != null && !documentBase.trim().isEmpty()) {
>> result = result && documentBase.matches(unsignedAppletActionEntry.getDocumentBase().getRegEx());
>> @@ -179,10 +179,6 @@
>> if (codeBase != null && !codeBase.trim().isEmpty()) {
>> result = result && codeBase.matches(unsignedAppletActionEntry.getCodeBase().getRegEx());
>> }
>> - if (mainClass != null && !mainClass.trim().isEmpty()) {
>> - result = result && mainClass.equals(unsignedAppletActionEntry.getMainClass());
>> - }
>> -
>> if (archives != null) {
>> result = result && compareArchives(archives, unsignedAppletActionEntry.getArchives());
>> }
>> @@ -195,6 +191,15 @@
>> }
>>
>> private boolean compareArchives(List<String> archives, List<String> saved) {
>> + if (archives == null && saved !=null){
>> + return false;
>> + }
>> + if (archives != null && saved ==null){
>> + return false;
>> + }
>> + if (archives == null && saved ==null){
>> + return true;
>> + }
>> if (archives.size() != saved.size()) {
>> return false;
>> }
>> @@ -220,16 +225,16 @@
>>
>> @Override
>> public UnsignedAppletActionEntry getMatchingItemByDocumentBase(String documentBase) {
>> - return getMatchingItem(documentBase, null, null, null);
>> + return getMatchingItem(documentBase, null, null);
>> }
>>
>> @Override
>> public UnsignedAppletActionEntry getMatchingItemByCodeBase(String codeBase) {
>> - return getMatchingItem(null, codeBase, null, null);
>> + return getMatchingItem(null, codeBase, null);
>> }
>>
>> @Override
>> public UnsignedAppletActionEntry getMatchingItemByBases(String documentBase, String codeBase) {
>> - return getMatchingItem(documentBase, codeBase, null, null);
>> + return getMatchingItem(documentBase, codeBase, null);
>> }
>> }
>> diff -r 98060d84ad58 tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java
>> --- a/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java Mon Feb 25 16:26:29 2013 +0100
>> +++ b/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java Mon Feb 25 18:32:10 2013 +0100
>> @@ -59,22 +59,20 @@
>> f2 = File.createTempFile("itwMatching", "testFile2");
>> f3 = File.createTempFile("itwMatching", "testFile3");
>> f4 = File.createTempFile("itwMatching", "testFile4");
>> - ServerAccess.saveFile("A 123456 .* .* main jar1,jar2", f1);
>> - ServerAccess.saveFile("A 123456 .* \\Qbla\\E main jar1,jar2", f2);
>> + ServerAccess.saveFile("A 123456 .* .* jar1,jar2", f1);
>> + ServerAccess.saveFile("A 123456 .* \\Qbla\\E jar1,jar2", f2);
>> }
>>
>> @Test
>> public void allMatchingDocAndCode() {
>> UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(f1);
>> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla", "blaBla", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
>> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla", "blaBla", Arrays.asList(new String[]{"jar1", "jar2"}));
>> Assert.assertNotNull("r1 should be found", r1);
>> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("blah", "blaBla", "main", Arrays.asList(new String[]{"jar2", "jar1"}));
>> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("blah", "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
>> Assert.assertNotNull("r3 should be found", r1);
>> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBlam", "wrong_main", Arrays.asList(new String[]{"jar1", "jar2"}));
>> - Assert.assertNull("r2 should NOT be found", r2);
>> - UnsignedAppletActionEntry r4 = i1.getMatchingItem("blha", "blaBlam", "main", Arrays.asList(new String[]{"jar2", "wrong_jar"}));
>> + UnsignedAppletActionEntry r4 = i1.getMatchingItem("blha", "blaBlam", Arrays.asList(new String[]{"jar2", "wrong_jar"}));
>> Assert.assertNull("r4 should NOT be found", r4);
