[fyi][icedtea-web] backend and itw-settings for extended applets security

Tue Mar 26 09:16:35 PDT 2013

On 03/26/2013 03:11 PM, Jiri Vanek wrote:
> On 02/25/2013 09:22 PM, Adam Domurad wrote:
>> On 02/25/2013 12:40 PM, Jiri Vanek wrote:
>>> On 02/21/2013 11:07 PM, Adam Domurad wrote:
>>>> On 02/20/2013 04:53 PM, Adam Domurad wrote:
>>>>> Here are some proposed fixes. Thanks.
>>>>>
>>>>> - comapre -> compare typo fix
>>>>> - Never return from a finally block! (Eclipse underlines the whole finally block as a warning.)
>>>>> See http://weblogs.java.net/blog/staufferjames/archive/2007/06/_dont_return_in.html
>>>>> - Added a null check so we don't compare if a null archive list is stored.
>>>>>
>>>>> - Adam
>>>>>
>>>>>
>>>>
>>>> Ignore that one, this trumps it.
>>>>
>>>> OK. I tried to separate what would be considered changes to Jiri's part out.
>>>> AppletSecuritySettings.java had to be moved out of sun.applet to make it accessible.
>>>>
>>>> First apply Jiris latest patch, then the rest of them with integrated-dialogue2.patch last.
>>>>
>>>> Here are the patches. Will make a ChangeLog sometime soon.
>>>>
>>>> All the applet security levels should be working in this patch, as well it should honour the global
>>>> applet settings.
>>>>
>>>> Red/green text indicates if you've accepted a patch before.
>>>>
>>>> Further implementation question:
>>>> - Currently when many applets share a single classloader on a page and one is rejected, it'd be nice
>>>> if the it did not ask for rejection for all the other applets. It is tricky to get this right.
>>>> Perhaps rejecting a certain unique key should be permanent for a session ? There should be no harm,
>>>> as you can always restart your browser if you accidentally hit reject. And indeed there is harm in
>>>> the other direction, if you reject an applet but accidentally hit OK for one of the other applet
>>>> dialogues that come up.
>>>>
>>>> Let me know of any issues.
>>>>
>>>> Happy hacking,
>>>> -Adam
>>>
>>>
>>> ugh. Next round of backend:
>>>
>>> My OriginalPatch, added filtering for table and removed mainClass - all as separate changes.
>>> Also agreedChangesToLockingFile.diff ( I agree with your changes, nextTime I will merge them inside)
>>> I have rewritten your strength matching algorithm - newMAtchByStrength.diff - I hope it will still suits (the only change was actually to returnimidiately when strong match is found - return first week otherwise)
>>>
>>> Thanx for suggestions, as Omair suggested - lets fire this! (means merge above, add tests and push)
>>>
>>> ps: I hope I have not forget some occurence of mainCLass somewhere :-/
>>> pps: test tests and tests on my side :-/
>>
>> Great.
>>
>> Mainclass:
>>
>>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
>>> --- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Mon Feb 25 16:26:29 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Mon Feb 25 18:32:10 2013 +0100
>>> @@ -37,11 +37,11 @@
>>>
>>> import java.util.Date;
>>> import javax.swing.table.AbstractTableModel;
>>> +import net.sourceforge.jnlp.runtime.Translator;
>>> import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
>>> import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletActionEntry;
>>> import net.sourceforge.jnlp.security.appletextendedsecurity.UrlRegEx;
>>> import net.sourceforge.jnlp.security.appletextendedsecurity.impl.UnsignedAppletActionStorageExtendedImpl;
>>> -import net.sourceforge.jnlp.runtime.Translator;
>>>
>>> public class UnsignedAppletActionTableModel extends AbstractTableModel {
>>>
>>> @@ -50,7 +50,7 @@
>>> Translator.R("APPEXTSECguiTableModelTableColumnDateOfAction"),
>>> Translator.R("APPEXTSECguiTableModelTableColumnDocumentBase"),
>>> Translator.R("APPEXTSECguiTableModelTableColumnCodeBase"),
>>> - Translator.R("APPEXTSECguiTableModelTableColumnMainClass"),
>>> + //Translator.R("APPEXTSECguiTableModelTableColumnMainClass"),
>>
>> I noticed you kept the translator stuff as comments, but I'd be in favour of just dropping it. Theres already too many comments in ITW that have long-forgotten purpose :-)
>>
>>> Translator.R("APPEXTSECguiTableModelTableColumnArchives")};
>>>
>>> public UnsignedAppletActionTableModel(UnsignedAppletActionStorageExtendedImpl back) {
>>> @@ -86,10 +86,10 @@
>>> if (columnIndex == 3) {
>>> return UrlRegEx.class;
>>> }
>>> - if (columnIndex == 3) {
>>> + if (columnIndex == 4) {
>>> return String.class;
>>> }
>>> - if (columnIndex == 3) {
>>> + if (columnIndex == 5) {
