Mercurial > hg > release > icedtea-web-1.8
changeset 1242:cedb9509df43
Updated NEWS, added javadoc fo security package. Added changelog entry for last commit
* NEWS: mentioned major work in last month and half
* netx/net/sourceforge/jnlp/security/package-info.java: new file, describing flow of SecurityDialogMessage
* ChangeLog: added content to previous item
author | Jiri Vanek <jvanek@redhat.com> |
---|---|
date | Mon, 15 Jun 2015 12:44:41 +0200 |
parents | 0afcc93fb7fb |
children | f79e6b8cde0c |
files | ChangeLog NEWS netx/net/sourceforge/jnlp/security/package-info.java |
diffstat | 3 files changed, 204 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Jun 12 16:49:07 2015 +0200 +++ b/ChangeLog Mon Jun 15 12:44:41 2015 +0200 @@ -1,7 +1,107 @@ +2015-06-12 Jiri Vanek <jvanek@redhat.com> + + Updated NEWS, added javadoc fo security package. Added changelog entry for last commit + * NEWS: mentioned major work in last month and half + * netx/net/sourceforge/jnlp/security/package-info.java: new file, describing + flow of SecurityDialogMessage + * ChangeLog: added content to previous item + 2015-06-12 Jiri Vanek <jvanek@redhat.com> Implemented general solution for remembering of various dialogues - * todo: changelog and javadoc and news + * netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java: + removed columns for separate remember actions. Replaced by single column with all + remembered actions. + * netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java: + same + * netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java: + same + * netx/net/sourceforge/jnlp/resources/Messages.properties: removed + APPEXTSECunsetAppletAction, APPEXTSECguiTableModelTableColumnActionUA, + APPEXTSECguiTableModelTableColumnActionMatchALACA + added APPEXTSECguiTableModelTableColumnRD + * netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java: added null check + for ics + * netx/net/sourceforge/jnlp/security/SecurityDialogMessageHandler.java: removed + final keyword from class definition. Extension is necessary for testing. + (handleMessage) made protected and added logic for remembering actions. + Unlocking of message moved to unlockMessagesClient method. + * netx/net/sourceforge/jnlp/security/SecurityDialogs.java: (showPartiallySignedWarningDialog) + moved to return YesNoSandbox + * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java: same in + (doPrivileged) + * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java: + adapted imports + * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java: + All usages of id retyped from int to Class extends RememberableDialog + * netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java: + same + * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java: + Class rewritten to handle new saving/loading schema. Support for legacy structure kept. + * netx/net/sourceforge/jnlp/security/dialogresults/AccessWarningPaneComplexReturn.java: + adapted to be able to read various malformed shortcut definitions. Removed RemeberType + * netx/net/sourceforge/jnlp/security/dialogresults/BasicDialogValue.java: + added various equals and hashcode methods. + * netx/net/sourceforge/jnlp/security/dialogresults/Yes.java: + made extendable, added toString + * netx/net/sourceforge/jnlp/security/dialogresults/YesCancel.java: + extends Yes + * netx/net/sourceforge/jnlp/security/dialogresults/YesNo.java: + extends Yes + * netx/net/sourceforge/jnlp/security/dialogresults/YesNoCancel.java: + extends YesNo + * netx/net/sourceforge/jnlp/security/dialogresults/YesNoSandbox.java: + extends YesNo + * netx/net/sourceforge/jnlp/security/dialogresults/YesNoSandboxLimited.java: + New class. Extends YesNoSandbox, but accept only YesNo by default. Used in + AppTrustWarningPanel, which by default accept only YES and NO, but is extended + by PartiallySignedAppTrustWarningPanel, which add also SANDBOX. + * netx/net/sourceforge/jnlp/security/dialogs/AccessWarningPane.java: + implements RememberableDialog, removed RemeberType usage + * netx/net/sourceforge/jnlp/security/dialogs/MissingALACAttributePanel.java: + implements RememberableDialog + * netx/net/sourceforge/jnlp/security/dialogs/MissingPermissionsAttributePanel.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/MatchingALACAttributePanel.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java: + uses class instead of id in additional info obtaining methods. + * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/UnsignedAppletTrustWarningPanel.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/remember/ActionChoiceListener.java: + removed,useless + * netx/net/sourceforge/jnlp/security/dialogs/remember/AppSigningWarningAction.