>> - UnsignedAppletActionEntry r5 = i1.getMatchingItem("blaBla", "blaBlaBla", "main", Arrays.asList(new String[]{"jar2"}));
>> + UnsignedAppletActionEntry r5 = i1.getMatchingItem("blaBla", "blaBlaBla", Arrays.asList(new String[]{"jar2"}));
>> Assert.assertNull("r5 should NOT be found", r5);
>>
>> }
>> @@ -82,13 +80,13 @@
>> @Test
>> public void allMatchingDocAndStrictCode() {
>> UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(f2);
>> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("whatever", "bla", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
>> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("whatever", "bla", Arrays.asList(new String[]{"jar1", "jar2"}));
>> Assert.assertNotNull("r1 should be found", r1);
>> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("whatever", null, "main", Arrays.asList(new String[]{"jar2", "jar1"}));
>> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("whatever", null, Arrays.asList(new String[]{"jar2", "jar1"}));
>> Assert.assertNotNull("r3 should be found", r1);
>> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBlam", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
>> + UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBlam", Arrays.asList(new String[]{"jar1", "jar2"}));
>> Assert.assertNull("r2 should NOT be found", r2);
>> - UnsignedAppletActionEntry r4 = i1.getMatchingItem(null, "blaBlam", null, null);
>> + UnsignedAppletActionEntry r4 = i1.getMatchingItem(null, "blaBlam", null);
>> Assert.assertNull("r4 should NOT be found", r4);
>>
>> }
>> @@ -96,19 +94,19 @@
>> @Test
>> public void allMatchingDocAndCodeWithNulls() {
>> UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(f1);
>> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla", "blaBla", null, null);
>> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla", "blaBla", null);
>> Assert.assertNotNull("r1 should be found", r1);
>> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("bla", "whatever", "", null);
>> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("bla", "whatever", null);
>> Assert.assertNotNull("r3 should be found", r1);
>> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBla", null, Arrays.asList(new String[]{"jar2", "jar1"}));
>> + UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
>> Assert.assertNotNull("r2 should be found", r2);
>> - UnsignedAppletActionEntry r4 = i1.getMatchingItem("bla", "blaBla", "main", null);
>> + UnsignedAppletActionEntry r4 = i1.getMatchingItem("bla", "blaBla", null);
>> Assert.assertNotNull("r4 should be found", r4);
>> - UnsignedAppletActionEntry r5 = i1.getMatchingItem("", "blaBla", "main", Arrays.asList(new String[]{"jar2", "jar1"}));
>> + UnsignedAppletActionEntry r5 = i1.getMatchingItem("", "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
>> Assert.assertNotNull("r5 should be found", r5);
>> - UnsignedAppletActionEntry r6 = i1.getMatchingItem(null, null, "main", Arrays.asList(new String[]{"jar2", "jar1"}));
>> + UnsignedAppletActionEntry r6 = i1.getMatchingItem(null, null, Arrays.asList(new String[]{"jar2", "jar1"}));
>> Assert.assertNotNull("r6 should be found", r6);
>> - UnsignedAppletActionEntry r7 = i1.getMatchingItem(null, null, "main", Arrays.asList(new String[]{"jar2", "jar11"}));
>> + UnsignedAppletActionEntry r7 = i1.getMatchingItem(null, null, Arrays.asList(new String[]{"jar2", "jar11"}));
>> Assert.assertNull("r7 should NOT be found", r7);
>>
>
> Looks good to me.
>
> agreedChangesToLockingFile -- agreed.
>
>
> newMatchByStrength -- looks fine.
>
>
> addingFilteringForTable:
>
> This seems a bit overly complex TBH. I don't think the user needs to be aware of the 'temporaries' at all. There are too many options as-is... However it is done, so I will review it.
