/hg/icedtea-web: Add RequestedPermissionLevel enum
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Tue Apr 1 14:27:34 UTC 2014
changeset fc9ab70d0b32 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=fc9ab70d0b32
author: Andrew Azores <aazores at redhat.com>
date: Tue Apr 01 10:27:16 2014 -0400
Add RequestedPermissionLevel enum
Allows for the ability to distinguish between an applet being granted
the default permissions for its signing state, and an applet explicitly
requesting this permission level in its JNLP/HTML. eg signed plugin
applet specifying all-permissions in its permissions param vs signed
plugin applet with no permissions param at all.
* netx/net/sourceforge/jnlp/SecurityDesc.java: (RequestedPermissionLevel)
new enum to describe the permission level requested in an applet's
JNLP/HTML. (requestedPermissionLevel) new field. (SecurityDesc) new
constructor with RequestedPermissionLevel added.
(getRequestedPermissionLevel) new method.
* netx/net/sourceforge/jnlp/JNLPFile.java: (getRequestedPermissionLevel)
new method
* netx/net/sourceforge/jnlp/Parser.java: (getSecurity) construct
SecurityDescs with correct RequestedPermissionLevel
* netx/net/sourceforge/jnlp/PluginBridge.java:
(getRequestedPermissionLevel) new overridden method
* netx/net/sourceforge/jnlp/PluginParameters.java: (getPermissions) new
method
diffstat:
ChangeLog | 30 ++++++-
netx/net/sourceforge/jnlp/JNLPFile.java | 5 +
netx/net/sourceforge/jnlp/Parser.java | 23 ++++--
netx/net/sourceforge/jnlp/PluginBridge.java | 17 ++++
netx/net/sourceforge/jnlp/PluginParameters.java | 4 +
netx/net/sourceforge/jnlp/SecurityDesc.java | 92 ++++++++++++++++++++++++-
6 files changed, 155 insertions(+), 16 deletions(-)
diffs (326 lines):
diff -r 2670820a9609 -r fc9ab70d0b32 ChangeLog
--- a/ChangeLog Tue Apr 01 11:34:16 2014 +0200
+++ b/ChangeLog Tue Apr 01 10:27:16 2014 -0400
@@ -1,16 +1,32 @@
-2013-04-01 Jiri Vanek <jvanek at redhat.com>
+2014-04-01 Andrew Azores <aazores at redhat.com
+
+ * netx/net/sourceforge/jnlp/SecurityDesc.java: (RequestedPermissionLevel)
+ new enum to describe the permission level requested in an applet's
+ JNLP/HTML. (requestedPermissionLevel) new field. (SecurityDesc) new
+ constructor with RequestedPermissionLevel added.
+ (getRequestedPermissionLevel) new method.
+ * netx/net/sourceforge/jnlp/JNLPFile.java: (getRequestedPermissionLevel)
+ new method
+ * netx/net/sourceforge/jnlp/Parser.java: (getSecurity) construct
+ SecurityDescs with correct RequestedPermissionLevel
+ * netx/net/sourceforge/jnlp/PluginBridge.java:
+ (getRequestedPermissionLevel) new overridden method
+ * netx/net/sourceforge/jnlp/PluginParameters.java: (getPermissions) new
+ method
+
+2014-04-01 Jiri Vanek <jvanek at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages_cs.properties: adapted to match newest state.
(MissingPermissionsMainTitle) (MissingPermissionsInfo) (ALACAMissingMainTitle) (ALACAMissingInfo)
(ALACAMatchingMainTitle) (ALACAMatchingInfo) removed codebase word, used text in all hrefs.
-2013-04-01 Jiri Vanek <jvanek at redhat.com>
+2014-04-01 Jiri Vanek <jvanek at redhat.com>
Manual quotation in ClasspathMatcher regex replaced by Pattern.quote
* netx/net/sourceforge/jnlp/util/ClasspathMatcher.java: (quote)
is now using Pattern.quote instead manual \Q + original + \E
-2013-04-01 Jiri Vanek <jvanek at redhat.com>
+2014-04-01 Jiri Vanek <jvanek at redhat.com>
Restricted CodebaseMatcher to not match aaexample.com by *.example.com expression
but still match example.com - as in specification.
@@ -22,13 +38,13 @@
focusing on aaexample.com/example.com/aaa.example.com in *.example.com both
path and domain.
-2013-03-31 Omair Majid <omajid at redhat.com>
+2014-03-31 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties
(MissingPermissionsMainTitle): Remove 'codebase'
(MissingPermissionsInfo): Use simple link title.
-2013-03-31 Omair Majid <omajid at redhat.com>
+2014-03-31 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties
(ALACAMissingMainTitle, ALACAMissingInfo ALACAMatchingMainTitle)
@@ -37,7 +53,7 @@
* netx/net/sourceforge/jnlp/util/UrlUtils.java (setOfUrlsToHtmlList):
Enclose list in 'ul' element.
-2013-03-31 Jiri Vanek <jvanek at redhat.com>
+2014-03-31 Jiri Vanek <jvanek at redhat.com>
Allowed wrong match of the aaaexample.com by *.example.com expression as in
specification.
