vhardy 02/05/02 05:40:59
Modified: sources/org/apache/batik/bridge
BaseScriptingEnvironment.java
Added: sources/org/apache/batik/bridge DocumentJarClassLoader.java
Log:
Made linked jar security consistent with ECMA script security. Jar scripts can only
connect back to the document server, never to the script/jar server in case the
jar/script server is different from that of the document
Revision Changes Path
1.8 +4 -3
xml-batik/sources/org/apache/batik/bridge/BaseScriptingEnvironment.java
Index: BaseScriptingEnvironment.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/bridge/BaseScriptingEnvironment.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- BaseScriptingEnvironment.java 30 Apr 2002 08:45:14 -0000 1.7
+++ BaseScriptingEnvironment.java 2 May 2002 12:40:59 -0000 1.8
@@ -14,7 +14,6 @@
import java.io.StringReader;
import java.net.URL;
-import java.net.URLClassLoader;
import java.util.ArrayList;
import java.util.HashSet;
@@ -56,7 +55,7 @@
* This class is the base class for SVG scripting.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Stephane Hillion</a>
- * @version $Id: BaseScriptingEnvironment.java,v 1.7 2002/04/30 08:45:14 vhardy Exp
$
+ * @version $Id: BaseScriptingEnvironment.java,v 1.8 2002/05/02 12:40:59 vhardy Exp
$
*/
public class BaseScriptingEnvironment {
/**
@@ -247,8 +246,10 @@
url = new URL(url, href);
checkCompatibleScriptURL(type, url);
+ URL docURL = ((SVGOMDocument)document).getURLObject();
- URLClassLoader cll = new URLClassLoader(new URL[] { url });
+ DocumentJarClassLoader cll
+ = new DocumentJarClassLoader(url, docURL);
// Get the 'Script-Handler' entry in the manifest.
url = cll.findResource("META-INF/MANIFEST.MF");
1.1
xml-batik/sources/org/apache/batik/bridge/DocumentJarClassLoader.java
Index: DocumentJarClassLoader.java
===================================================================
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights reserved. *
* ------------------------------------------------------------------------- *
* This software is published under the terms of the Apache Software License *
* version 1.1, a copy of which has been included with this distribution in *
* the LICENSE file. *
*****************************************************************************/
package org.apache.batik.bridge;
import java.io.File;
import java.io.FilePermission;
import java.net.SocketPermission;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.AccessController;
import java.security.Permission;
import java.security.Policy;
import java.security.SecureClassLoader;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.PrivilegedAction;
import java.util.Enumeration;
/**
* This <tt>ClassLoader</tt> implementation only grants permission to
* connect back to the server from where the document referencing the
* jar file was loaded.
*
* A <tt>URLClassLoader</tt> extension is needed in case the user
* allows linked jar files to come from a different origin than
* the document referencing them.
*
* @author <a mailto="[EMAIL PROTECTED]">Vincent Hardy</a>
* @version $Id: DocumentJarClassLoader.java,v 1.1 2002/05/02 12:40:59 vhardy Exp $
*/
public class DocumentJarClassLoader extends URLClassLoader {
/**
* CodeSource for the Document which referenced the Jar file
* @see #getPermissions
*/
protected CodeSource documentCodeSource = null;
/**
* Constructor
*/
public DocumentJarClassLoader(URL jarURL,
URL documentURL){
super(new URL[]{jarURL});
if (documentURL != null) {
documentCodeSource = new CodeSource(documentURL, null);
}
}
/**
* Returns the permissions for the given codesource object.
* The implementation of this method first gets the permissions
* granted by the policy, and then adds additional permissions
* based on the URL of the codesource.
* <p>
* Then, if the documentURL passed at construction time is
* not null, the permissions granted to that URL are added.
*
* As a result, the jar file code will only be able to
* connect to the server which served the document.
*
* @param codesource the codesource
* @return the permissions granted to the codesource
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
// First, get the permissions which may be granted
// through the policy file(s)
Policy p = Policy.getPolicy();
PermissionCollection pc = null;
if (p != null) {
pc = p.getPermissions(codesource);
}
// Now, add permissions if the documentCodeSource is not null
if (documentCodeSource != null){
PermissionCollection urlPC
= super.getPermissions(documentCodeSource);
if (pc != null) {
Enumeration items = urlPC.elements();
while (items.hasMoreElements()) {
pc.add((Permission)(items.nextElement()));
}
} else {
pc = urlPC;
}
}
return pc;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