>>> return String.class;
>>> }
>>> return Object.class;
>>> @@ -129,9 +129,6 @@
>>> return source.getCodeBase();
>>> }
>>> if (columnIndex == 4) {
>>> - return source.getMainClass();
>>> - }
>>> - if (columnIndex == 5) {
>>> return UnsignedAppletActionEntry.createArchivesString(source.getArchives());
>>> }
>>> return null;
>>> @@ -152,7 +149,6 @@
>>> new Date(),
>>> new UrlRegEx(s),
>>> new UrlRegEx(s),
>>> - null,
>>> null));
>>> fireTableRowsInserted(i, i + 1);
>>> }
>>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
>>> --- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Mon Feb 25 16:26:29 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Mon Feb 25 18:32:10 2013 +0100
>>> @@ -186,7 +186,7 @@
>>> + "\n (" + Translator.R("APPEXTSECguiPanelAppletInfoHederPart2", i.getUnsignedAppletAction(), DateFormat.getInstance().format(i.getTimeStamp()))
>>> + "\n " + Translator.R("APPEXTSECguiTableModelTableColumnDocumentBase") + ": " + i.getDocumentBase().getFilteredRegEx()
>>> + "\n " + Translator.R("APPEXTSECguiTableModelTableColumnCodeBase") + ": " + i.getCodeBase().getFilteredRegEx()
>>> - + "\n " + Translator.R("APPEXTSECguiTableModelTableColumnMainClass") + ": " + ((i.getMainClass() == null) ? "" : i.getMainClass())
>>> + //+ "\n " + Translator.R("APPEXTSECguiTableModelTableColumnMainClass") + ": " + ((i.getMainClass() == null) ? "" : i.getMainClass())
>>> + "\n " + Translator.R("APPEXTSECguiTableModelTableColumnArchives") + ": " + UnsignedAppletActionEntry.createArchivesString(i.getArchives());
>>> }
>>>
>>> @@ -540,7 +540,7 @@
>>> lastDoc = s1;
>>> lastCode = s2;
>>> try {
>>> - List<UnsignedAppletActionEntry> i = currentModel.back.getMatchingItems(s1, s2, null, null);
>>> + List<UnsignedAppletActionEntry> i = currentModel.back.getMatchingItems(s1, s2, null);
>>> if (i == null || i.isEmpty()) {
>>> JOptionPane.showMessageDialog(this, Translator.R("APPEXTSECguiPanelNoMatch"));
>>> } else {
>>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java
>>> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java Mon Feb 25 16:26:29 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java Mon Feb 25 18:32:10 2013 +0100
>>> @@ -47,7 +47,6 @@
>>> private Date timeStamp;
>>> private UrlRegEx documentBase;
>>> private UrlRegEx codeBase;
>>> - private String mainClass;
>>> private List<String> archives;
>>>
>>> public static UnsignedAppletActionEntry createFromString(String s) {
>>> @@ -57,26 +56,21 @@
>>> new Date(new Long(split[1])),
>>> new UrlRegEx(split[2]),
>>> null,
>>> - null,
>>> null);
>>> if (split.length > 3) {
>>> nw.setCodeBase(new UrlRegEx(split[3]));
>>> }
>>> if (split.length > 4) {
>>> - nw.setMainClass(split[4]);
>>> - }
>>> - if (split.length > 5) {
>>> - nw.setArchives(createArchivesList(s.substring(s.indexOf(split[4]) + split[4].length()).trim()));
>>> + nw.setArchives(createArchivesList(s.substring(s.lastIndexOf(split[3]) + split[3].length()).trim()));
>>> }
>>> return nw;
>>> }
>>>
>>> - public UnsignedAppletActionEntry(ExecuteUnsignedApplet unsignedAppletAction, Date timeStamp, UrlRegEx documentBase, UrlRegEx codeBase, String mainClass, List<String> archives) {
>>> + public UnsignedAppletActionEntry(ExecuteUnsignedApplet unsignedAppletAction, Date timeStamp, UrlRegEx documentBase, UrlRegEx codeBase, List<String> archives) {
>>> this.unsignedAppletAction = unsignedAppletAction;
>>> this.timeStamp = timeStamp;
>>> this.documentBase = documentBase;
>>> this.codeBase = codeBase;
>>> - this.mainClass = mainClass;
>>> this.archives = archives;
>>>
>>> }
>>> @@ -96,7 +90,6 @@
>>> + " " + ((timeStamp == null) ? "1" : timeStamp.getTime())
>>> + " " + ((documentBase == null) ? "" : documentBase.getRegEx())
>>> + " " + ((codeBase == null) ? "" : codeBase.getRegEx())
>>> - + " " + ((mainClass == null) ? "" : mainClass)
>>> + " " + createArchivesString(archives);
>>> }
>>>
>>> @@ -132,14 +125,6 @@
>>> this.codeBase = codeBase;
>>> }
>>>
>>> - public String getMainClass() {
>>> - return mainClass;
>>> - }
>>> -
>>> - public void setMainClass(String mainClass) {
>>> - this.mainClass = mainClass;
>>> - }
>>> -
>>> public List<String> getArchives() {
>>> return archives;
>>> }
>>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
>>> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java Mon Feb 25 16:26:29 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java Mon Feb 25 18:32:10 2013 +0100
>>> @@ -1,19 +1,37 @@
>>> -/*
>>> - Copyright (C) 2013 Red Hat
>>> +/* Copyright (C) 2013 Red Hat, Inc.