>
>> diff -r 886c91766b45 -r b281229f08cc netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
>> --- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Mon Feb 25 12:50:15 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Mon Feb 25 14:53:30 2013 +0100
>> @@ -145,7 +145,7 @@
>> }
>>
>> public void addRow() {
>> - int i = back.toArray().length;
>> + int i = back.toArray().length-1;
>> String s = "\\Qhttp://localhost:80/\\E.*";
>> back.add(new UnsignedAppletActionEntry(
>> ExecuteUnsignedApplet.NEVER,
>> @@ -163,7 +163,7 @@
>> }
>>
>> public void clear() {
>> - int i = getRowCount();
>> + int i = getRowCount()-1;
>> back.clear();
>> fireTableRowsDeleted(0, i);
>> }
>> @@ -175,14 +175,14 @@
>> }
>>
>> void moveUp(int selectedRow) {
>> - int i = getRowCount();
>> + int i = getRowCount()-1;
>> back.moveUp(selectedRow);
>> - fireTableRowsUpdated(i - 1, i);
>> + fireTableRowsUpdated(i, i);
>> }
>>
>> void moveDown(int selectedRow) {
>> - int i = getRowCount();
>> + int i = getRowCount()-1;
>> back.moveDown(selectedRow);
>> - fireTableRowsUpdated(i, i + 1);
>> + fireTableRowsUpdated(i, i);
>> }
>> }
>> diff -r 886c91766b45 -r b281229f08cc netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
>> --- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Mon Feb 25 12:50:15 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Mon Feb 25 14:53:30 2013 +0100
>> @@ -37,6 +37,8 @@
>>
>> import java.awt.BorderLayout;
>> import java.awt.Component;
>> +import java.awt.event.ActionEvent;
>> +import java.awt.event.ActionListener;
>> import java.awt.event.KeyAdapter;
>> import java.awt.event.KeyEvent;
>> import java.awt.event.KeyListener;
>> @@ -57,6 +59,8 @@
>> import javax.swing.JPanel;
>> import javax.swing.JTable;
>> import javax.swing.JTextField;
>> +import javax.swing.RowFilter;
>> +import javax.swing.RowFilter.Entry;
>> import javax.swing.event.ChangeEvent;
>> import javax.swing.event.ChangeListener;
>> import javax.swing.event.ListSelectionEvent;
>> @@ -66,6 +70,7 @@
>> import javax.swing.table.TableCellEditor;
>> import javax.swing.table.TableCellRenderer;
>> import javax.swing.table.TableModel;
>> +import javax.swing.table.TableRowSorter;
>> import net.sourceforge.jnlp.config.DeploymentConfiguration;
>> import net.sourceforge.jnlp.runtime.Translator;
>> import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
>> @@ -88,6 +93,7 @@
>> private javax.swing.JCheckBox filterRegexesCheckBox;
>> private javax.swing.JComboBox mainPolicyComboBox;
>> private javax.swing.JComboBox deleteTypeComboBox;
>> + private javax.swing.JComboBox viewFilter;
>> private javax.swing.JLabel globalBehaviourLabel;
>> private javax.swing.JLabel securityLevelLabel;
>> private javax.swing.JScrollPane userTableScrollPane;
>> @@ -99,6 +105,8 @@
>> private final UnsignedAppletActionStorageExtendedImpl globalBackEnd;
>> private final UnsignedAppletActionTableModel customModel;
>> private final UnsignedAppletActionTableModel globalModel;
>> + private final ByPermanenciFilter customFilter;
>> + private final ByPermanenciFilter globalFilter;
>> private final DeploymentConfiguration conf;
>> private javax.swing.JTable currentTable;
>> private UnsignedAppletActionTableModel currentModel;
>> @@ -143,7 +151,11 @@
>> globalBackEnd = new UnsignedAppletActionStorageExtendedImpl(globalSettings);
>> customModel = new UnsignedAppletActionTableModel(customBackEnd);
>> globalModel = new UnsignedAppletActionTableModel(globalBackEnd);
>> + customFilter = new ByPermanenciFilter(customModel);
>> + globalFilter = new ByPermanenciFilter(globalModel);
>> initComponents();
>> + userTable.setRowSorter(customFilter);
>> + globalTable.setRowSorter(globalFilter);
