Mercurial > hg > release > icedtea-web-1.6
changeset 255:6ffc4d00a43f
Allows trusted application to access PersistenceService data from other hosts.
author | Saad Mohammad <smohammad@redhat.com> |
---|---|
date | Thu, 09 Jun 2011 17:11:34 -0400 |
parents | 179a8db14d70 |
children | 6b46e55a8854 |
files | AUTHORS ChangeLog netx/net/sourceforge/jnlp/services/ServiceUtil.java netx/net/sourceforge/jnlp/services/XPersistenceService.java |
diffstat | 4 files changed, 68 insertions(+), 34 deletions(-) [+] |
line wrap: on
line diff
--- a/AUTHORS Thu Jun 09 13:26:39 2011 -0400 +++ b/AUTHORS Thu Jun 09 17:11:34 2011 -0400 @@ -11,6 +11,7 @@ DJ Lucas <dj@lucasit.com> Omair Majid <omajid@redhat.com> Jon A. Maxwell <jmaxwell@users.sourceforge.net> +Saad Mohammad <smohammad@redhat.com> Andrew Su <asu@redhat.com> Joshua Sumali <jsumali@redhat.com> Mark Wielaard <mark@klomp.org>
--- a/ChangeLog Thu Jun 09 13:26:39 2011 -0400 +++ b/ChangeLog Thu Jun 09 17:11:34 2011 -0400 @@ -1,3 +1,14 @@ +2011-06-08 Saad Mohammad <smohammad@redhat.com> + + * AUTHORS: Updated + * netx/net/sourceforge/jnlp/services/ServiceUtil.java + (checkAccess): Moved the process of checking if the application is a trusted + application to a new method called isSigned(). + * netx/net/sourceforge/jnlp/services/XPersistenceService.java + (checkLocation): Allows trusted application to have access to + PersistenceService data from different hosts. It uses ServiceUtil.isSigned() + to determine if the current application is a trusted application. + 2011-06-08 Andrew Su <asu@redhat.com> * NEWS: Updated.
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java Thu Jun 09 13:26:39 2011 -0400 +++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java Thu Jun 09 17:11:34 2011 -0400 @@ -235,41 +235,15 @@ public static boolean checkAccess(ApplicationInstance app, AccessType type, Object... extras) { - if (app == null) - app = JNLPRuntime.getApplication(); - - boolean codeTrusted = true; - - StackTraceElement[] stack = Thread.currentThread().getStackTrace(); - - for (int i = 0; i < stack.length; i++) { - - Class c = null; + boolean trusted = isSigned(app); - try { - c = Class.forName(stack[i].getClassName()); - } catch (Exception e1) { - try { - c = Class.forName(stack[i].getClassName(), false, app.getClassLoader()); - } catch (Exception e2) { - System.err.println(e2.getMessage()); - } - } - - // Everything up to the desired class/method must be trusted - if (c == null || // class not found - (c.getProtectionDomain().getCodeSource() != null && // class is not in bootclasspath - c.getProtectionDomain().getCodeSource().getCodeSigners() == null) // class is trusted - ) { - codeTrusted = false; - } - } - - if (!codeTrusted) { + if (!trusted) { if (!shouldPromptUser()) { return false; } + if (app == null) + app = JNLPRuntime.getApplication(); final AccessType tmpType = type; final Object[] tmpExtras = extras; @@ -307,5 +281,48 @@ } }); } + + /** + * Returns whether the app requesting a JNLP service is a trusted + * application + * + * @param app + * the application which is requesting the check. If null, the + * current application is used. + * @return true, if the app is a trusted application; false otherwise + */ + + public static boolean isSigned(ApplicationInstance app) { + + if (app == null) + app = JNLPRuntime.getApplication(); + + StackTraceElement[] stack = Thread.currentThread().getStackTrace(); + + for (int i = 0; i < stack.length; i++) { + + Class c = null; + + try { + c = Class.forName(stack[i].getClassName()); + } catch (Exception e1) { + try { + c = Class.forName(stack[i].getClassName(), false, + app.getClassLoader()); + } catch (Exception e2) { + System.err.println(e2.getMessage()); + } + } + + // Everything up to the desired class/method must be trusted + if (c == null || // class not found + (c.getProtectionDomain().getCodeSource() != null && // class is not in bootclasspath + c.getProtectionDomain().getCodeSource().getCodeSigners() == null) // class is trusted + ) { + return false; + } + } + return true; + } }
--- a/netx/net/sourceforge/jnlp/services/XPersistenceService.java Thu Jun 09 13:26:39 2011 -0400 +++ b/netx/net/sourceforge/jnlp/services/XPersistenceService.java Thu Jun 09 17:11:34 2011 -0400 @@ -52,9 +52,12 @@ throw new MalformedURLException("Cannot determine the current application."); URL source = app.getJNLPFile().getCodeBase(); + + if (!source.getHost().equalsIgnoreCase(location.getHost()) + && !ServiceUtil.isSigned(app)) // Allow trusted application to have access to data from a different host + throw new MalformedURLException( + "Untrusted application cannot access data from a different host."); - if (!source.getHost().equalsIgnoreCase(location.getHost())) - throw new MalformedURLException("Cannot access data from a different host."); // test for above codebase, not perfect but works for now @@ -69,8 +72,10 @@ System.out.println("request path: " + requestPath); } - if (!source.getFile().startsWith(requestPath)) - throw new MalformedURLException("Cannot access data below source URL path."); + if (!source.getFile().startsWith(requestPath) + && !ServiceUtil.isSigned(app)) // Allow trusted application to have access to data below source URL path + throw new MalformedURLException( + "Cannot access data below source URL path."); } /**