>>>
>>> - This program is free software; you can redistribute it and/or modify
>>> - it under the terms of the GNU General Public License as published by
>>> - the Free Software Foundation; either version 2 of the License, or
>>> - (at your option) any later version.
>>> + This file is part of IcedTea.
>>>
>>> - This program is distributed in the hope that it will be useful, but
>>> - WITHOUT ANY WARRANTY; without even the implied warranty of
>>> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>> + IcedTea is free software; you can redistribute it and/or
>>> + modify it under the terms of the GNU General Public License as published by
>>> + the Free Software Foundation, version 2.
>>> +
>>> + IcedTea is distributed in the hope that it will be useful,
>>> + but WITHOUT ANY WARRANTY; without even the implied warranty of
>>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>> General Public License for more details.
>>>
>>> You should have received a copy of the GNU General Public License
>>> - along with this program; if not, write to the Free Software
>>> - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>>> + along with IcedTea; see the file COPYING. If not, write to
>>> + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>>> + 02110-1301 USA.
>>> +
>>> + Linking this library statically or dynamically with other modules is
>>> + making a combined work based on this library. Thus, the terms and
>>> + conditions of the GNU General Public License cover the whole
>>> + combination.
>>> +
>>> + As a special exception, the copyright holders of this library give you
>>> + permission to link this library with independent modules to produce an
>>> + executable, regardless of the license terms of these independent
>>> + modules, and to copy and distribute the resulting executable under
>>> + terms of your choice, provided that you also meet, for each linked
>>> + independent module, the terms and conditions of the license of that
>>> + module. An independent module is a module which is not derived from
>>> + or based on this library. If you modify this library, you may extend
>>> + this exception to your version of the library, but you are not
>>> + obligated to do so. If you do not wish to do so, delete this
>>> + exception statement from your version.
>>> */
>>> package net.sourceforge.jnlp.security.appletextendedsecurity;
>>>
>>> @@ -50,7 +68,7 @@
>>> * @param archives
>>> * @return
>>> */
>>> - public UnsignedAppletActionEntry getMatchingItem(String documentBase, String codeBase, String mainClass, List<String> archives);
>>> + public UnsignedAppletActionEntry getMatchingItem(String documentBase, String codeBase, List<String> archives);
>>>
>>> /**
>>> * Shortcut getMatchingItem(documentBase, null,null,null)
>>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java
>>> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java Mon Feb 25 16:26:29 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java Mon Feb 25 18:32:10 2013 +0100
>>> @@ -166,9 +166,6 @@
>>> source.setCodeBase(new UrlRegEx((String) aValue));
>>> }
>>> if (columnIndex == 4) {
>>> - source.setMainClass((String) aValue);
>>> - }
>>> - if (columnIndex == 5) {
>>> source.setArchives(UnsignedAppletActionEntry.createArchivesList((String) aValue));
>>> }
>>>
>>> diff -r 98060d84ad58 netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java
>>> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java Mon Feb 25 16:26:29 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java Mon Feb 25 18:32:10 2013 +0100
>>> @@ -131,8 +131,8 @@
>>> }
>>>
>>> @Override
>>> - public UnsignedAppletActionEntry getMatchingItem(String documentBase, String codeBase, String mainClass, List<String> archives) {
>>> - List<UnsignedAppletActionEntry> results = getMatchingItems(documentBase, codeBase, mainClass, archives);
>>> + public UnsignedAppletActionEntry getMatchingItem(String documentBase, String codeBase, List<String> archives) {
>>> + List<UnsignedAppletActionEntry> results = getMatchingItems(documentBase, codeBase, archives);
>>> if (results == null || results.isEmpty()) {
>>> return null;
>>> }
>>> @@ -150,7 +150,7 @@
>>> return results.get(0);
>>> }
>>>
>>> - public List<UnsignedAppletActionEntry> getMatchingItems(String documentBase, String codeBase, String mainClass, List<String> archives) {
>>> + public List<UnsignedAppletActionEntry> getMatchingItems(String documentBase, String codeBase, List<String> archives) {
>>> List<UnsignedAppletActionEntry> result = new ArrayList();
>>> lock();
>>> try {
>>> @@ -159,7 +159,7 @@
>>> return result;
>>> }
>>> for (UnsignedAppletActionEntry unsignedAppletActionEntry : items) {
