cvs commit: xml-batik/sources/org/apache/batik/apps/svgbrowser Main.java

Thu, 02 May 2002 08:28:44 -0700 

vhardy      02/05/02 08:46:27

  Modified:    resources/org/apache/batik/apps/svgbrowser/resources
                        svgbrowser.bin.policy svgbrowser.policy
               resources/org/apache/batik/util/resources
                        Messages.properties
               sources/org/apache/batik/apps/rasterizer Main.java
               sources/org/apache/batik/apps/svgbrowser Main.java
  Added:       resources/org/apache/batik/apps/rasterizer/resources
                        rasterizer.bin.policy rasterizer.policy
               sources/org/apache/batik/util
                        ApplicationSecurityEnforcer.java Messages.java
  Log:
  Created utility to let class easily enforce script security. This is now used by the 
browser and the rasterizer
  
  Revision  Changes    Path
  1.1                  
xml-batik/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy
  
  Index: rasterizer.bin.policy
  ===================================================================
  grant codeBase "${app.jar.base}/classes/" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/crimson-parser.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/batik-rasterizer.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-ext.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-dom.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-css.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-svg-dom.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-gvt.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-parser.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-script.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-bridge.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-swing.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-transcoder.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-gui-util.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-awt-util.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-util.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/batik-xml.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.jar.base}/lib/js.jar" {
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.net.SocketPermission "*", "listen, connect, resolve, accept";
  };
  
  
  
  
  1.1                  
xml-batik/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.policy
  
  Index: rasterizer.policy
  ===================================================================
  /* AUTOMATICALLY GENERATED ON Wed Apr 17 13:44:15 CEST 2002*/
  /* DO NOT EDIT */
  
  grant codeBase "${app.dev.base}/classes/" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.dev.base}/lib/crimson-parser.jar" {
    permission java.security.AllPermission;
  };
  
  grant codeBase "${app.dev.base}/lib/js.jar" {
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.net.SocketPermission "*", "listen, connect, resolve, accept";
  };
  
  
  
  
  
  
  1.3       +18 -18    
xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy
  
  Index: svgbrowser.bin.policy
  ===================================================================
  RCS file: 
/home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- svgbrowser.bin.policy     30 Apr 2002 15:05:18 -0000      1.2
  +++ svgbrowser.bin.policy     2 May 2002 15:46:26 -0000       1.3
  @@ -1,72 +1,72 @@
  -grant codeBase "${squiggle.jar.base}/classes/" {
  +grant codeBase "${app.jar.base}/classes/" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/crimson-parser.jar" {
  +grant codeBase "${app.jar.base}/lib/crimson-parser.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/batik-svgbrowser.jar" {
  +grant codeBase "${app.jar.base}/batik-svgbrowser.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-ext.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-ext.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-dom.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-dom.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-css.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-css.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-svg-dom.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-svg-dom.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-gvt.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-gvt.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-parser.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-parser.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-script.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-script.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-bridge.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-bridge.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-swing.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-swing.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-transcoder.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-transcoder.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-gui-util.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-gui-util.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-awt-util.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-awt-util.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-util.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-util.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/batik-xml.jar" {
  +grant codeBase "${app.jar.base}/lib/batik-xml.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.jar.base}/lib/js.jar" {
  +grant codeBase "${app.jar.base}/lib/js.jar" {
     permission java.lang.RuntimePermission "createClassLoader";
     permission java.net.SocketPermission "*", "listen, connect, resolve, accept";
   };
  
  
  
  1.3       +3 -3      
xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy
  
  Index: svgbrowser.policy
  ===================================================================
  RCS file: 
/home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- svgbrowser.policy 30 Apr 2002 15:05:18 -0000      1.2
  +++ svgbrowser.policy 2 May 2002 15:46:26 -0000       1.3
  @@ -1,15 +1,15 @@
   /* AUTOMATICALLY GENERATED ON Wed Apr 17 13:44:15 CEST 2002*/
   /* DO NOT EDIT */
   
  -grant codeBase "${squiggle.dev.base}/classes/" {
  +grant codeBase "${app.dev.base}/classes/" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.dev.base}/lib/crimson-parser.jar" {
  +grant codeBase "${app.dev.base}/lib/crimson-parser.jar" {
     permission java.security.AllPermission;
   };
   
