Mercurial > hg > release > icedtea-web-1.3

changeset 444:1d7e18be89f4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Last hope for not downloaded resources to be verified
author Jiri Vanek <jvanek@redhat.com>
date Tue, 26 Jun 2012 10:11:53 +0200
parents 6e738371cd34
children 76f6be344fef
files ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
diffstat 2 files changed, 29 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Mon Jun 25 14:50:11 2012 -0400
+++ b/ChangeLog	Tue Jun 26 10:11:53 2012 +0200
@@ -1,3 +1,11 @@
+2012-06-26  Jiri Vanek  <jvanek@redhat.com>
+
+	Last hope for not downloaded resources to be verified
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
+	(getCodeSourceSecurity): will now try to download and verify resource
+	which was downloaded outside of netx.
+	(alreadyTried) set for memory of once tried resources to not try again 
+
 2012-06-25  Adam Domurad  <adomurad@redhat.com>
 
 	Small comment cleanup to classes with missing or wrong descriptions.
@@ -24,7 +32,7 @@
 	(NP_Initialize): Make use of initialization helper functions, get
 	rid of old size tests and error if the helper functions fail.
 
-2012-06-18  Adam Domurad  <adomurad@redhat.com>
+2012-06-20  Adam Domurad  <adomurad@redhat.com>
 
 	* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
 	(verifyJar): two for loops made into for-each loops
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Mon Jun 25 14:50:11 2012 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Tue Jun 26 10:11:53 2012 +0200
@@ -172,6 +172,9 @@
     /** Map of specific original (remote) CodeSource Urls  to securitydesc */
     private HashMap<URL, SecurityDesc> jarLocationSecurityMap =
             new HashMap<URL, SecurityDesc>();
+
+    /*Set to prevent once tried-to-get resources to be tried again*/
+    private Set<URL> alreadyTried = Collections.synchronizedSet(new HashSet<URL>());
     
     /** Loader for codebase (which is a path, rather than a file) */
     private CodeBaseClassLoader codeBaseLoader;
@@ -1810,11 +1813,27 @@
 
     protected SecurityDesc getCodeSourceSecurity(URL source) {
         SecurityDesc sec=jarLocationSecurityMap.get(source);
+        if (sec == null && !alreadyTried.contains(source)) {
+            alreadyTried.add(source);
+            //try to load the jar which is requesting the permissions, but was NOT downloaded by standard way
+            if (JNLPRuntime.isDebug()) {
+                System.out.println("Application is trying to get permissions for " + source.toString() + ", which was not added by standard way. Trying to download and verify!");
+            }
+            try {
+                JARDesc des = new JARDesc(source, null, null, false, false, false, false);
+                addNewJar(des);
+                sec = jarLocationSecurityMap.get(source);
+            } catch (Throwable t) {
+                if (JNLPRuntime.isDebug()) {
+                    t.printStackTrace();
+                }
+                sec = null;
+            }
+        }
         if (sec == null){
             System.out.println(Translator.R("LNoSecInstance",source.toString()));
         }
         return sec;
-
     }
 
     /**