>>> - if (isMatching(unsignedAppletActionEntry, documentBase, codeBase, mainClass, archives)) {
>>> + if (isMatching(unsignedAppletActionEntry, documentBase, codeBase, archives)) {
>>> result.add(unsignedAppletActionEntry);
>>> }
>>> }
>>> @@ -171,7 +171,7 @@
>>> return result;
>>> }
>>>
>>> - private boolean isMatching(UnsignedAppletActionEntry unsignedAppletActionEntry, String documentBase, String codeBase, String mainClass, List<String> archives) {
>>> + private boolean isMatching(UnsignedAppletActionEntry unsignedAppletActionEntry, String documentBase, String codeBase, List<String> archives) {
>>> boolean result = true;
>>> if (documentBase != null && !documentBase.trim().isEmpty()) {
>>> result = result && documentBase.matches(unsignedAppletActionEntry.getDocumentBase().getRegEx());
>>> @@ -179,10 +179,6 @@
>>> if (codeBase != null && !codeBase.trim().isEmpty()) {
>>> result = result && codeBase.matches(unsignedAppletActionEntry.getCodeBase().getRegEx());
>>> }
>>> - if (mainClass != null && !mainClass.trim().isEmpty()) {
>>> - result = result && mainClass.equals(unsignedAppletActionEntry.getMainClass());
>>> - }
>>> -
>>> if (archives != null) {
>>> result = result && compareArchives(archives, unsignedAppletActionEntry.getArchives());
>>> }
>>> @@ -195,6 +191,15 @@
>>> }
>>>
>>> private boolean compareArchives(List<String> archives, List<String> saved) {
>>> + if (archives == null && saved !=null){
>>> + return false;
>>> + }
>>> + if (archives != null && saved ==null){
>>> + return false;
>>> + }
>>> + if (archives == null && saved ==null){
>>> + return true;
>>> + }
>>> if (archives.size() != saved.size()) {
>>> return false;
>>> }
>>> @@ -220,16 +225,16 @@
>>>
>>> @Override
>>> public UnsignedAppletActionEntry getMatchingItemByDocumentBase(String documentBase) {
>>> - return getMatchingItem(documentBase, null, null, null);
>>> + return getMatchingItem(documentBase, null, null);
>>> }
>>>
>>> @Override
>>> public UnsignedAppletActionEntry getMatchingItemByCodeBase(String codeBase) {
>>> - return getMatchingItem(null, codeBase, null, null);
>>> + return getMatchingItem(null, codeBase, null);
>>> }
>>>
>>> @Override
>>> public UnsignedAppletActionEntry getMatchingItemByBases(String documentBase, String codeBase) {
>>> - return getMatchingItem(documentBase, codeBase, null, null);
>>> + return getMatchingItem(documentBase, codeBase, null);
>>> }
>>> }
>>> diff -r 98060d84ad58 tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java
>>> --- a/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java Mon Feb 25 16:26:29 2013 +0100
>>> +++ b/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java Mon Feb 25 18:32:10 2013 +0100
>>> @@ -59,22 +59,20 @@
>>> f2 = File.createTempFile("itwMatching", "testFile2");
>>> f3 = File.createTempFile("itwMatching", "testFile3");
>>> f4 = File.createTempFile("itwMatching", "testFile4");
>>> - ServerAccess.saveFile("A 123456 .* .* main jar1,jar2", f1);
>>> - ServerAccess.saveFile("A 123456 .* \\Qbla\\E main jar1,jar2", f2);
>>> + ServerAccess.saveFile("A 123456 .* .* jar1,jar2", f1);
>>> + ServerAccess.saveFile("A 123456 .* \\Qbla\\E jar1,jar2", f2);
>>> }
>>>
>>> @Test
>>> public void allMatchingDocAndCode() {
>>> UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(f1);
>>> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla", "blaBla", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
>>> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla", "blaBla", Arrays.asList(new String[]{"jar1", "jar2"}));
>>> Assert.assertNotNull("r1 should be found", r1);
>>> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("blah", "blaBla", "main", Arrays.asList(new String[]{"jar2", "jar1"}));
>>> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("blah", "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
>>> Assert.assertNotNull("r3 should be found", r1);
>>> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBlam", "wrong_main", Arrays.asList(new String[]{"jar1", "jar2"}));
>>> - Assert.assertNull("r2 should NOT be found", r2);
>>> - UnsignedAppletActionEntry r4 = i1.getMatchingItem("blha", "blaBlam", "main", Arrays.asList(new String[]{"jar2", "wrong_jar"}));
>>> + UnsignedAppletActionEntry r4 = i1.getMatchingItem("blha", "blaBlam", Arrays.asList(new String[]{"jar2", "wrong_jar"}));
>>> Assert.assertNull("r4 should NOT be found", r4);
>>> - UnsignedAppletActionEntry r5 = i1.getMatchingItem("blaBla", "blaBlaBla", "main", Arrays.asList(new String[]{"jar2"}));
>>> + UnsignedAppletActionEntry r5 = i1.getMatchingItem("blaBla", "blaBlaBla", Arrays.asList(new String[]{"jar2"}));
>>> Assert.assertNull("r5 should NOT be found", r5);
>>>
>>> }
>>> @@ -82,13 +80,13 @@
