Mercurial > hg > release > icedtea6-1.7
changeset 1946:51be5c90d1d1
Merge
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Wed, 21 Jul 2010 18:20:30 +0100 |
parents | fd1a03a89469 (current diff) 87c67dea5e0a (diff) |
children | 37bf993565d7 |
files | ChangeLog |
diffstat | 3 files changed, 27 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jul 21 18:17:59 2010 +0100 +++ b/ChangeLog Wed Jul 21 18:20:30 2010 +0100 @@ -2,6 +2,14 @@ * README: Updated. +2010-07-21 Omair Majid <omajid@redhat.com> + + * netx/net/sourceforge/jnlp/resources/Messages.properties: + Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo. + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java + (setSecurity): Can now throw a LaunchException if the JNLP file requests + permissions but the jars are unsigned. + 2010-07-21 Andrew John Hughes <ahughes@redhat.com> * NEWS: Add NIO2 changes.
--- a/rt/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 21 18:17:59 2010 +0100 +++ b/rt/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 21 18:20:30 2010 +0100 @@ -50,6 +50,8 @@ LNotLaunchableInfo=File must be a JNLP application, applet, or installer type. LCantDetermineMainClass=Unknown Main-Class. LCantDetermineMainClassInfo=Could not determine the main class for this application. +LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars. +LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed. JNotApplet=File is not an applet. JNotApplication=File is not an application.
--- a/rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 21 18:17:59 2010 +0100 +++ b/rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 21 18:20:30 2010 +0100 @@ -185,15 +185,23 @@ } } else { //regular jnlp file - /** - * If the application is signed, then we set the SecurityDesc to the - * <security> tag in the jnlp file. Note that if an application is - * signed, but there is no <security> tag in the jnlp file, the - * application will get sandbox permissions. - * If the application is unsigned, we ignore the <security> tag and - * use a sandbox instead. - */ - if (signing == true) { + /* + * Various combinations of the jars being signed and <security> tags being + * present are possible. They are treated as follows + * + * Jars JNLP File Result + * + * Signed <security> Appropriate Permissions + * Signed no <security> Sandbox + * Unsigned <security> Error + * Unsigned no <security> Sandbox + * + */ + + if (!file.getSecurity().getSecurityType().equals(SecurityDesc.SANDBOX_PERMISSIONS) && !signing) { + throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo")); + } + else if (signing == true) { this.security = file.getSecurity(); } else { this.security = new SecurityDesc(file,