[rfc][icedtea-web] Add -defaultfile switch to PolicyEditor
Andrew Azores
aazores at redhat.com
Thu Jul 30 16:06:47 UTC 2015
On 30/07/15 11:47 AM, Jiri Vanek wrote:
> On 07/30/2015 05:26 PM, Andrew Azores wrote:
>> Hi,
>>
>> This patch adds a -defaultfile switch to PolicyEditor which allows
>> for directly opening the default
>> policy file (the one which will be used by ITW to load custom
>> policies for runtime permissions) from
>> a command line launch. If -defaultfile and -file are both specified
>> then PolicyEditor dies because
>> it doesn't make sense for both to be provided.
>>
>
> I really like the idea :)))
>
> What is the deeper thought behind, hmm? :)
>
> Small nits at the end.
>
> (aand.... if you have ldracz around, tell him his generate flags for
> autocompeltion is heavily needed! :)) )
>> --
>> Thanks,
>>
>> Andrew Azores
>>
>>
>> defaultfile-switch.patch
>>
>>
>> # HG changeset patch
>> # User Andrew Azores<aazores at redhat.com>
>> # Date 1438269921 14400
>> # Thu Jul 30 11:25:21 2015 -0400
>> # Node ID d02feb071c3889f03849d46e314de1fb7b877358
>> # Parent e09b5c8bf3cb03247ecd6e11e359494e11030782
>> Add -defaultfile switch to PolicyEditor
>>
>> 2015-07-30 Andrew Azores<aazores at redhat.com>
>>
>> Add -defaultfile switch to PolicyEditor
>> * NEWS: add note about defaultfile flag
>> * netx/net/sourceforge/jnlp/OptionsDefinitions.java (OPTIONS,
>> getPolicyEditorOptions): add DEFAULTFILE for
>> PolicyEditor
>> * netx/net/sourceforge/jnlp/resources/Messages.properties
>> (PBODefaultFile,
>> PEDefaultFileFilePathSpecifiedError): new messages
>> * netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java
>> (main): add handling for -defaultfile, die when both
>> -defaultfile and
>> -file are given
>> (openDefaultButtonAction): extract method
>> (getDefaultPolicyFilePath): new method extracted from
>> openDefaultButtonAction
>>
>> diff --git a/ChangeLog b/ChangeLog
>> --- a/ChangeLog
>> +++ b/ChangeLog
>> @@ -1,3 +1,19 @@
>> +2015-07-30 Andrew Azores<aazores at redhat.com>
>> +
>> + Add -defaultfile switch to PolicyEditor
>> + * NEWS: add note about defaultfile flag
>> + * netx/net/sourceforge/jnlp/OptionsDefinitions.java (OPTIONS,
>> + getPolicyEditorOptions): add DEFAULTFILE for
>> + PolicyEditor
>> + * netx/net/sourceforge/jnlp/resources/Messages.properties
>> (PBODefaultFile,
>> + PEDefaultFileFilePathSpecifiedError): new messages
>> + * netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java
>> + (main): add handling for -defaultfile, die when both
>> -defaultfile and
>> + -file are given
>> + (openDefaultButtonAction): extract method
>> + (getDefaultPolicyFilePath): new method extracted from
>> + openDefaultButtonAction
>> +
>> 2015-07-29 Jiri Vanek<jvanek at redhat.com>
>>
>> Added tests for single signed jar with manifest containing
>> trusted-only
>> diff --git a/NEWS b/NEWS
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -30,6 +30,7 @@
>> - fixed issue with -html receiving garbage in width and height
>> * PolicyEditor
>> - file flag made to work when used standalone
>> + - defaultfile flag added
>> - support for SignedBy and Principals along with existing Codebase
>>
>> New in release 1.6 (2015-XX-XX):
>> diff --git a/netx/net/sourceforge/jnlp/OptionsDefinitions.java
>> b/netx/net/sourceforge/jnlp/OptionsDefinitions.java
>> --- a/netx/net/sourceforge/jnlp/OptionsDefinitions.java
>> +++ b/netx/net/sourceforge/jnlp/OptionsDefinitions.java
>> @@ -86,6 +86,7 @@
>> //policyeditor
>> //-help
>> FILE("-file", "policy_file", "PBOFile",
>> NumberOfArguments.ONE),
>> + DEFAULTFILE("-defaultfile", "PBODefaultFile"),
>> CODEBASE("-codebase", "url", "PBOCodebase",
>> NumberOfArguments.ONE),
>> SIGNEDBY("-signedby", "certificate_alias", "PBOSignedBy",
>> NumberOfArguments.ONE),
>> PRINCIPALS("-principals", "class_name principal_name",
>> "PBOPrincipals", NumberOfArguments.EVEN_NUMBER_SUPPORTS_EQUALS_CHAR);
>> @@ -176,6 +177,7 @@
>> return Arrays.asList(new OPTIONS[]{
>> OPTIONS.HELP1,
>> OPTIONS.FILE,
>> + OPTIONS.DEFAULTFILE,
>> OPTIONS.CODEBASE,
>> OPTIONS.SIGNEDBY,
>> OPTIONS.PRINCIPALS,
>> diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties
>> b/netx/net/sourceforge/jnlp/resources/Messages.properties
>> --- a/netx/net/sourceforge/jnlp/resources/Messages.properties
>> +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties
>> @@ -357,6 +357,8 @@
>>
>> PBOFile=Specifies a policy file path to open. If exactly one
>> argument is given, and it is not this flag, it is interpreted as a
>> file path to open, as if this flag was given first. This flag exists \
>> mostly for compatibility with Policy Tool.