>>> @Test
>>> public void allMatchingDocAndStrictCode() {
>>> UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(f2);
>>> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("whatever", "bla", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
>>> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("whatever", "bla", Arrays.asList(new String[]{"jar1", "jar2"}));
>>> Assert.assertNotNull("r1 should be found", r1);
>>> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("whatever", null, "main", Arrays.asList(new String[]{"jar2", "jar1"}));
>>> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("whatever", null, Arrays.asList(new String[]{"jar2", "jar1"}));
>>> Assert.assertNotNull("r3 should be found", r1);
>>> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBlam", "main", Arrays.asList(new String[]{"jar1", "jar2"}));
>>> + UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBlam", Arrays.asList(new String[]{"jar1", "jar2"}));
>>> Assert.assertNull("r2 should NOT be found", r2);
>>> - UnsignedAppletActionEntry r4 = i1.getMatchingItem(null, "blaBlam", null, null);
>>> + UnsignedAppletActionEntry r4 = i1.getMatchingItem(null, "blaBlam", null);
>>> Assert.assertNull("r4 should NOT be found", r4);
>>>
>>> }
>>> @@ -96,19 +94,19 @@
>>> @Test
>>> public void allMatchingDocAndCodeWithNulls() {
>>> UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(f1);
>>> - UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla", "blaBla", null, null);
>>> + UnsignedAppletActionEntry r1 = i1.getMatchingItem("bla", "blaBla", null);
>>> Assert.assertNotNull("r1 should be found", r1);
>>> - UnsignedAppletActionEntry r3 = i1.getMatchingItem("bla", "whatever", "", null);
>>> + UnsignedAppletActionEntry r3 = i1.getMatchingItem("bla", "whatever", null);
>>> Assert.assertNotNull("r3 should be found", r1);
>>> - UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBla", null, Arrays.asList(new String[]{"jar2", "jar1"}));
>>> + UnsignedAppletActionEntry r2 = i1.getMatchingItem("bla", "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
>>> Assert.assertNotNull("r2 should be found", r2);
>>> - UnsignedAppletActionEntry r4 = i1.getMatchingItem("bla", "blaBla", "main", null);
>>> + UnsignedAppletActionEntry r4 = i1.getMatchingItem("bla", "blaBla", null);
>>> Assert.assertNotNull("r4 should be found", r4);
>>> - UnsignedAppletActionEntry r5 = i1.getMatchingItem("", "blaBla", "main", Arrays.asList(new String[]{"jar2", "jar1"}));
>>> + UnsignedAppletActionEntry r5 = i1.getMatchingItem("", "blaBla", Arrays.asList(new String[]{"jar2", "jar1"}));
>>> Assert.assertNotNull("r5 should be found", r5);
>>> - UnsignedAppletActionEntry r6 = i1.getMatchingItem(null, null, "main", Arrays.asList(new String[]{"jar2", "jar1"}));
>>> + UnsignedAppletActionEntry r6 = i1.getMatchingItem(null, null, Arrays.asList(new String[]{"jar2", "jar1"}));
>>> Assert.assertNotNull("r6 should be found", r6);
>>> - UnsignedAppletActionEntry r7 = i1.getMatchingItem(null, null, "main", Arrays.asList(new String[]{"jar2", "jar11"}));
>>> + UnsignedAppletActionEntry r7 = i1.getMatchingItem(null, null, Arrays.asList(new String[]{"jar2", "jar11"}));
>>> Assert.assertNull("r7 should NOT be found", r7);
>>>
>>
>> Looks good to me.
>>
>> agreedChangesToLockingFile -- agreed.
>>
>>
>> newMatchByStrength -- looks fine.
>>
>>
>> addingFilteringForTable:
>>
>> This seems a bit overly complex TBH. I don't think the user needs to be aware of the 'temporaries' at all. There are too many options as-is... However it is done, so I will review it.
>>
>>> diff -r 886c91766b45 -r b281229f08cc netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
>>> --- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Mon Feb 25 12:50:15 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Mon Feb 25 14:53:30 2013 +0100
>>> @@ -145,7 +145,7 @@
>>> }
>>>
>>> public void addRow() {
>>> - int i = back.toArray().length;
>>> + int i = back.toArray().length-1;
>>> String s = "\\Qhttp://localhost:80/\\E.*";
>>> back.add(new UnsignedAppletActionEntry(
>>> ExecuteUnsignedApplet.NEVER,
>>> @@ -163,7 +163,7 @@
>>> }
>>>
>>> public void clear() {
>>> - int i = getRowCount();
>>> + int i = getRowCount()-1;
>>> back.clear();
>>> fireTableRowsDeleted(0, i);
>>> }
>>> @@ -175,14 +175,14 @@
>>> }
>>>
>>> void moveUp(int selectedRow) {
>>> - int i = getRowCount();
>>> + int i = getRowCount()-1;
>>> back.moveUp(selectedRow);
>>> - fireTableRowsUpdated(i - 1, i);
>>> + fireTableRowsUpdated(i, i);
>>> }
>>>
>>> void moveDown(int selectedRow) {
>>> - int i = getRowCount();
>>> + int i = getRowCount()-1;
>>> back.moveDown(selectedRow);
>>> - fireTableRowsUpdated(i, i + 1);