  -grant codeBase "${squiggle.dev.base}/lib/js.jar" {
  +grant codeBase "${app.dev.base}/lib/js.jar" {
     permission java.lang.RuntimePermission "createClassLoader";
     permission java.net.SocketPermission "*", "listen, connect, resolve, accept";
   };
  
  
  
  1.1                  
xml-batik/sources/org/apache/batik/util/ApplicationSecurityEnforcer.java
  
  Index: ApplicationSecurityEnforcer.java
  ===================================================================
  /*****************************************************************************
   * Copyright (C) The Apache Software Foundation. All rights reserved.        *
   * ------------------------------------------------------------------------- *
   * This software is published under the terms of the Apache Software License *
   * version 1.1, a copy of which has been included with this distribution in  *
   * the LICENSE file.                                                         *
   *****************************************************************************/
  
  package org.apache.batik.util;
  
  import java.net.URL;
  
  import java.security.Policy;
  
  /**
   * This is a helper class which helps applications enforce secure
   * script execution.
   * <br />
   * It is used by the Squiggle browser as well as the rasterizer.
   * <br />
   * This class can install a <tt>SecurityManager</tt> for an application
   * and resolves whether the application runs in a development
   * environment or from a jar file (in other words, it resolves code-base
   * issues for the application).
   * <br />
   *
   * @author <a mailto="[EMAIL PROTECTED]">Vincent Hardy</a>
   * @version $Id: ApplicationSecurityEnforcer.java,v 1.1 2002/05/02 15:46:26 vhardy 
Exp $
   */
  public class ApplicationSecurityEnforcer {
      /**
       * Message for the SecurityException thrown when there is already
       * a SecurityManager installed at the time Squiggle tries
       * to install its own security settings.
       */
      public static final String EXCEPTION_ALIEN_SECURITY_MANAGER
          = 
"ApplicationSecurityEnforcer.message.security.exception.alien.security.manager";
  
      /**
       * Message for the NullPointerException thrown when no policy
       * file can be found.
       */
      public static final String EXCEPTION_NO_POLICY_FILE
          = 
"ApplicationSecurityEnforcer.message.null.pointer.exception.no.policy.file";
  
      /**
       * System property for specifying an additional policy file.
       */
      public static final String PROPERTY_JAVA_SECURITY_POLICY 
          = "java.security.policy";
  
      /**
       * Files in a jar file have a URL with the jar protocol
       */
      public static final String JAR_PROTOCOL
          = "jar:";
  
      /**
       * Used in jar file urls to separate the jar file name 
       * from the referenced file
       */
      public static final String JAR_URL_FILE_SEPARATOR
          = "!/";
  
      /**
       * System property for App's development base directory
       */
      public static final String PROPERTY_APP_DEV_BASE
          = "app.dev.base";
  
      /**
       * System property for App's jars base directory
       */
      public static final String PROPERTY_APP_JAR_BASE
          = "app.jar.base";
  
      /**
       * Directory where classes are expanded in the development
       * version
       */
      public static final String APP_MAIN_CLASS_DIR
          = "classes/";
  
      /**
       * The application's main entry point
       */
      protected Class appMainClass;
  
      /**
       * The application's security policy
       */
      protected String securityPolicy;
  
      /**
       * The jar file into which the application is packaged
       */
      protected String appJarFile;
  
      /**
       * The resource name for the application's main class
       */
      protected String appMainClassRelativeURL;
  
      /**
       * Keeps track of the last SecurityManager installed
       */
      protected SecurityManager lastSecurityManagerInstalled;
  
      /**
       * @param appClass class of the applications's main entry point
       * @param securityPolicy resource for the security policy which 
       *        should be enforced for the application. 
       * @param appJarFile the Jar file into which the application is
       *        packaged.
       */
      public ApplicationSecurityEnforcer(Class appMainClass,
                                         String securityPolicy,
                                         String appJarFile){
          this.appMainClass = appMainClass;
          this.securityPolicy = securityPolicy;
          this.appJarFile = appJarFile;
          this.appMainClassRelativeURL = 
              appMainClass.getName().replace('.', '/')
              +
              ".class";
              