>> this.conf = conf;
>> AppletSecurityLevel gs = AppletSecurityLevel.getDefault();
>> String s = conf.getProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL);
>> @@ -154,8 +166,8 @@
>> userTable.getSelectionModel().addListSelectionListener(new SingleSelectionListenerImpl(userTable));
>> globalTable.getSelectionModel().addListSelectionListener(new SingleSelectionListenerImpl(globalTable));
>>
>> - userTable.addKeyListener(new deleteAdapter(userTable));
>> - globalTable.addKeyListener(new deleteAdapter(globalTable));
>> + userTable.addKeyListener(new DeleteAdapter(userTable));
>> + globalTable.addKeyListener(new DeleteAdapter(globalTable));
>> currentTable = userTable;
>> currentModel = customModel;
>> setButtons((!currentModel.back.isReadOnly()));
>> @@ -246,6 +258,7 @@
>> securityLevelLabel = new javax.swing.JLabel();
>> globalBehaviourLabel = new javax.swing.JLabel();
>> deleteTypeComboBox = new javax.swing.JComboBox();
>> + viewFilter = new javax.swing.JComboBox();
>> deleteButton = new javax.swing.JButton();
>> testUrlButton = new javax.swing.JButton();
>> addRowButton = new javax.swing.JButton();
>> @@ -275,6 +288,45 @@
>> mainPolicyComboBoxActionPerformed(evt);
>> }
>> });
>> +
>> + viewFilter.addActionListener(new ActionListener() {
>> + @Override
>> + public void actionPerformed(ActionEvent e) {
>> + int i = viewFilter.getSelectedIndex();
>> + switch (i) {
>> + case 0:
>> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetns);
>> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetns);
>> + break;
>> + case 1:
>> + customFilter.setRowFilter(ByPermanenciFilter.showTemporals);
>> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporals);
>> + break;
>> + case 2:
>> + customFilter.setRowFilter(ByPermanenciFilter.showAll);
>> + globalFilter.setRowFilter(ByPermanenciFilter.showAll);
>> + break;
>> + case 3:
>> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetnA);
>> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetnA);
>> + break;
>> + case 4:
>> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetnN);
>> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetnN);
>> + break;
>> + case 5:
>> + customFilter.setRowFilter(ByPermanenciFilter.showTemporalY);
>> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporalY);
>> + break;
>> + case 6:
>> + customFilter.setRowFilter(ByPermanenciFilter.showTemporalN);
>> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporalN);
>> + break;
>> + }
>> +
>> + }
>> + });
>> +
>>
>> securityLevelLabel.setText(Translator.R("APPEXTSECguiPanelSecurityLevel"));
>>
>> @@ -287,6 +339,15 @@
>> Translator.R("APPEXTSECguiPanelDeleteMenuAlly"),
>> Translator.R("APPEXTSECguiPanelDeleteMenuAlln"),
>> Translator.R("APPEXTSECguiPanelDeleteMenuAllAll")}));
>> +
>> + viewFilter.setModel(new javax.swing.DefaultComboBoxModel(new String[]{
>> + Translator.R("APPEXTSECguiPanelShowOnlyPermanent"),
>> + Translator.R("APPEXTSECguiPanelShowOnlyTemporal"),
>> + Translator.R("APPEXTSECguiPanelShowAll"),
>> + Translator.R("APPEXTSECguiPanelShowOnlyPermanentA"),
>> + Translator.R("APPEXTSECguiPanelShowOnlyPermanentN"),
>> + Translator.R("APPEXTSECguiPanelShowOnlyTemporalY"),
>> + Translator.R("APPEXTSECguiPanelShowOnlyTemporalN")}));
>>
>> deleteButton.setText(Translator.R("APPEXTSECguiPanelDeleteButton"));
>> deleteButton.setToolTipText(Translator.R("APPEXTSECguiPanelDeleteButtonToolTip"));
>> @@ -383,7 +444,8 @@
>> .addComponent(invertSelectionButton))
>> .addGroup(layout.createSequentialGroup()
>> .addComponent(askBeforeActionCheckBox).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
>> - .addComponent(filterRegexesCheckBox))).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 93, Short.MAX_VALUE)