>>> + fireTableRowsUpdated(i, i);
>>> }
>>> }
>>> diff -r 886c91766b45 -r b281229f08cc netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
>>> --- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Mon Feb 25 12:50:15 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Mon Feb 25 14:53:30 2013 +0100
>>> @@ -37,6 +37,8 @@
>>>
>>> import java.awt.BorderLayout;
>>> import java.awt.Component;
>>> +import java.awt.event.ActionEvent;
>>> +import java.awt.event.ActionListener;
>>> import java.awt.event.KeyAdapter;
>>> import java.awt.event.KeyEvent;
>>> import java.awt.event.KeyListener;
>>> @@ -57,6 +59,8 @@
>>> import javax.swing.JPanel;
>>> import javax.swing.JTable;
>>> import javax.swing.JTextField;
>>> +import javax.swing.RowFilter;
>>> +import javax.swing.RowFilter.Entry;
>>> import javax.swing.event.ChangeEvent;
>>> import javax.swing.event.ChangeListener;
>>> import javax.swing.event.ListSelectionEvent;
>>> @@ -66,6 +70,7 @@
>>> import javax.swing.table.TableCellEditor;
>>> import javax.swing.table.TableCellRenderer;
>>> import javax.swing.table.TableModel;
>>> +import javax.swing.table.TableRowSorter;
>>> import net.sourceforge.jnlp.config.DeploymentConfiguration;
>>> import net.sourceforge.jnlp.runtime.Translator;
>>> import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
>>> @@ -88,6 +93,7 @@
>>> private javax.swing.JCheckBox filterRegexesCheckBox;
>>> private javax.swing.JComboBox mainPolicyComboBox;
>>> private javax.swing.JComboBox deleteTypeComboBox;
>>> + private javax.swing.JComboBox viewFilter;
>>> private javax.swing.JLabel globalBehaviourLabel;
>>> private javax.swing.JLabel securityLevelLabel;
>>> private javax.swing.JScrollPane userTableScrollPane;
>>> @@ -99,6 +105,8 @@
>>> private final UnsignedAppletActionStorageExtendedImpl globalBackEnd;
>>> private final UnsignedAppletActionTableModel customModel;
>>> private final UnsignedAppletActionTableModel globalModel;
>>> + private final ByPermanenciFilter customFilter;
>>> + private final ByPermanenciFilter globalFilter;
>>> private final DeploymentConfiguration conf;
>>> private javax.swing.JTable currentTable;
>>> private UnsignedAppletActionTableModel currentModel;
>>> @@ -143,7 +151,11 @@
>>> globalBackEnd = new UnsignedAppletActionStorageExtendedImpl(globalSettings);
>>> customModel = new UnsignedAppletActionTableModel(customBackEnd);
>>> globalModel = new UnsignedAppletActionTableModel(globalBackEnd);
>>> + customFilter = new ByPermanenciFilter(customModel);
>>> + globalFilter = new ByPermanenciFilter(globalModel);
>>> initComponents();
>>> + userTable.setRowSorter(customFilter);
>>> + globalTable.setRowSorter(globalFilter);
>>> this.conf = conf;
>>> AppletSecurityLevel gs = AppletSecurityLevel.getDefault();
>>> String s = conf.getProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL);
>>> @@ -154,8 +166,8 @@
>>> userTable.getSelectionModel().addListSelectionListener(new SingleSelectionListenerImpl(userTable));
>>> globalTable.getSelectionModel().addListSelectionListener(new SingleSelectionListenerImpl(globalTable));
>>>
>>> - userTable.addKeyListener(new deleteAdapter(userTable));
>>> - globalTable.addKeyListener(new deleteAdapter(globalTable));
>>> + userTable.addKeyListener(new DeleteAdapter(userTable));
>>> + globalTable.addKeyListener(new DeleteAdapter(globalTable));
>>> currentTable = userTable;
>>> currentModel = customModel;
>>> setButtons((!currentModel.back.isReadOnly()));
>>> @@ -246,6 +258,7 @@
>>> securityLevelLabel = new javax.swing.JLabel();
>>> globalBehaviourLabel = new javax.swing.JLabel();
>>> deleteTypeComboBox = new javax.swing.JComboBox();
>>> + viewFilter = new javax.swing.JComboBox();
>>> deleteButton = new javax.swing.JButton();
>>> testUrlButton = new javax.swing.JButton();
>>> addRowButton = new javax.swing.JButton();
>>> @@ -275,6 +288,45 @@
>>> mainPolicyComboBoxActionPerformed(evt);
>>> }
>>> });
>>> +
>>> + viewFilter.addActionListener(new ActionListener() {
>>> + @Override
>>> + public void actionPerformed(ActionEvent e) {
>>> + int i = viewFilter.getSelectedIndex();
>>> + switch (i) {
>>> + case 0:
>>> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetns);
>>> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetns);
>>> + break;
>>> + case 1:
>>> + customFilter.setRowFilter(ByPermanenciFilter.showTemporals);
>>> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporals);
>>> + break;
>>> + case 2:
>>> + customFilter.setRowFilter(ByPermanenciFilter.showAll);
>>> + globalFilter.setRowFilter(ByPermanenciFilter.showAll);
>>> + break;
>>> + case 3:
>>> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetnA);
>>> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetnA);
