vhardy 02/05/14 01:57:32
Modified: sources/org/apache/batik/bridge BridgeEventSupport.java
ScriptingEnvironment.java
sources/org/apache/batik/script InterpreterPool.java
sources/org/apache/batik/script/rhino RhinoClassLoader.java
RhinoInterpreter.java WindowWrapper.java
resources/org/apache/batik/apps/rasterizer/resources
rasterizer.bin.policy rasterizer.policy
resources/org/apache/batik/apps/svgbrowser/resources
svgbrowser.bin.policy svgbrowser.policy
resources/org/apache/batik/util/resources
Messages.properties
Log:
- Minor fix in BridgeEventSupport
- Removed trace in ScriptingEnvironment
- Minor fix in InterpreterPool
- Fixed getURL limitation with a work-around.
Issue description:
When security is enabled, Rhino sometimes still uses the default
ClassLoader to create classes dynamically. This has the consequence
of putting these classes in the default ProtectionDomain which is
the most restrictive one. As a consequence, code going through these
classes have no rights. This is what was causing the limitation on
the getURL code.
Ideal solution:
The ideal solution would be to have Rhino define all classes
it generates through the SecuritySupport interface as it does
for most classes. This would put all the classes generated
by Rhino in the right ProtectionDomain. I am going to work with
the Rhino developers to see if that issue can be addressed in
Rhino. In the meanwhile, I have implemented a work around which
if fairly clean (below).
Current work around:
The current work around consists in using the AccessController's
doPrivileged method to perform getURL/parseXML, enforcing the
ProtectionDomain corresponding to the currently processed
Document. No less (and no more) rights will be granted to that
code.
The new test: xml-batik/samples/tests/scripting/security3.svg
shows that secure access to the Window object is operational.
Revision Changes Path
1.35 +17 -15
xml-batik/sources/org/apache/batik/bridge/BridgeEventSupport.java
Index: BridgeEventSupport.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/bridge/BridgeEventSupport.java,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- BridgeEventSupport.java 29 Apr 2002 13:20:18 -0000 1.34
+++ BridgeEventSupport.java 14 May 2002 08:57:31 -0000 1.35
@@ -50,7 +50,7 @@
* fowarding them to the DOM as regular DOM MouseEvent.
*
* @author <a href="mailto:[EMAIL PROTECTED]>Thierry Kormann</a>
- * @version $Id: BridgeEventSupport.java,v 1.34 2002/04/29 13:20:18 tkormann Exp $
+ * @version $Id: BridgeEventSupport.java,v 1.35 2002/05/14 08:57:31 vhardy Exp $
*/
public class BridgeEventSupport implements SVGConstants {
@@ -325,22 +325,24 @@
node.getGlobalTransform().createInverse().transform(coords,
coords);
} catch (NoninvertibleTransformException ex) {
}
- for (int i = 0 ; i < list.size(); i++) {
- StrokingTextPainter.TextRun run =
- (StrokingTextPainter.TextRun)list.get(i);
- AttributedCharacterIterator aci = run.getACI();
- TextSpanLayout layout = run.getLayout();
- float x = (float)coords.getX();
- float y = (float)coords.getY();
- TextHit textHit = layout.hitTestChar(x, y);
- if (textHit != null && layout.getBounds().contains(x, y)) {
- Object delimiter = aci.getAttribute
-
(GVTAttributedCharacterIterator.TextAttribute.TEXT_COMPOUND_DELIMITER);
- if (delimiter instanceof Element) {
- return (Element)delimiter;
+ if (list != null){
+ for (int i = 0 ; i < list.size(); i++) {
+ StrokingTextPainter.TextRun run =
+ (StrokingTextPainter.TextRun)list.get(i);
+ AttributedCharacterIterator aci = run.getACI();
+ TextSpanLayout layout = run.getLayout();
+ float x = (float)coords.getX();
+ float y = (float)coords.getY();
+ TextHit textHit = layout.hitTestChar(x, y);
+ if (textHit != null && layout.getBounds().contains(x, y)) {
+ Object delimiter = aci.getAttribute
+
(GVTAttributedCharacterIterator.TextAttribute.TEXT_COMPOUND_DELIMITER);