>> + .addComponent(filterRegexesCheckBox).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 93, Short.MAX_VALUE)
>> + .addComponent(viewFilter))).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
>> .addComponent(helpButton, javax.swing.GroupLayout.PREFERRED_SIZE, 108, javax.swing.GroupLayout.PREFERRED_SIZE))).addContainerGap()));
>> layout.setVerticalGroup(
>> layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
>> @@ -400,7 +462,8 @@
>> .addComponent(invertSelectionButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
>> .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
>> .addComponent(askBeforeActionCheckBox)
>> - .addComponent(filterRegexesCheckBox)))
>> + .addComponent(filterRegexesCheckBox)
>> + .addComponent(viewFilter)))
>> .addComponent(helpButton, javax.swing.GroupLayout.PREFERRED_SIZE, 53, javax.swing.GroupLayout.PREFERRED_SIZE)).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
>> .addComponent(mainTabPanel, javax.swing.GroupLayout.DEFAULT_SIZE, 161, Short.MAX_VALUE).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
>> .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
>> @@ -561,7 +624,13 @@
>>
>> private void moveRowUpButtonActionPerformed(java.awt.event.ActionEvent evt) {
>> int orig = currentTable.getSelectedRow();
>> + if (orig<0 || orig>=currentTable.getRowCount()) {
>> + return;
>> + }
>> int i = currentTable.convertRowIndexToModel(orig);
>> + if (i<=0) {
>> + return;
>> + }
>> currentModel.moveUp(i);
>> reloadTable();
>> if (orig >= 1) {
>> @@ -571,7 +640,13 @@
>>
>> private void moveRowDownButtonActionPerformed(java.awt.event.ActionEvent evt) {
>> int orig = currentTable.getSelectedRow();
>> + if (orig<0 || orig>=currentTable.getRowCount()) {
>> + return;
>> + }
>> int i = currentTable.convertRowIndexToModel(orig);
>> + if (i>=currentTable.getRowCount()-1) {
>> + return;
>> + }
>> currentModel.moveDown(i);
>> reloadTable();
>> if (orig < currentModel.getRowCount()) {
>> @@ -720,7 +795,7 @@
>> }
>> }
>>
>> - private class SingleSelectionListenerImpl implements ListSelectionListener {
>> + private final class SingleSelectionListenerImpl implements ListSelectionListener {
>>
>> private final JTable table;
>>
>> @@ -740,11 +815,11 @@
>> }
>> }
>>
>> - private class deleteAdapter implements KeyListener {
>> + private final class DeleteAdapter implements KeyListener {
>>
>> private final JTable table;
>>
>> - public deleteAdapter(JTable table) {
>> + public DeleteAdapter(JTable table) {
>> this.table = table;
>> }
>>
>> @@ -763,4 +838,82 @@
>> public void keyReleased(KeyEvent e) {
>> }
>> }
>> +
>> +
>> + private static final class ByPermanenciFilter extends TableRowSorter<UnsignedAppletActionTableModel> {
>
> Permanent and Temporal are very confusing names for what I just consider the 'decisions' and the 'hints'.
> Anyway, ByPermanenciFilter -> ByPermanencyFilter
>
>> +
>> + private static final class ShowAll extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>> +
>> + @Override
>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>> + return true;
>> + }
>> + }
>> +
>> + private static final class ShowPernamnetns extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>
> ShowPernamnetns -> ShowPermanents
>
>> +
>> + @Override
>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>> + return (o.equals(ExecuteUnsignedApplet.ALWAYS) || o.equals(ExecuteUnsignedApplet.NEVER));
>> + }
>> + }
>> +
>> + private static final class ShowPernamnetnA extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>
> ShowPernamnetnA -> ShowPermanentA
>
> I would just have this as 'ShowAlways' though, no ?