      }
  
      /**
       * Enforces security by installing a <tt>SecurityManager</tt>.
       * This will throw a <tt>SecurityException</tt> if installing
       * a <tt>SecurityManager</tt> requires overriding an existing
       * <tt>SecurityManager</tt>. In other words, this method will 
       * not install a new <tt>SecurityManager</tt> if there is 
       * already one it did not install in place.
       */
      public void enforceSecurity(boolean enforce){
          SecurityManager sm = System.getSecurityManager();
          if (sm != null && sm != lastSecurityManagerInstalled) {
              // Throw a Security exception: we do not want to override
              // an 'alien' SecurityManager with either null or 
              // a new SecurityManager.
              throw new SecurityException
                  (Messages.getString(EXCEPTION_ALIEN_SECURITY_MANAGER));
          }
          
          if (enforce) {
              // We want to install a SecurityManager.
              if (sm == null) {
                  installSecurityManager();
              }
          } else {
              if (sm != null) {
                  System.setSecurityManager(null);
                  lastSecurityManagerInstalled = null;
              }
          }
      }
  
      /**
       * Installs a SecurityManager on behalf of the application
       */
      public void installSecurityManager(){
          Policy policy = Policy.getPolicy();
          SecurityManager securityManager = new SecurityManager();
  
          // Specify app's security policy in the
          // system property. 
          ClassLoader cl = appMainClass.getClassLoader();
          URL url = cl.getResource(securityPolicy);
  
          if (url == null) {
              throw new NullPointerException
                  (Messages.formatMessage(EXCEPTION_NO_POLICY_FILE,
                                          new Object[]{securityPolicy}));
          }
  
          System.setProperty(PROPERTY_JAVA_SECURITY_POLICY,
                             url.toString());
  
          // 
          // The following detects whether the application is running in the
          // development environment, in which case it will set the 
          // app.dev.base property or if it is running in the binary
          // distribution, in which case it will set the app.jar.base
          // property. These properties are expanded in the security 
          // policy files.
          // Property expansion is used to provide portability of the 
          // policy files between various code bases (e.g., file base,
          // server base, etc..).
          //
          url = cl.getResource(appMainClassRelativeURL);
          if (url == null){
              // Something is really wrong: we would be running a class
              // which can't be found....
              throw new Error(appMainClassRelativeURL);
          }
          
          String expandedMainClassName = url.toString();
          if (expandedMainClassName.startsWith(JAR_PROTOCOL) ) {
              setJarBase(expandedMainClassName);
          } else {
              setDevBase(expandedMainClassName);
          }
          
          // Install new security manager
          System.setSecurityManager(securityManager);
          lastSecurityManagerInstalled = securityManager;
  
          // Forces re-loading of the security policy
          policy.refresh();
  
          System.out.println("Enforcing secure script execution");
      }
  
      private void setJarBase(String expandedMainClassName){
          expandedMainClassName = 
expandedMainClassName.substring(JAR_PROTOCOL.length());
  
          int codeBaseEnd = 
              expandedMainClassName.indexOf(appJarFile +
                                            JAR_URL_FILE_SEPARATOR +
                                            appMainClassRelativeURL);
  
          if (codeBaseEnd == -1){
              // Something is seriously wrong. This should *never* happen
              // as the APP_SECURITY_POLICY_URL is such that it will be
              // a substring of its corresponding URL value
              throw new Error();
          }
  
          String appCodeBase = expandedMainClassName.substring(0, codeBaseEnd);
          System.setProperty(PROPERTY_APP_JAR_BASE, appCodeBase);
      }
  
      /**
       * Position the app.dev.base property for expansion in 
       * the policy file used when App is running in its 
       * development version
       */
      private void setDevBase(String expandedMainClassName){
          int codeBaseEnd = 
              expandedMainClassName.indexOf(APP_MAIN_CLASS_DIR + 
                                            appMainClassRelativeURL);
  
          if (codeBaseEnd == -1){
              // Something is seriously wrong. This should *never* happen
              // as the APP_SECURITY_POLICY_URL is such that it will be
              // a substring of its corresponding URL value
              throw new Error();
          }
  
          String appCodeBase = expandedMainClassName.substring(0, codeBaseEnd);
          System.setProperty(PROPERTY_APP_DEV_BASE, appCodeBase);
      }
  
  
  }
  
  
  
  
  1.1                  xml-batik/sources/org/apache/batik/util/Messages.java
  
  Index: Messages.java
  ===================================================================
  /*****************************************************************************
   * Copyright (C) The Apache Software Foundation. All rights reserved.        *
   * ------------------------------------------------------------------------- *
   * This software is published under the terms of the Apache Software License *
   * version 1.1, a copy of which has been included with this distribution in  *
   * the LICENSE file.                                                         *
   *****************************************************************************/
  
  package org.apache.batik.util;
  
  import java.util.Locale;
  import java.util.MissingResourceException;
  import org.apache.batik.i18n.Localizable;
  import org.apache.batik.i18n.LocalizableSupport;
  import org.apache.batik.util.gui.resource.ResourceManager;
  