+ if (delimiter instanceof Element) {
+ return (Element)delimiter;
+ }
}
}
- }
+ }
}
return (Element)target;
}
1.27 +4 -2
xml-batik/sources/org/apache/batik/bridge/ScriptingEnvironment.java
Index: ScriptingEnvironment.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/bridge/ScriptingEnvironment.java,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- ScriptingEnvironment.java 30 Apr 2002 08:45:15 -0000 1.26
+++ ScriptingEnvironment.java 14 May 2002 08:57:31 -0000 1.27
@@ -47,7 +47,7 @@
* This class contains the informations needed by the SVG scripting.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Stephane Hillion</a>
- * @version $Id: ScriptingEnvironment.java,v 1.26 2002/04/30 08:45:15 vhardy Exp $
+ * @version $Id: ScriptingEnvironment.java,v 1.27 2002/05/14 08:57:31 vhardy Exp $
*/
public class ScriptingEnvironment extends BaseScriptingEnvironment {
@@ -670,7 +670,6 @@
for (Node n = d.getDocumentElement().getFirstChild();
n != null;
n = n.getNextSibling()) {
- System.out.println("We screwed up");
if (n.getNodeType() == n.ELEMENT_NODE) {
n = doc.importNode(n, true);
result = doc.createDocumentFragment();
@@ -733,9 +732,12 @@
});
}
}
+
};
t.setPriority(Thread.MIN_PRIORITY);
t.start();
+
+
}
1.12 +4 -3 xml-batik/sources/org/apache/batik/script/InterpreterPool.java
Index: InterpreterPool.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/script/InterpreterPool.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- InterpreterPool.java 30 Apr 2002 08:45:15 -0000 1.11
+++ InterpreterPool.java 14 May 2002 08:57:32 -0000 1.12
@@ -27,7 +27,7 @@
* files).</p>
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Christophe Jolif</a>
- * @version $Id: InterpreterPool.java,v 1.11 2002/04/30 08:45:15 vhardy Exp $
+ * @version $Id: InterpreterPool.java,v 1.12 2002/05/14 08:57:32 vhardy Exp $
*/
public class InterpreterPool {
@@ -104,9 +104,10 @@
if (document != null) {
interpreter.bindObject("document", document);
}
- } catch (Throwable t) {
- // may append if the batik interpreters class is here but
+ } catch (Exception t) {
+ // may happen if the batik interpreters class is here but
// not the scripting engine jar
+ t.printStackTrace();
}
return interpreter;
}
1.2 +84 -4
xml-batik/sources/org/apache/batik/script/rhino/RhinoClassLoader.java
Index: RhinoClassLoader.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/script/rhino/RhinoClassLoader.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RhinoClassLoader.java 30 Apr 2002 15:05:18 -0000 1.1
+++ RhinoClassLoader.java 14 May 2002 08:57:32 -0000 1.2
@@ -8,19 +8,27 @@
package org.apache.batik.script.rhino;
+import java.io.File;
+import java.io.FilePermission;
+import java.io.IOException;
+
import java.net.URL;
import java.net.URLClassLoader;
-import java.security.SecureClassLoader;
+import java.security.AccessControlContext;
import java.security.CodeSource;
+import java.security.Permission;
import java.security.PermissionCollection;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.security.SecureClassLoader;
/**
* This class loader implementation will work whether or not the
* documentURL is null.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
- * @version $Id: RhinoClassLoader.java,v 1.1 2002/04/30 15:05:18 vhardy Exp $
+ * @version $Id: RhinoClassLoader.java,v 1.2 2002/05/14 08:57:32 vhardy Exp $
*/
public class RhinoClassLoader extends URLClassLoader {
/**
@@ -32,6 +40,19 @@
* CodeSource for classes defined by this loader
*/
protected CodeSource codeSource;
+
+ /**
+ * The protection Domain for this class loader
+ */
+ protected ProtectionDomain rhinoProtectionDomain;
+
+ /**
+ * The AccessControlContext which can be associated with
+ * code loaded by this class loader if it was running
+ * stand-alone (i.e., not invoked by code with lesser
+ * priviledges).