>
>> +
>> + @Override
>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>> + return (o.equals(ExecuteUnsignedApplet.ALWAYS));
>> + }
>> + }
>> +
>> + private static final class ShowPernamnetnN extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>
> ShowPernamnetnN -> ShowPermanentN
>
> I would just have this as 'ShowNever' though, no ?
>
>> +
>> + @Override
>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>> + return (o.equals(ExecuteUnsignedApplet.NEVER));
>> + }
>> + }
>> +
>> + private static final class ShowTemporals extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>> +
>> + @Override
>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>> + return (o.equals(ExecuteUnsignedApplet.YES) || o.equals(ExecuteUnsignedApplet.NO));
>> + }
>> + }
>> +
>> + private static final class ShowTemporalY extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>
> Too many complications for something the user shouldn't really care about managing IMO.
> But anyway, I prefer ShowHasChosenYes
>
>> +
>> + @Override
>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>> + return (o.equals(ExecuteUnsignedApplet.YES));
>> + }
>> + }
>> +
>> + private static final class ShowTemporalN extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>
> See above, but anyway I prefer ShowHasChosenNo
>
>> +
>> + @Override
>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>> + return (o.equals(ExecuteUnsignedApplet.NO));
>> + }
>> + }
>> + public static final ShowAll showAll = new ShowAll();
>> + public static final ShowPernamnetns showPernamnetns = new ShowPernamnetns();
>> + public static final ShowPernamnetnA showPernamnetnA = new ShowPernamnetnA();
>> + public static final ShowPernamnetnN showPernamnetnN = new ShowPernamnetnN();
>> + public static final ShowTemporals showTemporals = new ShowTemporals();
>> + public static final ShowTemporalY showTemporalY = new ShowTemporalY();
>> + public static final ShowTemporalN showTemporalN = new ShowTemporalN();
>> +
>> + public ByPermanenciFilter(UnsignedAppletActionTableModel model) {
>> + super(model);
>> + setRowFilter(showPernamnetns);
>> + }
>> + }
>> }
>> diff -r 886c91766b45 -r b281229f08cc netx/net/sourceforge/jnlp/resources/Messages.properties
>> --- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Feb 25 12:50:15 2013 +0100
>> +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Feb 25 14:53:30 2013 +0100
>> @@ -528,4 +528,11 @@
>> APPEXTSECguiPanelEmptyDoc=All document-bases must be full
>> APPEXTSECguiPanelEmptyCode=All code-bases must be full
>> APPEXTSECguiPanelTableValid=Table looks valid
>> -APPEXTSECguiPanelTableInvalid=Invalid with following error: {0}
>> \ No newline at end of file
>> +APPEXTSECguiPanelTableInvalid=Invalid with following error: {0}
>> +APPEXTSECguiPanelShowOnlyPermanent=Show only permanent records
>> +APPEXTSECguiPanelShowOnlyTemporal=Show only temporal records
>> +APPEXTSECguiPanelShowAll=Show all records
>> +APPEXTSECguiPanelShowOnlyPermanentA=Show only allowed permanent records
>> +APPEXTSECguiPanelShowOnlyPermanentN=Show only forbidden permanent records
>> +APPEXTSECguiPanelShowOnlyTemporalY=Show only temporally allowed records
>
> Funny, 'temporally' is technically a valid word here, but I'm sure you meant 'temporarily' :-) but this is much clearer as 'Show previously allowed applets'. Calling something that was allowed once 'temporarily allowed' is confusing.
>
>> +APPEXTSECguiPanelShowOnlyTemporalN=Show only temporally denied records
>
> 'Show previously denied applets'
>
>> \ No newline at end of file
>
> Overall not sure how I feel about this one, but I guess I'm OK with it in the interest of getting this into HEAD.
>
> BTW You never did give me that URL encoding suggestion :-)
>
> -Adam

huh... I'm getting drowned from this and it seems its doing whats expected.
So enjoy the writing of changelog and fire it :)
/me looking forward for extend version and for embeded version O:P

J.