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/remember/AppletSecurityActions.java: + Class rewritten to handle new saving/loading schema. Support for legacy structure kept. + * netx/net/sourceforge/jnlp/security/dialogs/remember/ExecuteAppletAction.java: + removed Sandbox and Unset support. + * netx/net/sourceforge/jnlp/security/dialogs/remember/RemeberActionProvider.java: + new file, general interface to provide values for remembering/ + * netx/net/sourceforge/jnlp/security/dialogs/remember/RememberDialog.java: + new file for general utility methods for remembering logic. + * netx/net/sourceforge/jnlp/security/dialogs/remember/RememberPanel.java: + cleaned from legacy code + * netx/net/sourceforge/jnlp/security/dialogs/remember/RememberPanelResult.java: + new file. Keeper of remembered information. + * netx/net/sourceforge/jnlp/security/dialogs/remember/RememberableDialog.java: + interface identifying rememberable panels. + * netx/net/sourceforge/jnlp/security/dialogs/remember/SavedRememberAction.java: + new class. Wrapper around remembered value and remembered decision. + * netx/net/sourceforge/jnlp/services/ServiceUtil.java: + adapted call to showAccessWarningDialog + * tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java: + Added tests for saved actions, adapted old tests + * tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/LegacyUnsignedAppletActionStorageImplTest.java: + copy of original UnsignedAppletActionStorageImplTest + * tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java: + new file, tests for parser of new schema + * tests/netx/unit/net/sourceforge/jnlp/security/dialogs/remember/AppletSecurityActionsTest.java: + adapted to new methods. + * tests/netx/unit/net/sourceforge/jnlp/util/XDesktopEntryTest.java: adapted + 2015-06-11 Jiri Vanek <jvanek@redhat.com>
--- a/NEWS Fri Jun 12 16:49:07 2015 +0200 +++ b/NEWS Mon Jun 15 12:44:41 2015 +0200 @@ -9,6 +9,23 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release 1.7 (2015-XX-XX): +* comments in deployment.properties now should persists load/save +* fixed bug in caching of files with query +* fixed issues with recreating of existing shortcut +* trustAll/trustNone now processed correctly +* headless no longer shows dialogues +* more dialogs got remember me possibility + - MissingALACAttributePanel + - AccessWarning + - MissingPermissionsAttributePanel + - MatchingALACAttributePanel + - UnsignedAppletTrustWarningPanel + - PartiallySignedAppTrustWarningPanel +* NetX + - fixed issues with -html shortcuts + - fixed issue with -html receiving garbage in width and height +* PolicyEditor + - file flag made to work when used standalone New in release 1.6 (2015-XX-XX): * Massively improved offline abilities. Added Xoffline switch to force work without inet connection.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/netx/net/sourceforge/jnlp/security/package-info.java Mon Jun 15 12:44:41 2015 +0200 @@ -0,0 +1,86 @@ +/* package-info.java + Copyright (C) 2015 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify it under the +terms of the GNU General Public License as published by the Free Software +Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is making a +combined work based on this library. Thus, the terms and conditions of the GNU +General Public License cover the whole combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent modules, and +to copy and distribute the resulting executable under terms of your choice, +provided that you also meet, for each linked independent module, the terms and +conditions of the license of that module. An independent module is a module +which is not derived from or based on this library. If you modify this library, +you may extend this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this exception +statement from your version.*/ +/** + *<pre> + ITW-thread(s) | dialogs-thread X + | X + presteps in SecurtyDialogs | X + # eg handle trustall/none | X + | | X + prepare message | X + # set JNLPfile | X + # set type of dialog | X + see | X + # extrass... | X + # lock | X + | | X + post message to queue | X + | >------------------------------------> | <----------------------------------------------------------------------------------------------------------------------------| X + wait for result from | read message from queue | X + getUserResponse(lock lock)| | | X + | create instance of dialogue | X + | | | X + | acording to type of dialogue, create and place panel (this is important, panel is keeper of rememberable decission) | X + | | | X + | if panel is instance of RememberableDialogue | X + | else then | X + | | | | X + | | check whether this applet+action was already stored and pernamently remembered in .appletSecurity | X + | | no yes | X + | |<-------------------------| | | X + | | | | X + | | | | X + | | | | X + | | | | X + | add closing and disposing listener(s) to button(s) | | X + | | * set return value to listner? | | X + | | | | X + | accordingo to set value, set default selected button? | | X + | | | | X + | if his applet+action was already stored in .appletSecurity include text approved/denyed and when | | X + | | | | X + | wait for user to click buttton or close dialogue | | X + | | | | X + | --> set selected value (via listener?) to message, dispose dialog -> <- set stored value to message <-| | X + | | | X + | if panel is instance of RememberableDialogue crate new, update old(date/decission,jars...) record in .appletSecurity | X + | | | X + | <------------------------------------------------------------------------------------------< unlock lock of this messge >--------------------------------------------| X + read result from message | X + | | X + continue accordingly | X + X + + *</pre> + */ +package net.sourceforge.jnlp.security;