  /**
   * This class manages the message for the security utilities
   *
   * @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
   * @version $Id: Messages.java,v 1.1 2002/05/02 15:46:26 vhardy Exp $
   */
  public class Messages {
  
      /**
       * This class does not need to be instantiated.
       */
      protected Messages() { }
  
      /**
       * The error messages bundle class name.
       */
      protected final static String RESOURCES =
          "org.apache.batik.util.security.resources.Messages";
  
      /**
       * The localizable support for the error messages.
       */
      protected static LocalizableSupport localizableSupport =
          new LocalizableSupport(RESOURCES);
  
      /**
       * The resource manager to decode messages.
       */
      protected static ResourceManager resourceManager =
          new ResourceManager(localizableSupport.getResourceBundle());
  
      /**
       * Implements {@link org.apache.batik.i18n.Localizable#setLocale(Locale)}.
       */
      public static void setLocale(Locale l) {
          localizableSupport.setLocale(l);
          resourceManager = new 
ResourceManager(localizableSupport.getResourceBundle());
      }
  
      /**
       * Implements {@link org.apache.batik.i18n.Localizable#getLocale()}.
       */
      public static Locale getLocale() {
          return localizableSupport.getLocale();
      }
  
      /**
       * Implements {@link
       * org.apache.batik.i18n.Localizable#formatMessage(String,Object[])}.
       */
      public static String formatMessage(String key, Object[] args)
          throws MissingResourceException {
          return localizableSupport.formatMessage(key, args);
      }
  
      public static String getString(String key)
          throws MissingResourceException {
          return resourceManager.getString(key);
      }
  
      public static int getInteger(String key) 
          throws MissingResourceException {
          return resourceManager.getInteger(key);
      }
  
      public static int getCharacter(String key)
          throws MissingResourceException {
          return resourceManager.getCharacter(key);
      }
  }
  
  
  
  1.3       +15 -2     
xml-batik/resources/org/apache/batik/util/resources/Messages.properties
  
  Index: Messages.properties
  ===================================================================
  RCS file: 
/home/cvs/xml-batik/resources/org/apache/batik/util/resources/Messages.properties,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- Messages.properties       24 Nov 2000 10:43:43 -0000      1.2
  +++ Messages.properties       2 May 2002 15:46:26 -0000       1.3
  @@ -6,14 +6,27 @@
   # the LICENSE file.                                                         #
   #############################################################################
   #
  -# The error messages for the bridge.
  +# The error messages for the utility package
   #
   # Author: Thierry Kormann
   #
   
  -### UnitProcessor ###
  +#
  +# UnitProcessor
  +#
   
   invalid.svg.unit=The given unit is invalid : {0}
   invalid.css.unit=The given CSS unit is invalid : {0}
   
  +
  +#
  +# Security Enforcer 
  +#
  +
  +ApplicationSecurityEnforcer.message.security.exception.alien.security.manager=\
  +The application cannot install or remove a security manager when there is \
  +already one it place that it did not install.
  +
  +ApplicationSecurityEnforcer.message.null.pointer.exception.no.policy.file=\
  +The application could not load the specificed security policy ({0})
   
  
  
  
  1.18      +30 -1     xml-batik/sources/org/apache/batik/apps/rasterizer/Main.java
  
  Index: Main.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/rasterizer/Main.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- Main.java 7 Mar 2002 09:02:56 -0000       1.17
  +++ Main.java 2 May 2002 15:46:26 -0000       1.18
  @@ -28,6 +28,7 @@
   import java.util.StringTokenizer;
   import java.net.URL;
   import java.net.MalformedURLException;
  +
   import org.apache.batik.transcoder.TranscoderInput;
   import org.apache.batik.transcoder.TranscoderOutput;
   import org.apache.batik.transcoder.image.ImageTranscoder;
  @@ -35,6 +36,9 @@
   import org.apache.batik.transcoder.image.JPEGTranscoder;
   import org.apache.batik.transcoder.image.PNGTranscoder;
   import org.apache.batik.transcoder.image.TIFFTranscoder;
  +
  +import org.apache.batik.util.ApplicationSecurityEnforcer;
  +
   import org.xml.sax.InputSource;
   
