Mercurial > hg > release > icedtea-web-1.5
changeset 970:fc9ab70d0b32
Add RequestedPermissionLevel enum
Allows for the ability to distinguish between an applet being granted
the default permissions for its signing state, and an applet explicitly
requesting this permission level in its JNLP/HTML. eg signed plugin
applet specifying all-permissions in its permissions param vs signed
plugin applet with no permissions param at all.
* netx/net/sourceforge/jnlp/SecurityDesc.java: (RequestedPermissionLevel)
new enum to describe the permission level requested in an applet's
JNLP/HTML. (requestedPermissionLevel) new field. (SecurityDesc) new
constructor with RequestedPermissionLevel added.
(getRequestedPermissionLevel) new method.
* netx/net/sourceforge/jnlp/JNLPFile.java: (getRequestedPermissionLevel)
new method
* netx/net/sourceforge/jnlp/Parser.java: (getSecurity) construct
SecurityDescs with correct RequestedPermissionLevel
* netx/net/sourceforge/jnlp/PluginBridge.java:
(getRequestedPermissionLevel) new overridden method
* netx/net/sourceforge/jnlp/PluginParameters.java: (getPermissions) new
method
| author | Andrew Azores <aazores@redhat.com> |
|---|---|
| date | Tue, 01 Apr 2014 10:27:16 -0400 |
| parents | 2670820a9609 |
| children | 0b2c5e69cb55 |
| files | ChangeLog netx/net/sourceforge/jnlp/JNLPFile.java netx/net/sourceforge/jnlp/Parser.java netx/net/sourceforge/jnlp/PluginBridge.java netx/net/sourceforge/jnlp/PluginParameters.java netx/net/sourceforge/jnlp/SecurityDesc.java |
| diffstat | 6 files changed, 155 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Apr 01 11:34:16 2014 +0200 +++ b/ChangeLog Tue Apr 01 10:27:16 2014 -0400 @@ -1,16 +1,32 @@ -2013-04-01 Jiri Vanek <jvanek@redhat.com> +2014-04-01 Andrew Azores <aazores@redhat.com + + * netx/net/sourceforge/jnlp/SecurityDesc.java: (RequestedPermissionLevel) + new enum to describe the permission level requested in an applet's + JNLP/HTML. (requestedPermissionLevel) new field. (SecurityDesc) new + constructor with RequestedPermissionLevel added. + (getRequestedPermissionLevel) new method. + * netx/net/sourceforge/jnlp/JNLPFile.java: (getRequestedPermissionLevel) + new method + * netx/net/sourceforge/jnlp/Parser.java: (getSecurity) construct + SecurityDescs with correct RequestedPermissionLevel + * netx/net/sourceforge/jnlp/PluginBridge.java: + (getRequestedPermissionLevel) new overridden method + * netx/net/sourceforge/jnlp/PluginParameters.java: (getPermissions) new + method + +2014-04-01 Jiri Vanek <jvanek@redhat.com> * netx/net/sourceforge/jnlp/resources/Messages_cs.properties: adapted to match newest state. (MissingPermissionsMainTitle) (MissingPermissionsInfo) (ALACAMissingMainTitle) (ALACAMissingInfo) (ALACAMatchingMainTitle) (ALACAMatchingInfo) removed codebase word, used text in all hrefs. -2013-04-01 Jiri Vanek <jvanek@redhat.com> +2014-04-01 Jiri Vanek <jvanek@redhat.com> Manual quotation in ClasspathMatcher regex replaced by Pattern.quote * netx/net/sourceforge/jnlp/util/ClasspathMatcher.java: (quote) is now using Pattern.quote instead manual \Q + original + \E -2013-04-01 Jiri Vanek <jvanek@redhat.com> +2014-04-01 Jiri Vanek <jvanek@redhat.com> Restricted CodebaseMatcher to not match aaexample.com by *.example.com expression but still match example.com - as in specification. @@ -22,13 +38,13 @@ focusing on aaexample.com/example.com/aaa.example.com in *.example.com both path and domain. -2013-03-31 Omair Majid <omajid@redhat.com> +2014-03-31 Omair Majid <omajid@redhat.com> * netx/net/sourceforge/jnlp/resources/Messages.properties (MissingPermissionsMainTitle): Remove 'codebase' (MissingPermissionsInfo): Use simple link title. -2013-03-31 Omair Majid <omajid@redhat.com> +2014-03-31 Omair Majid <omajid@redhat.com> * netx/net/sourceforge/jnlp/resources/Messages.properties (ALACAMissingMainTitle, ALACAMissingInfo ALACAMatchingMainTitle) @@ -37,7 +53,7 @@ * netx/net/sourceforge/jnlp/util/UrlUtils.java (setOfUrlsToHtmlList): Enclose list in 'ul' element. -2013-03-31 Jiri Vanek <jvanek@redhat.com> +2014-03-31 Jiri Vanek <jvanek@redhat.com> Allowed wrong match of the aaaexample.com by *.example.com expression as in specification. @@ -46,7 +62,7 @@ * tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java: (matchTest) uncommented and added tests of/for dot issue. -2013-03-31 Jiri Vanek <jvanek@redhat.com> +2014-03-31 Jiri Vanek <jvanek@redhat.com> Alexandr Kolouch <skolnag@gmail.com> Fixed cz_CS locales and adapted tests