@@ -46,7 +62,7 @@
* tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java:
(matchTest) uncommented and added tests of/for dot issue.
-2013-03-31 Jiri Vanek <jvanek at redhat.com>
+2014-03-31 Jiri Vanek <jvanek at redhat.com>
Alexandr Kolouch <skolnag at gmail.com>
Fixed cz_CS locales and adapted tests
diff -r 2670820a9609 -r fc9ab70d0b32 netx/net/sourceforge/jnlp/JNLPFile.java
--- a/netx/net/sourceforge/jnlp/JNLPFile.java Tue Apr 01 11:34:16 2014 +0200
+++ b/netx/net/sourceforge/jnlp/JNLPFile.java Tue Apr 01 10:27:16 2014 -0400
@@ -29,6 +29,7 @@
import java.util.Locale;
import java.util.jar.Attributes;
+import net.sourceforge.jnlp.SecurityDesc.RequestedPermissionLevel;
import net.sourceforge.jnlp.cache.ResourceTracker;
import net.sourceforge.jnlp.cache.UpdatePolicy;
import net.sourceforge.jnlp.runtime.JNLPClassLoader;
@@ -488,6 +489,10 @@
return security;
}
+ public RequestedPermissionLevel getRequestedPermissionLevel() {
+ return this.security.getRequestedPermissionLevel();
+ }
+
/**
* Returns the resources section of the JNLP file as viewed
* through the default locale and the os.name and os.arch
diff -r 2670820a9609 -r fc9ab70d0b32 netx/net/sourceforge/jnlp/Parser.java
--- a/netx/net/sourceforge/jnlp/Parser.java Tue Apr 01 11:34:16 2014 +0200
+++ b/netx/net/sourceforge/jnlp/Parser.java Tue Apr 01 10:27:16 2014 -0400
@@ -25,6 +25,7 @@
import java.net.*;
import java.util.*;
+import net.sourceforge.jnlp.SecurityDesc.RequestedPermissionLevel;
import net.sourceforge.jnlp.UpdateDesc.Check;
import net.sourceforge.jnlp.UpdateDesc.Policy;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
@@ -595,20 +596,26 @@
throw new ParseException(R("PTwoSecurity"));
Object type = SecurityDesc.SANDBOX_PERMISSIONS;
+ RequestedPermissionLevel requestedPermissionLevel = RequestedPermissionLevel.NONE;
- if (nodes.length == 0)
+ if (nodes.length == 0) {
type = SecurityDesc.SANDBOX_PERMISSIONS;
- else if (null != getChildNode(nodes[0], "all-permissions"))
+ requestedPermissionLevel = RequestedPermissionLevel.NONE;
+ } else if (null != getChildNode(nodes[0], "all-permissions")) {
type = SecurityDesc.ALL_PERMISSIONS;
- else if (null != getChildNode(nodes[0], "j2ee-application-client-permissions"))
+ requestedPermissionLevel = RequestedPermissionLevel.ALL;
+ } else if (null != getChildNode(nodes[0], "j2ee-application-client-permissions")) {
type = SecurityDesc.J2EE_PERMISSIONS;
- else if (strict)
+ requestedPermissionLevel = RequestedPermissionLevel.J2EE;
+ } else if (strict) {
throw new ParseException(R("PEmptySecurity"));
+ }
- if (base != null)
- return new SecurityDesc(file, type, base.getHost());
- else
- return new SecurityDesc(file, type, null);
+ if (base != null) {
+ return new SecurityDesc(file, requestedPermissionLevel, type, base.getHost());
+ } else {
+ return new SecurityDesc(file, requestedPermissionLevel, type, null);
+ }
}
/**
diff -r 2670820a9609 -r fc9ab70d0b32 netx/net/sourceforge/jnlp/PluginBridge.java
--- a/netx/net/sourceforge/jnlp/PluginBridge.java Tue Apr 01 11:34:16 2014 +0200
+++ b/netx/net/sourceforge/jnlp/PluginBridge.java Tue Apr 01 10:27:16 2014 -0400
@@ -36,6 +36,7 @@
import java.util.Map;
import java.util.Set;
+import net.sourceforge.jnlp.SecurityDesc.RequestedPermissionLevel;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.util.logging.OutputController;
import net.sourceforge.jnlp.util.replacements.BASE64Decoder;
@@ -226,6 +227,22 @@
return useJNLPHref;
}
+ @Override
+ public RequestedPermissionLevel getRequestedPermissionLevel() {
+ final String level = params.getPermissions();
+ if (level == null) {
+ return RequestedPermissionLevel.NONE;
+ } else if (level.equals("default")) {
+ return RequestedPermissionLevel.NONE;
+ } else if (level.equals("sandbox")) {
+ return RequestedPermissionLevel.SANDBOX;
+ } else if (level.equals("all-permissions")) {
+ return RequestedPermissionLevel.ALL;
+ } else {
+ return RequestedPermissionLevel.NONE;
+ }
+ }
+
/**
* {@inheritDoc }
*/
diff -r 2670820a9609 -r fc9ab70d0b32 netx/net/sourceforge/jnlp/PluginParameters.java
--- a/netx/net/sourceforge/jnlp/PluginParameters.java Tue Apr 01 11:34:16 2014 +0200
+++ b/netx/net/sourceforge/jnlp/PluginParameters.java Tue Apr 01 10:27:16 2014 -0400
@@ -156,6 +156,10 @@
return Integer.valueOf(heightStr);
}
+ public String getPermissions() {
+ return get("permissions");
+ }
+
public void updateSize(int width, int height) {
parameters.put("width", Integer.toString(width));
parameters.put("height", Integer.toString(height));
diff -r 2670820a9609 -r fc9ab70d0b32 netx/net/sourceforge/jnlp/SecurityDesc.java
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Tue Apr 01 11:34:16 2014 +0200
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Tue Apr 01 10:27:16 2014 -0400
@@ -34,6 +34,73 @@
*/
public class SecurityDesc {
+ /**
+ * Represents the security level requested by an applet/application, as specified in its JNLP or HTML.