   /**
  @@ -46,10 +50,22 @@
    * <tt>SVGConverter</tt> which is used to perform the conversion.
    *
    * @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
  - * @version $Id: Main.java,v 1.17 2002/03/07 09:02:56 tkormann Exp $
  + * @version $Id: Main.java,v 1.18 2002/05/02 15:46:26 vhardy Exp $
    */
   public class Main implements SVGConverterController {
       /**
  +     * Name of the rasterizer jar file
  +     */
  +    public static final String RASTERIZER_JAR_NAME
  +        = "batik-rasterizer.jar";
  +
  +    /**
  +     * URL for Squiggle's security policy file
  +     */
  +    public static final String RASTERIZER_SECURITY_POLICY
  +        = "org/apache/batik/apps/rasterizer/resources/rasterizer.policy"; 
  +
  +    /**
        * Interface for handling one command line option
        */
       public static interface OptionHandler {
  @@ -629,11 +645,24 @@
        */
       protected Vector args;
   
  +    /**
  +     * Script security enforcement is delegated to the 
  +     * security utility 
  +     */
  +    protected ApplicationSecurityEnforcer securityEnforcer;
  +
       public Main(String[] args){
           this.args = new Vector();
           for (int i=0; i<args.length; i++){
               this.args.addElement(args[i]);
           }
  +
  +        securityEnforcer = 
  +            new ApplicationSecurityEnforcer(this.getClass(),
  +                                            RASTERIZER_SECURITY_POLICY,
  +                                            RASTERIZER_JAR_NAME);
  +
  +        securityEnforcer.enforceSecurity(true);
       }
   
       protected void error(String errorCode,
  
  
  
  1.30      +24 -217   xml-batik/sources/org/apache/batik/apps/svgbrowser/Main.java
  
  Index: Main.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/Main.java,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -r1.29 -r1.30
  --- Main.java 30 Apr 2002 08:45:14 -0000      1.29
  +++ Main.java 2 May 2002 15:46:26 -0000       1.30
  @@ -51,13 +51,14 @@
   import org.apache.batik.util.XMLResourceDescriptor;
   import org.apache.batik.util.SVGConstants;
   
  +import org.apache.batik.util.ApplicationSecurityEnforcer;
   import org.apache.batik.util.gui.resource.ResourceManager;
   
   /**
    * This class contains the main method of an SVG viewer.
    *
    * @author <a href="mailto:[EMAIL PROTECTED]";>Stephane Hillion</a>
  - * @version $Id: Main.java,v 1.29 2002/04/30 08:45:14 vhardy Exp $
  + * @version $Id: Main.java,v 1.30 2002/05/02 15:46:26 vhardy Exp $
    */
   public class Main implements Application {
       /**
  @@ -83,81 +84,16 @@
           "org.apache.batik.apps.svgbrowser.resources.Main";
   
       /**
  -     * Message for the SecurityException thrown when there is already
  -     * a SecurityManager installed at the time Squiggle tries
  -     * to install its own security settings.
  -     */
  -    public static final String EXCEPTION_ALIEN_SECURITY_MANAGER
  -        = 
Resources.getString("Main.message.security.exception.alien.security.manager");
  -
  -    /**
  -     * Message for the NullPointerException thrown when no policy
  -     * file can be found.
  -     */
  -    public static final String EXCEPTION_NO_SQUIGGLE_POLICY_FILE
  -        = 
Resources.getString("Main.message.null.pointer.exception.no.squiggle.policy.file");
  -
  -    /**
  -     * System property for specifying an additional policy file.
  -     */
  -    public static final String PROPERTY_JAVA_SECURITY_POLICY 
  -        = "java.security.policy";
  -
  -    /**
  -     * System property for Squiggle's development base directory
  -     */
  -    public static final String PROPERTY_SQUIGGLE_DEV_BASE
  -        = "squiggle.dev.base";
  -
  -    /**
  -     * System property for Squiggle's jars base directory
  -     */
  -    public static final String PROPERTY_SQUIGGLE_JAR_BASE
  -        = "squiggle.jar.base";
  -
  -    /**
  -     * URL for Squiggle's security policy file
  -     */
  -    public static final String SQUIGGLE_SECURITY_POLICY_URL
  -        = "org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy"; // 
"resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy";
  -
  -    /**
  -     * URL for Squiggle's main class.
  -     */
  -    public static final String SQUIGGLE_MAIN_CLASS_URL
  -        = "org/apache/batik/apps/svgbrowser/Main.class"; 
  -
  -    /**
  -     * Used in jar file urls to separate the jar file name 
  -     * from the referenced file
  -     */
  -    public static final String JAR_URL_FILE_SEPARATOR
  -        = "!/";
  -
  -    /**
  -     * Files in a jar file have a URL with the jar protocol
  -     */
  -    public static final String JAR_PROTOCOL
  -        = "jar:";
  -
  -    /**
  -     * Directory where classes are expanded in the development
  -     * version
  -     */
  -    public static final String SQUIGGLE_MAIN_CLASS_DIR
  -        = "classes/";
  -
  -    /**
        * Name of the batik browser jar file
        */
  -    public static final String SQUIGGLE_ENTRY_JAR_NAME
  +    public static final String SQUIGGLE_JAR_NAME
           = "batik-svgbrowser.jar";
   