--- a/netx/net/sourceforge/jnlp/JNLPFile.java Tue Apr 01 11:34:16 2014 +0200 +++ b/netx/net/sourceforge/jnlp/JNLPFile.java Tue Apr 01 10:27:16 2014 -0400 @@ -29,6 +29,7 @@ import java.util.Locale; import java.util.jar.Attributes; +import net.sourceforge.jnlp.SecurityDesc.RequestedPermissionLevel; import net.sourceforge.jnlp.cache.ResourceTracker; import net.sourceforge.jnlp.cache.UpdatePolicy; import net.sourceforge.jnlp.runtime.JNLPClassLoader; @@ -488,6 +489,10 @@ return security; } + public RequestedPermissionLevel getRequestedPermissionLevel() { + return this.security.getRequestedPermissionLevel(); + } + /** * Returns the resources section of the JNLP file as viewed * through the default locale and the os.name and os.arch
--- a/netx/net/sourceforge/jnlp/Parser.java Tue Apr 01 11:34:16 2014 +0200 +++ b/netx/net/sourceforge/jnlp/Parser.java Tue Apr 01 10:27:16 2014 -0400 @@ -25,6 +25,7 @@ import java.net.*; import java.util.*; +import net.sourceforge.jnlp.SecurityDesc.RequestedPermissionLevel; import net.sourceforge.jnlp.UpdateDesc.Check; import net.sourceforge.jnlp.UpdateDesc.Policy; import net.sourceforge.jnlp.runtime.JNLPRuntime; @@ -595,20 +596,26 @@ throw new ParseException(R("PTwoSecurity")); Object type = SecurityDesc.SANDBOX_PERMISSIONS; + RequestedPermissionLevel requestedPermissionLevel = RequestedPermissionLevel.NONE; - if (nodes.length == 0) + if (nodes.length == 0) { type = SecurityDesc.SANDBOX_PERMISSIONS; - else if (null != getChildNode(nodes[0], "all-permissions")) + requestedPermissionLevel = RequestedPermissionLevel.NONE; + } else if (null != getChildNode(nodes[0], "all-permissions")) { type = SecurityDesc.ALL_PERMISSIONS; - else if (null != getChildNode(nodes[0], "j2ee-application-client-permissions")) + requestedPermissionLevel = RequestedPermissionLevel.ALL; + } else if (null != getChildNode(nodes[0], "j2ee-application-client-permissions")) { type = SecurityDesc.J2EE_PERMISSIONS; - else if (strict) + requestedPermissionLevel = RequestedPermissionLevel.J2EE; + } else if (strict) { throw new ParseException(R("PEmptySecurity")); + } - if (base != null) - return new SecurityDesc(file, type, base.getHost()); - else - return new SecurityDesc(file, type, null); + if (base != null) { + return new SecurityDesc(file, requestedPermissionLevel, type, base.getHost()); + } else { + return new SecurityDesc(file, requestedPermissionLevel, type, null); + } } /**
--- a/netx/net/sourceforge/jnlp/PluginBridge.java Tue Apr 01 11:34:16 2014 +0200 +++ b/netx/net/sourceforge/jnlp/PluginBridge.java Tue Apr 01 10:27:16 2014 -0400 @@ -36,6 +36,7 @@ import java.util.Map; import java.util.Set; +import net.sourceforge.jnlp.SecurityDesc.RequestedPermissionLevel; import net.sourceforge.jnlp.runtime.JNLPRuntime; import net.sourceforge.jnlp.util.logging.OutputController; import net.sourceforge.jnlp.util.replacements.BASE64Decoder; @@ -226,6 +227,22 @@ return useJNLPHref; } + @Override + public RequestedPermissionLevel getRequestedPermissionLevel() { + final String level = params.getPermissions(); + if (level == null) { + return RequestedPermissionLevel.NONE; + } else if (level.equals("default")) { + return RequestedPermissionLevel.NONE; + } else if (level.equals("sandbox")) { + return RequestedPermissionLevel.SANDBOX; + } else if (level.equals("all-permissions")) { + return RequestedPermissionLevel.ALL; + } else { + return RequestedPermissionLevel.NONE; + } + } + /** * {@inheritDoc } */
--- a/netx/net/sourceforge/jnlp/PluginParameters.java Tue Apr 01 11:34:16 2014 +0200 +++ b/netx/net/sourceforge/jnlp/PluginParameters.java Tue Apr 01 10:27:16 2014 -0400 @@ -156,6 +156,10 @@ return Integer.valueOf(heightStr); } + public String getPermissions() { + return get("permissions"); + } + public void updateSize(int width, int height) { parameters.put("width", Integer.toString(width)); parameters.put("height", Integer.toString(height));