>>> + break;
>>> + case 4:
>>> + customFilter.setRowFilter(ByPermanenciFilter.showPernamnetnN);
>>> + globalFilter.setRowFilter(ByPermanenciFilter.showPernamnetnN);
>>> + break;
>>> + case 5:
>>> + customFilter.setRowFilter(ByPermanenciFilter.showTemporalY);
>>> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporalY);
>>> + break;
>>> + case 6:
>>> + customFilter.setRowFilter(ByPermanenciFilter.showTemporalN);
>>> + globalFilter.setRowFilter(ByPermanenciFilter.showTemporalN);
>>> + break;
>>> + }
>>> +
>>> + }
>>> + });
>>> +
>>>
>>> securityLevelLabel.setText(Translator.R("APPEXTSECguiPanelSecurityLevel"));
>>>
>>> @@ -287,6 +339,15 @@
>>> Translator.R("APPEXTSECguiPanelDeleteMenuAlly"),
>>> Translator.R("APPEXTSECguiPanelDeleteMenuAlln"),
>>> Translator.R("APPEXTSECguiPanelDeleteMenuAllAll")}));
>>> +
>>> + viewFilter.setModel(new javax.swing.DefaultComboBoxModel(new String[]{
>>> + Translator.R("APPEXTSECguiPanelShowOnlyPermanent"),
>>> + Translator.R("APPEXTSECguiPanelShowOnlyTemporal"),
>>> + Translator.R("APPEXTSECguiPanelShowAll"),
>>> + Translator.R("APPEXTSECguiPanelShowOnlyPermanentA"),
>>> + Translator.R("APPEXTSECguiPanelShowOnlyPermanentN"),
>>> + Translator.R("APPEXTSECguiPanelShowOnlyTemporalY"),
>>> + Translator.R("APPEXTSECguiPanelShowOnlyTemporalN")}));
>>>
>>> deleteButton.setText(Translator.R("APPEXTSECguiPanelDeleteButton"));
>>> deleteButton.setToolTipText(Translator.R("APPEXTSECguiPanelDeleteButtonToolTip"));
>>> @@ -383,7 +444,8 @@
>>> .addComponent(invertSelectionButton))
>>> .addGroup(layout.createSequentialGroup()
>>> .addComponent(askBeforeActionCheckBox).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
>>> - .addComponent(filterRegexesCheckBox))).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 93, Short.MAX_VALUE)
>>> + .addComponent(filterRegexesCheckBox).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 93, Short.MAX_VALUE)
>>> + .addComponent(viewFilter))).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
>>> .addComponent(helpButton, javax.swing.GroupLayout.PREFERRED_SIZE, 108, javax.swing.GroupLayout.PREFERRED_SIZE))).addContainerGap()));
>>> layout.setVerticalGroup(
>>> layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
>>> @@ -400,7 +462,8 @@
>>> .addComponent(invertSelectionButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
>>> .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
>>> .addComponent(askBeforeActionCheckBox)
>>> - .addComponent(filterRegexesCheckBox)))
>>> + .addComponent(filterRegexesCheckBox)
>>> + .addComponent(viewFilter)))
>>> .addComponent(helpButton, javax.swing.GroupLayout.PREFERRED_SIZE, 53, javax.swing.GroupLayout.PREFERRED_SIZE)).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
>>> .addComponent(mainTabPanel, javax.swing.GroupLayout.DEFAULT_SIZE, 161, Short.MAX_VALUE).addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
>>> .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
>>> @@ -561,7 +624,13 @@
>>>
>>> private void moveRowUpButtonActionPerformed(java.awt.event.ActionEvent evt) {
>>> int orig = currentTable.getSelectedRow();
>>> + if (orig<0 || orig>=currentTable.getRowCount()) {
>>> + return;
>>> + }
>>> int i = currentTable.convertRowIndexToModel(orig);
>>> + if (i<=0) {
>>> + return;
>>> + }
>>> currentModel.moveUp(i);
>>> reloadTable();
>>> if (orig >= 1) {
>>> @@ -571,7 +640,13 @@
>>>
>>> private void moveRowDownButtonActionPerformed(java.awt.event.ActionEvent evt) {
>>> int orig = currentTable.getSelectedRow();
>>> + if (orig<0 || orig>=currentTable.getRowCount()) {
>>> + return;
>>> + }
>>> int i = currentTable.convertRowIndexToModel(orig);
>>> + if (i>=currentTable.getRowCount()-1) {
>>> + return;
>>> + }
>>> currentModel.moveDown(i);
>>> reloadTable();
>>> if (orig < currentModel.getRowCount()) {
>>> @@ -720,7 +795,7 @@
>>> }
>>> }
>>>
>>> - private class SingleSelectionListenerImpl implements ListSelectionListener {
>>> + private final class SingleSelectionListenerImpl implements ListSelectionListener {
>>>
>>> private final JTable table;
>>>
>>> @@ -740,11 +815,11 @@
>>> }
>>> }
>>>
>>> - private class deleteAdapter implements KeyListener {
>>> + private final class DeleteAdapter implements KeyListener {
>>>
>>> private final JTable table;
>>>
>>> - public deleteAdapter(JTable table) {
>>> + public DeleteAdapter(JTable table) {
>>> this.table = table;
>>> }
>>>
>>> @@ -763,4 +838,82 @@
>>> public void keyReleased(KeyEvent e) {
>>> }
>>> }
>>> +
>>> +
>>> + private static final class ByPermanenciFilter extends TableRowSorter<UnsignedAppletActionTableModel> {
>>
>> Permanent and Temporal are very confusing names for what I just consider the 'decisions' and the 'hints'.