       /**
  -     * Resource directory for the security policy
  +     * URL for Squiggle's security policy file
        */
  -    public static final String SQUIGGLE_RESOURCE_DIR 
  -        = "resources/";
  +    public static final String SQUIGGLE_SECURITY_POLICY
  +        = "org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy"; 
   
       /**
        * The resource bundle
  @@ -190,10 +126,10 @@
       protected String[] arguments;
   
       /**
  -     * Controls whether the initial SecurityManager check
  -     * has been done.
  +     * Script security enforcement is delegated to the 
  +     * security utility 
        */
  -    protected boolean initialSecurityCheckDone;
  +    protected ApplicationSecurityEnforcer securityEnforcer;
   
       /**
        * The option handlers.
  @@ -220,6 +156,7 @@
       public Main(String[] args) {
           arguments = args;
   
  +        //
           // Preferences
           //
           Map defaults = new HashMap(11);
  @@ -253,6 +190,11 @@
           defaults.put(PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN,
                        Boolean.TRUE);
        
  +        securityEnforcer 
  +            = new ApplicationSecurityEnforcer(this.getClass(),
  +                                              SQUIGGLE_SECURITY_POLICY,
  +                                              SQUIGGLE_JAR_NAME);
  +                                              
           try {
               preferenceManager = new XMLPreferenceManager("preferences.xml",
                                                            defaults);
  @@ -263,8 +205,10 @@
               preferenceManager.load();
               setPreferences();
           } catch (Exception e) {
  +            e.printStackTrace();
           }
   
  +        //
           // Initialization
           //
           final AboutDialog initDialog = new AboutDialog();
  @@ -306,6 +250,9 @@
           });
           c.setSize(100, 100);
           c.loadSVGDocument(Main.class.getResource("resources/init.svg").toString());
  +
  +                                              
  +                                                           
       }
   
       /**
  @@ -552,150 +499,10 @@
           System.setProperty("proxyPort", preferenceManager.getString
                              (PreferenceDialog.PREFERENCE_KEY_PROXY_PORT));
   
