Mercurial > hg > release > icedtea6-1.7

changeset 1946:51be5c90d1d1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge
author Andrew John Hughes <ahughes@redhat.com>
date Wed, 21 Jul 2010 18:20:30 +0100
parents fd1a03a89469 (current diff) 87c67dea5e0a (diff)
children 37bf993565d7
files ChangeLog
diffstat 3 files changed, 27 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Jul 21 18:17:59 2010 +0100
+++ b/ChangeLog	Wed Jul 21 18:20:30 2010 +0100
@@ -2,6 +2,14 @@
 
 	* README: Updated.
 
+2010-07-21  Omair Majid  <omajid@redhat.com>
+
+	* netx/net/sourceforge/jnlp/resources/Messages.properties:
+	Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo.
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+	(setSecurity): Can now throw a LaunchException if the JNLP file requests
+	permissions but the jars are unsigned.
+
 2010-07-21  Andrew John Hughes  <ahughes@redhat.com>
 
 	* NEWS: Add NIO2 changes.
--- a/rt/net/sourceforge/jnlp/resources/Messages.properties	Wed Jul 21 18:17:59 2010 +0100
+++ b/rt/net/sourceforge/jnlp/resources/Messages.properties	Wed Jul 21 18:20:30 2010 +0100
@@ -50,6 +50,8 @@
 LNotLaunchableInfo=File must be a JNLP application, applet, or installer type.
 LCantDetermineMainClass=Unknown Main-Class.
 LCantDetermineMainClassInfo=Could not determine the main class for this application.
+LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars.
+LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed.
 
 JNotApplet=File is not an applet.
 JNotApplication=File is not an application.
--- a/rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Wed Jul 21 18:17:59 2010 +0100
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Wed Jul 21 18:20:30 2010 +0100
@@ -185,15 +185,23 @@
 			}
 		} else { //regular jnlp file
 			
-			/**
-			 * If the application is signed, then we set the SecurityDesc to the
-			 * <security> tag in the jnlp file. Note that if an application is
-			 * signed, but there is no <security> tag in the jnlp file, the
-			 * application will get sandbox permissions.
-			 * If the application is unsigned, we ignore the <security> tag and 
-			 * use a sandbox instead. 
-			 */
-			if (signing == true) {
+            /*
+             * Various combinations of the jars being signed and <security> tags being
+             * present are possible. They are treated as follows
+             * 
+             * Jars          JNLP File         Result
+             * 
+             * Signed        <security>        Appropriate Permissions
+             * Signed        no <security>     Sandbox
+             * Unsigned      <security>        Error
+             * Unsigned      no <security>     Sandbox
+             * 
+             */
+
+            if (!file.getSecurity().getSecurityType().equals(SecurityDesc.SANDBOX_PERMISSIONS) && !signing) {
+                throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo"));
+            }
+            else if (signing == true) {
 				this.security = file.getSecurity();
 			} else {
 				this.security = new SecurityDesc(file,