+ */
+ protected AccessControlContext rhinoAccessControlContext;
/**
* Constructor.
@@ -44,21 +65,80 @@
if (documentURL != null){
codeSource = new CodeSource(documentURL, null);
}
+
+ //
+ // Create the Rhino ProtectionDomain
+ // and AccessControlContext
+ //
+ rhinoProtectionDomain
+ = new ProtectionDomain(codeSource,
+ getPermissions(codeSource));
+
+ rhinoAccessControlContext
+ = new AccessControlContext(new ProtectionDomain[]{
+ rhinoProtectionDomain});
}
-
+
/**
* Define and load a Java class
*/
public Class defineClass(String name,
byte[] data){
+ // System.out.println("========================== Trying to load : " +
name);
return super.defineClass(name, data, 0, data.length, codeSource);
}
/**
+ * Returns the ProtectionDomain to which Rhino code belongs
+ */
+ public ProtectionDomain getProtectionDomain(){
+ return rhinoProtectionDomain;
+ }
+
+ /**
+ * Returns the AccessControlContext which should be associated with
+ * RhinoCode.
+ */
+ public AccessControlContext getAccessControlContext() {
+ return rhinoAccessControlContext;
+ }
+
+ /**
* Returns the permissions for the given CodeSource object.
+ * Compared to URLClassLoader, this adds a FilePermission so
+ * that files under the same root directory as the document
+ * can be read.
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
- return super.getPermissions(codesource);
+ PermissionCollection perms = super.getPermissions(codesource);
+
+ if (documentURL != null && perms != null) {
+ Permission p = null;
+ Permission dirPerm = null;
+ try {
+ p = documentURL.openConnection().getPermission();
+ } catch (IOException e){
+ p = null;
+ }
+
+ if (p instanceof FilePermission){
+ String path = p.getName();
+ if (!path.endsWith(File.separator)) {
+ // We are dealing with a file, as we would expect
+ // from a document file URL
+ int dirEnd = path.lastIndexOf(File.separator);
+ if (dirEnd != -1){
+ // Include trailing file separator
+ path = path.substring(0, dirEnd + 1);
+ path += "-";
+ dirPerm = new FilePermission(path, "read");
+ perms.add(dirPerm);
+ }
+ }
+ }
+ }
+
+ return perms;
}
}
1.17 +11 -1
xml-batik/sources/org/apache/batik/script/rhino/RhinoInterpreter.java
Index: RhinoInterpreter.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/script/rhino/RhinoInterpreter.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- RhinoInterpreter.java 13 May 2002 09:23:10 -0000 1.16
+++ RhinoInterpreter.java 14 May 2002 08:57:32 -0000 1.17
@@ -15,6 +15,8 @@
import java.net.URL;
+import java.security.AccessControlContext;
+
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Locale;
@@ -42,7 +44,7 @@
* A simple implementation of <code>Interpreter</code> interface to use
* Rhino ECMAScript interpreter.
* @author <a href="mailto:[EMAIL PROTECTED]";>Christophe Jolif</a>
- * @version $Id: RhinoInterpreter.java,v 1.16 2002/05/13 09:23:10 vhardy Exp $
+ * @version $Id: RhinoInterpreter.java,v 1.17 2002/05/14 08:57:32 vhardy Exp $
*/
public class RhinoInterpreter implements Interpreter {
private static String[] TO_BE_IMPORTED = {
@@ -134,6 +136,14 @@
} finally {
Context.exit();
}
+ }
+
+ /**
+ * Returns the AccessControlContext associated with this Interpreter.