  -        if (!initialSecurityCheckDone){
  -            setInitialSecurityPreferences();
  -        } else {
  -            setSecurityPreferences();
  -        }
  -    }
  -
  -    private void setSecurityPreferences() {
  -        boolean enforceSecureScripting 
  -            = 
preferenceManager.getBoolean(PreferenceDialog.PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING);
  -
  -        if (enforceSecureScripting) {
  -            //
  -            // Check if there is an already installed SecurityManager
  -            //
  -            SecurityManager currentManager = System.getSecurityManager();
  -            if (currentManager == null){
  -                installSecurityManager();
  -            }
  -        } else {
  -            System.setSecurityManager(null);
  -        }
  -    }
  -
  -    private void setInitialSecurityPreferences(){
  -        boolean enforceSecureScripting 
  -            = 
preferenceManager.getBoolean(PreferenceDialog.PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING);
  -
  -        if (enforceSecureScripting) {
  -            //
  -            // Check if there is an already installed SecurityManager
  -            //
  -            SecurityManager currentManager = System.getSecurityManager();
  -            if (currentManager != null){
  -                //
  -                // It would be unsafe to continue if there is already a 
SecurityManager 
  -                // in place. This means Squiggle is not running as it was expected 
to.
  -                // Therefore, we throw a SecurityException
  -                //
  -                throw new SecurityException(EXCEPTION_ALIEN_SECURITY_MANAGER);
  -            } else {
  -                initialSecurityCheckDone = true;
  -            }
  -
  -            installSecurityManager();
  -        }
  -    }
  -
  -    private void installSecurityManager(){
  -        // Make sure the security policy is enforced.
  -        Policy policy = Policy.getPolicy();
  -
  -        // Install a new SecurityManager        
  -        SecurityManager securityManager = new SecurityManager();
  -
  -        // Specify squiggle's security policy in the
  -        // system property. 
  -
  -        ClassLoader cl = this.getClass().getClassLoader();
  -        URL url = cl.getResource(SQUIGGLE_SECURITY_POLICY_URL);
  -
  -        if (url == null) {
  -            throw new NullPointerException(EXCEPTION_NO_SQUIGGLE_POLICY_FILE);
  -        }
  -
  -        System.setProperty(PROPERTY_JAVA_SECURITY_POLICY,
  -                           url.toString());
  -
  -        // 
  -        // The following detects whether the browser is running in the
  -        // development environment, in which case it will set the 
  -        // squiggle.dev.base property or if it is running in the binary
  -        // distribution, in which case it will set the squiggle.jar.base
  -        // property. These properties are expanded in the security 
  -        // policy files.
  -        // Property expansion is used to provide portability of the 
  -        // policy files between various code bases (e.g., file base,
  -        // server base, etc..).
  -        //
  -        url = cl.getResource(SQUIGGLE_MAIN_CLASS_URL);
  -        if (url == null){
  -            // Something is really wrong: we would be running a class
  -            // which can't be found....
  -            throw new Error();
  -        }
  -        
  -        String expandedMainClassName = url.toString();
  -        if (expandedMainClassName.indexOf(SQUIGGLE_ENTRY_JAR_NAME) != -1) {
  -            setSquiggleJarBase(expandedMainClassName);
  -        } else {
  -            setSquiggleDevBase(expandedMainClassName);
  -        }
  -            
  -        // Install new security manager
  -        System.setSecurityManager(securityManager);
  -
  -        System.out.flush();
  -        policy.refresh();
  -
  -    }
  -
  -    private void setSquiggleJarBase(String expandedMainClassName){
  -        if (!expandedMainClassName.startsWith(JAR_PROTOCOL)){
  -            // Something is seriously wrong here
  -            throw new Error();
  -        }
  -
  -        expandedMainClassName = 
expandedMainClassName.substring(JAR_PROTOCOL.length());
  -
  -        int codeBaseEnd = 
  -            expandedMainClassName.indexOf(SQUIGGLE_ENTRY_JAR_NAME +
  -                                      JAR_URL_FILE_SEPARATOR +
  -                                      SQUIGGLE_MAIN_CLASS_URL);
  -
  -        if (codeBaseEnd == -1){
  -            // Something is seriously wrong. This should *never* happen
  -            // as the SQUIGGLE_SECURITY_POLICY_URL is such that it will be
  -            // a substring of its corresponding URL value
  -            throw new Error();
  -        }
  -
  -        String squiggleCodeBase = expandedMainClassName.substring(0, codeBaseEnd);
  -        System.setProperty(PROPERTY_SQUIGGLE_JAR_BASE, squiggleCodeBase);
  -    }
  -
  -    /**
  -     * Position the squiggle.dev.base property for expansion in 
  -     * the policy file used when Squiggle is running in its 
  -     * development version
  -     */
  -    private void setSquiggleDevBase(String expandedMainClassName){
  -        int codeBaseEnd = 
  -            expandedMainClassName.indexOf(SQUIGGLE_MAIN_CLASS_DIR + 
  -                                          SQUIGGLE_MAIN_CLASS_URL);
  -
  -        if (codeBaseEnd == -1){
  -            // Something is seriously wrong. This should *never* happen
  -            // as the SQUIGGLE_SECURITY_POLICY_URL is such that it will be
  -            // a substring of its corresponding URL value
  -            throw new Error();
  -        }
  -
  -        String squiggleCodeBase = expandedMainClassName.substring(0, codeBaseEnd);
  -        System.setProperty(PROPERTY_SQUIGGLE_DEV_BASE, squiggleCodeBase);
  +        securityEnforcer.enforceSecurity
  +            (preferenceManager.getBoolean
  +             (PreferenceDialog.PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING)
  +             );
       }
   
       private void setPreferences(JSVGViewerFrame vf) {
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to