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Tue Apr 01 11:34:16 2014 +0200 +++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Tue Apr 01 10:27:16 2014 -0400 @@ -34,6 +34,73 @@ */ public class SecurityDesc { + /** + * Represents the security level requested by an applet/application, as specified in its JNLP or HTML. + */ + public enum RequestedPermissionLevel { + NONE(null, null), + SANDBOX(null, "sandbox"), + J2EE("j2ee-applitcation-client-permissions", null), + ALL("all-permissions", "all-permissions"); + + private final String jnlpString, htmlString; + + private RequestedPermissionLevel(final String jnlpString, final String htmlString) { + this.jnlpString = jnlpString; + this.htmlString = htmlString; + } + + /** + * This permission level, as it would appear requested in a JNLP file. null if this level + * is NONE (unspecified) or cannot be requested in a JNLP file. + * @return the String level + */ + public String toJnlpString() { + return this.jnlpString; + } + + /** + * This permission level, as it would appear requested in an HTML file. null if this level + * is NONE (unspecified) or cannot be requested in an HTML file. + * @return the String level + */ + public String toHtmlString() { + return this.htmlString; + } + + /** + * The JNLP permission level corresponding to the given String. If null is given, null comes + * back. If there is no permission level that can be granted in JNLP matching the given String, + * null is also returned. + * @param jnlpString the JNLP permission String + * @return the matching RequestedPermissionLevel + */ + public RequestedPermissionLevel fromJnlpString(final String jnlpString) { + for (final RequestedPermissionLevel level : RequestedPermissionLevel.values()) { + if (level.jnlpString != null && level.jnlpString.equals(jnlpString)) { + return level; + } + } + return null; + } + + /** + * The HTML permission level corresponding to the given String. If null is given, null comes + * back. If there is no permission level that can be granted in HTML matching the given String, + * null is also returned. + * @param jnlpString the JNLP permission String + * @return the matching RequestedPermissionLevel + */ + public RequestedPermissionLevel fromHtmlString(final String htmlString) { + for (final RequestedPermissionLevel level : RequestedPermissionLevel.values()) { + if (level.htmlString != null && level.htmlString.equals(htmlString)) { + return level; + } + } + return null; + } + } + /* * We do not verify security here, the classloader deals with security */ @@ -47,6 +114,9 @@ /** J2EE permissions. */ public static final Object J2EE_PERMISSIONS = "J2SE"; + /** requested permissions type according to HTML or JNLP */ + private final RequestedPermissionLevel requestedPermissionLevel; + /** permissions type */ private Object type; @@ -147,14 +217,16 @@ * Create a security descriptor. * * @param file the JNLP file + * @param requestedPermissionLevel the permission level specified in the JNLP * @param type the type of security * @param downloadHost the download host (can always connect to) */ - public SecurityDesc(JNLPFile file, Object type, String downloadHost) { + public SecurityDesc(JNLPFile file, RequestedPermissionLevel requestedPermissionLevel, Object type, String downloadHost) { if (file == null) { throw new NullJnlpFileException(); } this.file = file; + this.requestedPermissionLevel = requestedPermissionLevel; this.type = type; this.downloadHost = downloadHost; @@ -165,6 +237,17 @@ } /** + * Create a security descriptor. + * + * @param file the JNLP file + * @param type the type of security + * @param downloadHost the download host (can always connect to) + */ + public SecurityDesc(JNLPFile file, Object type, String downloadHost) { + this(file, RequestedPermissionLevel.NONE, type, downloadHost); + } + + /** * Returns a Policy object that represents a custom policy to use instead * of granting {@link AllPermission} to a {@link CodeSource} * @@ -226,6 +309,13 @@ } /** + * @return the permission level requested in the JNLP + */ + public RequestedPermissionLevel getRequestedPermissionLevel() { + return requestedPermissionLevel; + } + + /** * Returns a PermissionCollection containing the sandbox permissions */ public PermissionCollection getSandBoxPermissions() {