>> +PBODefaultFile=Specifies that the default user-level policy file
>> should be opened. This is the file which is normally used by
>> IcedTea-Web to make decisions about custom policies and permissions \
>> +for applets at runtime, unless configured otherwise.
>> PBOCodebase=Specifies an applet codebase URL. This can be used with
>> the other selector options to select a policy entry upon opening the
>> editor; \
>> if no such identifier exists then it will be created and then
>> selected.
>> PBOSignedBy=Specifies a certificate alias for a certificate stored
>> in the keystore. This can be used with the other selector options to
>> select a policy entry upon opening the editor; \
>> @@ -776,6 +778,7 @@
>> PEInvalidIdentifier=Please fill in/modify at least one of the fields.
>> PEIdentifierMatchesAll=Please fill in/modify at least one of the
>> fields.
>> PEClipboardAccessError=Could not read from clipboard
>> +PEDefaultFileFilePathSpecifiedError=Either -file or -defaultfile may
>> be specified, but not both
>>
>> PEHelpMenu=Help
>> PEAboutPolicyEditorItem=About PolicyEditor
>> diff --git
>> a/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java
>> b/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java
>> --- a/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java
>> +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java
>> @@ -356,7 +356,7 @@
>> return;
>> }
>> try {
>> - PolicyEditor.this.setFile(new File(new
>> URI(PathsAndFiles.JAVA_POLICY.getFullPath())).getAbsolutePath());
>> + PolicyEditor.this.setFile(getDefaultPolicyFilePath());
>> PolicyEditor.this.getFile().createNewFile();
>> } catch (final IOException | URISyntaxException e) {
>> OutputController.getLogger().log(e);
>> @@ -516,6 +516,10 @@
>> setupLayout();
>> }
>>
>> + private static String getDefaultPolicyFilePath() throws
>> URISyntaxException {
>> + return new File(new
>> URI(PathsAndFiles.JAVA_POLICY.getFullPath())).getAbsolutePath();
>> + }
>
> Are you sure you ened URI???
> Isnt return PathsAndFiles.JAVA_POLICY.getFullPath() absolutley enough?
>
> If you look into PathsAndFiles you will see that you are converting
> string->uri->file->string
> Why uri inthe middle? If it isnotneeded, then string->file->string
> have no sense...
PathsAndFiles.JAVA_POLICY.getFullPath() returns the path with a file://
protocol prepended to it, so it's actually giving a URI to a filesystem
resource, not simply a filesystem path. The File(String) constructor
doesn't like this, and so rather than trying to do something like trim
the file:// protocol off with string manipulation, I do the "create a
URI from it and use that for the File" hoop-jumping.
>> +
>> private void addDefaultAllAppletsIdentifier() {
>> addNewEntry(PolicyIdentifier.ALL_APPLETS_IDENTIFIER);
>> }
>> @@ -1758,13 +1762,29 @@
>> SwingUtilities.invokeLater(new Runnable() {
>> @Override
>> public void run() {
>> - String filepath =
>> optionParser.getParam(OptionsDefinitions.OPTIONS.FILE);
>> - if (filepath == null || filepath.isEmpty() ||
>> filepath.trim().isEmpty()) {
>> - // maybe the user just forgot the -file flag, so
>> try to open anyway
>> - filepath = optionParser.getMainArg();
>> + final boolean openDefaultFile =
>> optionParser.hasOption(OptionsDefinitions.OPTIONS.DEFAULTFILE);
>> + final boolean hasFileArgument =
>> optionParser.hasOption(OptionsDefinitions.OPTIONS.FILE);
>> + if (hasFileArgument && openDefaultFile) {
>> + throw new
>> IllegalArgumentException(R("PEDefaultFileFilePathSpecifiedError"));
>> }
>> - if (filepath == null || filepath.isEmpty() ||
>> filepath.trim().isEmpty()) {
>
> Isnt there missing condiotion of "defautl parameter"
>
> like
> policyeditor -defautlfile otherFile or policyeditor otherFile
> -defautlfile
> shold be invalid in same way as
> policyeditor -defautlfile -file otherFile or policyeditor -file
> otherFile -defautlfile
Right, good catch.
>
>> - filepath = null;
>> +
>> + String filepath = null;
>> + if (hasFileArgument) {
>> + filepath =
>> optionParser.getParam(OptionsDefinitions.OPTIONS.FILE);
>> + if (filepath == null || filepath.isEmpty() ||
>> filepath.trim().isEmpty()) {
>> + // maybe the user just forgot the -file
>> flag, so try to open anyway
>> + filepath = optionParser.getMainArg();
>> + }
>> + if (filepath == null || filepath.isEmpty() ||
>> filepath.trim().isEmpty()) {
>> + filepath = null;
>> + }
>> + } else if (openDefaultFile) {
>> + try {
>> + filepath = getDefaultPolicyFilePath();
>> + } catch (URISyntaxException e) {
>> + OutputController.getLogger().log(e);
>> + throw new RuntimeException(e);
>> + }
>> }
>> final PolicyEditorWindow frame =
>> getPolicyEditorFrame(filepath);
>> final String codebase =
>> optionParser.getParam(OptionsDefinitions.OPTIONS.CODEBASE);
>>
>
> Cant this be done better?
> The hunk is a bit unreadable. But Maybe I'm just tired. If you dont
> figure something (definitely) nicer, go you can go with this one.
>
>
>
Rolled in with the fix above.
--
Thanks,
Andrew Azores
-------------- next part --------------
A non-text attachment was scrubbed...
Name: defaultfile-switch-2.patch
Type: text/x-patch
Size: 8479 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150730/9b24e2dd/defaultfile-switch-2-0001.patch>
More information about the distro-pkg-dev
mailing list