+ */
+ public enum RequestedPermissionLevel {
+ NONE(null, null),
+ SANDBOX(null, "sandbox"),
+ J2EE("j2ee-applitcation-client-permissions", null),
+ ALL("all-permissions", "all-permissions");
+
+ private final String jnlpString, htmlString;
+
+ private RequestedPermissionLevel(final String jnlpString, final String htmlString) {
+ this.jnlpString = jnlpString;
+ this.htmlString = htmlString;
+ }
+
+ /**
+ * This permission level, as it would appear requested in a JNLP file. null if this level
+ * is NONE (unspecified) or cannot be requested in a JNLP file.
+ * @return the String level
+ */
+ public String toJnlpString() {
+ return this.jnlpString;
+ }
+
+ /**
+ * This permission level, as it would appear requested in an HTML file. null if this level
+ * is NONE (unspecified) or cannot be requested in an HTML file.
+ * @return the String level
+ */
+ public String toHtmlString() {
+ return this.htmlString;
+ }
+
+ /**
+ * The JNLP permission level corresponding to the given String. If null is given, null comes
+ * back. If there is no permission level that can be granted in JNLP matching the given String,
+ * null is also returned.
+ * @param jnlpString the JNLP permission String
+ * @return the matching RequestedPermissionLevel
+ */
+ public RequestedPermissionLevel fromJnlpString(final String jnlpString) {
+ for (final RequestedPermissionLevel level : RequestedPermissionLevel.values()) {
+ if (level.jnlpString != null && level.jnlpString.equals(jnlpString)) {
+ return level;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * The HTML permission level corresponding to the given String. If null is given, null comes
+ * back. If there is no permission level that can be granted in HTML matching the given String,
+ * null is also returned.
+ * @param jnlpString the JNLP permission String
+ * @return the matching RequestedPermissionLevel
+ */
+ public RequestedPermissionLevel fromHtmlString(final String htmlString) {
+ for (final RequestedPermissionLevel level : RequestedPermissionLevel.values()) {
+ if (level.htmlString != null && level.htmlString.equals(htmlString)) {
+ return level;
+ }
+ }
+ return null;
+ }
+ }
+
/*
* We do not verify security here, the classloader deals with security
*/
@@ -47,6 +114,9 @@
/** J2EE permissions. */
public static final Object J2EE_PERMISSIONS = "J2SE";
+ /** requested permissions type according to HTML or JNLP */
+ private final RequestedPermissionLevel requestedPermissionLevel;
+
/** permissions type */
private Object type;
@@ -147,14 +217,16 @@
* Create a security descriptor.
*
* @param file the JNLP file
+ * @param requestedPermissionLevel the permission level specified in the JNLP
* @param type the type of security
* @param downloadHost the download host (can always connect to)
*/
- public SecurityDesc(JNLPFile file, Object type, String downloadHost) {
+ public SecurityDesc(JNLPFile file, RequestedPermissionLevel requestedPermissionLevel, Object type, String downloadHost) {
if (file == null) {
throw new NullJnlpFileException();
}
this.file = file;
+ this.requestedPermissionLevel = requestedPermissionLevel;
this.type = type;
this.downloadHost = downloadHost;
@@ -165,6 +237,17 @@
}
/**
+ * Create a security descriptor.
+ *
+ * @param file the JNLP file
+ * @param type the type of security
+ * @param downloadHost the download host (can always connect to)
+ */
+ public SecurityDesc(JNLPFile file, Object type, String downloadHost) {
+ this(file, RequestedPermissionLevel.NONE, type, downloadHost);
+ }
+
+ /**
* Returns a Policy object that represents a custom policy to use instead
* of granting {@link AllPermission} to a {@link CodeSource}
*
@@ -226,6 +309,13 @@
}
/**
+ * @return the permission level requested in the JNLP
+ */
+ public RequestedPermissionLevel getRequestedPermissionLevel() {
+ return requestedPermissionLevel;
+ }
+
+ /**
* Returns a PermissionCollection containing the sandbox permissions
*/
public PermissionCollection getSandBoxPermissions() {
More information about the distro-pkg-dev
mailing list