+ * @see org.apache.batik.script.rhino.RhinoClassLoader
+ */
+ public AccessControlContext getAccessControlContext(){
+ return rhinoClassLoader.getAccessControlContext();
}
/**
1.9 +40 -16
xml-batik/sources/org/apache/batik/script/rhino/WindowWrapper.java
Index: WindowWrapper.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/script/rhino/WindowWrapper.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- WindowWrapper.java 7 May 2002 13:57:45 -0000 1.8
+++ WindowWrapper.java 14 May 2002 08:57:32 -0000 1.9
@@ -11,6 +11,10 @@
import java.io.IOException;
import java.io.StringReader;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
import org.mozilla.javascript.Context;
import org.mozilla.javascript.Function;
import org.mozilla.javascript.FunctionObject;
@@ -32,7 +36,7 @@
* This class wraps a Window object to expose it to the interpreter.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Stephane Hillion</a>
- * @version $Id: WindowWrapper.java,v 1.8 2002/05/07 13:57:45 hillion Exp $
+ * @version $Id: WindowWrapper.java,v 1.9 2002/05/14 08:57:32 vhardy Exp $
*/
public class WindowWrapper extends ScriptableObject {
@@ -169,18 +173,26 @@
*/
public static Object jsFunction_parseXML(Context cx,
Scriptable thisObj,
- Object[] args,
+ final Object[] args,
Function funObj)
throws JavaScriptException {
int len = args.length;
WindowWrapper ww = (WindowWrapper)thisObj;
- Window window = ww.window;
+ final Window window = ww.window;
if (len < 2) {
throw Context.reportRuntimeError("invalid argument count");
}
- return window.parseXML
- ((String)NativeJavaObject.coerceType(String.class, args[0]),
- (Document)NativeJavaObject.coerceType(Document.class, args[1]));
+
+ AccessControlContext acc =
+ ((RhinoInterpreter)window.getInterpreter()).getAccessControlContext();
+
+ return AccessController.doPrivileged( new PrivilegedAction() {
+ public Object run() {
+ return window.parseXML
+ ((String)NativeJavaObject.coerceType(String.class, args[0]),
+ (Document)NativeJavaObject.coerceType(Document.class,
args[1]));
+ }
+ }, acc);
}
/**
@@ -188,27 +200,39 @@
*/
public static void jsFunction_getURL(Context cx,
Scriptable thisObj,
- Object[] args,
+ final Object[] args,
Function funObj)
throws JavaScriptException {
int len = args.length;
WindowWrapper ww = (WindowWrapper)thisObj;
- Window window = ww.window;
+ final Window window = ww.window;
if (len < 2) {
throw Context.reportRuntimeError("invalid argument count");
}
RhinoInterpreter interp =
(RhinoInterpreter)window.getInterpreter();
- String uri;
- uri = (String)NativeJavaObject.coerceType(String.class, args[0]);
- GetURLFunctionWrapper fw;
- fw = new GetURLFunctionWrapper(interp, (Function)args[1], ww);
+ final String uri = (String)NativeJavaObject.coerceType(String.class,
args[0]);
+ final GetURLFunctionWrapper fw = new GetURLFunctionWrapper(interp,
(Function)args[1], ww);
+
+ AccessControlContext acc =
+ ((RhinoInterpreter)window.getInterpreter()).getAccessControlContext();
+
if (len == 2) {
- window.getURL(uri, fw);
+ AccessController.doPrivileged( new PrivilegedAction() {
+ public Object run(){
+ window.getURL(uri, fw);
+ return null;
+ }
+ }, acc);
} else {
- window.getURL
- (uri, fw,
- (String)NativeJavaObject.coerceType(String.class, args[2]));
+ AccessController.doPrivileged( new PrivilegedAction() {
+ public Object run() {
+ window.getURL
+ (uri, fw,
+ (String)NativeJavaObject.coerceType(String.class,
args[2]));
+ return null;
+ }
+ }, acc);
}
}
1.2 +9 -0
xml-batik/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy
Index: rasterizer.bin.policy
===================================================================
RCS file:
/home/cvs/xml-batik/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- rasterizer.bin.policy 2 May 2002 15:46:26 -0000 1.1
+++ rasterizer.bin.policy 14 May 2002 08:57:32 -0000 1.2
@@ -69,5 +69,14 @@
grant codeBase "${app.jar.base}/lib/js.jar" {
permission java.lang.RuntimePermission "createClassLoader";
permission java.net.SocketPermission "*", "listen, connect, resolve, accept";
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.util.PropertyPermission "org.mozilla.javascript.JavaAdapter",