>> Anyway, ByPermanenciFilter -> ByPermanencyFilter
>>
>>> +
>>> + private static final class ShowAll extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>>> +
>>> + @Override
>>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>>> + return true;
>>> + }
>>> + }
>>> +
>>> + private static final class ShowPernamnetns extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>>
>> ShowPernamnetns -> ShowPermanents
>>
>>> +
>>> + @Override
>>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>>> + return (o.equals(ExecuteUnsignedApplet.ALWAYS) || o.equals(ExecuteUnsignedApplet.NEVER));
>>> + }
>>> + }
>>> +
>>> + private static final class ShowPernamnetnA extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>>
>> ShowPernamnetnA -> ShowPermanentA
>>
>> I would just have this as 'ShowAlways' though, no ?
>>
>>> +
>>> + @Override
>>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>>> + return (o.equals(ExecuteUnsignedApplet.ALWAYS));
>>> + }
>>> + }
>>> +
>>> + private static final class ShowPernamnetnN extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>>
>> ShowPernamnetnN -> ShowPermanentN
>>
>> I would just have this as 'ShowNever' though, no ?
>>
>>> +
>>> + @Override
>>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>>> + return (o.equals(ExecuteUnsignedApplet.NEVER));
>>> + }
>>> + }
>>> +
>>> + private static final class ShowTemporals extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>>> +
>>> + @Override
>>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>>> + return (o.equals(ExecuteUnsignedApplet.YES) || o.equals(ExecuteUnsignedApplet.NO));
>>> + }
>>> + }
>>> +
>>> + private static final class ShowTemporalY extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>>
>> Too many complications for something the user shouldn't really care about managing IMO.
>> But anyway, I prefer ShowHasChosenYes
>>
>>> +
>>> + @Override
>>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>>> + return (o.equals(ExecuteUnsignedApplet.YES));
>>> + }
>>> + }
>>> +
>>> + private static final class ShowTemporalN extends RowFilter<UnsignedAppletActionTableModel, Integer> {
>>
>> See above, but anyway I prefer ShowHasChosenNo
>>
>>> +
>>> + @Override
>>> + public boolean include(Entry<? extends UnsignedAppletActionTableModel, ? extends Integer> entry) {
>>> + ExecuteUnsignedApplet o = (ExecuteUnsignedApplet) entry.getModel().getValueAt(entry.getIdentifier(), 0);
>>> + return (o.equals(ExecuteUnsignedApplet.NO));
>>> + }
>>> + }
>>> + public static final ShowAll showAll = new ShowAll();
>>> + public static final ShowPernamnetns showPernamnetns = new ShowPernamnetns();
>>> + public static final ShowPernamnetnA showPernamnetnA = new ShowPernamnetnA();
>>> + public static final ShowPernamnetnN showPernamnetnN = new ShowPernamnetnN();
>>> + public static final ShowTemporals showTemporals = new ShowTemporals();
>>> + public static final ShowTemporalY showTemporalY = new ShowTemporalY();
>>> + public static final ShowTemporalN showTemporalN = new ShowTemporalN();
>>> +
>>> + public ByPermanenciFilter(UnsignedAppletActionTableModel model) {
>>> + super(model);
>>> + setRowFilter(showPernamnetns);
>>> + }
>>> + }
>>> }
>>> diff -r 886c91766b45 -r b281229f08cc netx/net/sourceforge/jnlp/resources/Messages.properties
>>> --- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Feb 25 12:50:15 2013 +0100
>>> +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Feb 25 14:53:30 2013 +0100
>>> @@ -528,4 +528,11 @@
>>> APPEXTSECguiPanelEmptyDoc=All document-bases must be full
>>> APPEXTSECguiPanelEmptyCode=All code-bases must be full
>>> APPEXTSECguiPanelTableValid=Table looks valid
>>> -APPEXTSECguiPanelTableInvalid=Invalid with following error: {0}
>>> \ No newline at end of file
>>> +APPEXTSECguiPanelTableInvalid=Invalid with following error: {0}
>>> +APPEXTSECguiPanelShowOnlyPermanent=Show only permanent records
>>> +APPEXTSECguiPanelShowOnlyTemporal=Show only temporal records
>>> +APPEXTSECguiPanelShowAll=Show all records
>>> +APPEXTSECguiPanelShowOnlyPermanentA=Show only allowed permanent records
>>> +APPEXTSECguiPanelShowOnlyPermanentN=Show only forbidden permanent records
>>> +APPEXTSECguiPanelShowOnlyTemporalY=Show only temporally allowed records
>>
>> Funny, 'temporally' is technically a valid word here, but I'm sure you meant 'temporarily' :-) but this is much clearer as 'Show previously allowed applets'. Calling something that was allowed once 'temporarily allowed' is confusing.
>>
>>> +APPEXTSECguiPanelShowOnlyTemporalN=Show only temporally denied records
>>
>> 'Show previously denied applets'
>>
>>> \ No newline at end of file
>>
>> Overall not sure how I feel about this one, but I guess I'm OK with it in the interest of getting this into HEAD.
>>
>> BTW You never did give me that URL encoding suggestion :-)
>>
>> -Adam
>
> huh... I'm getting drowned from this and it seems its doing whats expected.
> So enjoy the writing of changelog and fire it :)
> /me looking forward for extend version and for embeded version O:P
>

Actually it would be nice to have reproducers for individual cases. But I definitely do not want to waste your time on it.It can be easy task for the new intern in Toronto.
>
> J.