"read";
+ permission java.util.PropertyPermission
"org.mozilla.javascript.JavaAdapterClassName", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
};
+
+grant {
+ permission java.io.FilePermission "lib/batik-svg-dom.jar", "read";
+};
+
1.2 +9 -0
xml-batik/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.policy
Index: rasterizer.policy
===================================================================
RCS file:
/home/cvs/xml-batik/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.policy,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- rasterizer.policy 2 May 2002 15:46:26 -0000 1.1
+++ rasterizer.policy 14 May 2002 08:57:32 -0000 1.2
@@ -12,6 +12,15 @@
grant codeBase "${app.dev.base}/lib/js.jar" {
permission java.lang.RuntimePermission "createClassLoader";
permission java.net.SocketPermission "*", "listen, connect, resolve, accept";
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.util.PropertyPermission "org.mozilla.javascript.JavaAdapter",
"read";
+ permission java.util.PropertyPermission
"org.mozilla.javascript.JavaAdapterClassName", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant {
+ permission java.io.FilePermission
"resources/org/apache/batik/dom/svg/resources/svg10.dtd", "read";
+ permission java.io.FilePermission
"resources/org/apache/batik/dom/svg/resources/UserAgentStyleSheet.css", "read";
};
1.4 +8 -0
xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy
Index: svgbrowser.bin.policy
===================================================================
RCS file:
/home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- svgbrowser.bin.policy 2 May 2002 15:46:26 -0000 1.3
+++ svgbrowser.bin.policy 14 May 2002 08:57:32 -0000 1.4
@@ -69,5 +69,13 @@
grant codeBase "${app.jar.base}/lib/js.jar" {
permission java.lang.RuntimePermission "createClassLoader";
permission java.net.SocketPermission "*", "listen, connect, resolve, accept";
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.util.PropertyPermission "org.mozilla.javascript.JavaAdapter",
"read";
+ permission java.util.PropertyPermission
"org.mozilla.javascript.JavaAdapterClassName", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant {
+ permission java.io.FilePermission "lib/batik-svg-dom.jar", "read";
};
1.4 +14 -0
xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy
Index: svgbrowser.policy
===================================================================
RCS file:
/home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- svgbrowser.policy 2 May 2002 15:46:26 -0000 1.3
+++ svgbrowser.policy 14 May 2002 08:57:32 -0000 1.4
@@ -12,7 +12,21 @@
grant codeBase "${app.dev.base}/lib/js.jar" {
permission java.lang.RuntimePermission "createClassLoader";
permission java.net.SocketPermission "*", "listen, connect, resolve, accept";
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.util.PropertyPermission "org.mozilla.javascript.JavaAdapter",
"read";
+ permission java.util.PropertyPermission
"org.mozilla.javascript.JavaAdapterClassName", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
};
+
+grant {
+ permission java.io.FilePermission
"resources/org/apache/batik/dom/svg/resources/svg10.dtd", "read";
+ permission java.io.FilePermission
"resources/org/apache/batik/dom/svg/resources/UserAgentStyleSheet.css", "read";
+};
+
+
+
+
+
1.4 +1 -1
xml-batik/resources/org/apache/batik/util/resources/Messages.properties
Index: Messages.properties
===================================================================
RCS file:
/home/cvs/xml-batik/resources/org/apache/batik/util/resources/Messages.properties,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Messages.properties 2 May 2002 15:46:26 -0000 1.3
+++ Messages.properties 14 May 2002 08:57:32 -0000 1.4
@@ -28,5 +28,5 @@
already one it place that it did not install.
ApplicationSecurityEnforcer.message.null.pointer.exception.no.policy.file=\
-The application could not load the specificed security policy ({0})
+The application could not load the specificed security policy ({0})
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
