vhardy 02/05/14 02:42:23
Modified: sources/org/apache/batik/util
ApplicationSecurityEnforcer.java
resources/org/apache/batik/apps/rasterizer/resources
rasterizer.bin.policy
resources/org/apache/batik/apps/svgbrowser/resources
svgbrowser.bin.policy
Log:
Application security policy no longer takes precedence over the one specified from
the command line through the java.security.policy property. That way, it is easier to
repackage Batik code and simply override the default packaging's policy file. For
example: java -jar myBatikJar.jar -Djava.security.policy=<policyURL> .....
Revision Changes Path
1.6 +94 -71
xml-batik/sources/org/apache/batik/util/ApplicationSecurityEnforcer.java
Index: ApplicationSecurityEnforcer.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/util/ApplicationSecurityEnforcer.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ApplicationSecurityEnforcer.java 10 May 2002 09:41:41 -0000 1.5
+++ ApplicationSecurityEnforcer.java 14 May 2002 09:42:23 -0000 1.6
@@ -25,7 +25,7 @@
* <br />
*
* @author <a mailto="[EMAIL PROTECTED]">Vincent Hardy</a>
- * @version $Id: ApplicationSecurityEnforcer.java,v 1.5 2002/05/10 09:41:41 hillion
Exp $
+ * @version $Id: ApplicationSecurityEnforcer.java,v 1.6 2002/05/14 09:42:23 vhardy
Exp $
*/
public class ApplicationSecurityEnforcer {
/**
@@ -164,70 +164,86 @@
Policy policy = Policy.getPolicy();
BatikSecurityManager securityManager = new BatikSecurityManager();
- // Specify app's security policy in the
- // system property.
- ClassLoader cl = appMainClass.getClassLoader();
- URL url = cl.getResource(securityPolicy);
-
- if (url == null) {
- throw new NullPointerException
- (Messages.formatMessage(EXCEPTION_NO_POLICY_FILE,
- new Object[]{securityPolicy}));
- }
-
- System.setProperty(PROPERTY_JAVA_SECURITY_POLICY,
- url.toString());
+ //
+ // If there is a java.security.policy property defined,
+ // it takes precedence over the one passed to this object.
+ // Otherwise, we default to the one passed to the constructor
+ //
+ String securityPolicyProperty
+ = System.getProperty(PROPERTY_JAVA_SECURITY_POLICY);
- //
- // The following detects whether the application is running in the
- // development environment, in which case it will set the
- // app.dev.base property or if it is running in the binary
- // distribution, in which case it will set the app.jar.base
- // property. These properties are expanded in the security
- // policy files.
- // Property expansion is used to provide portability of the
- // policy files between various code bases (e.g., file base,
- // server base, etc..).
- //
- url = cl.getResource(appMainClassRelativeURL);
- if (url == null){
- // Something is really wrong: we would be running a class
- // which can't be found....
- throw new Error(appMainClassRelativeURL);
- }
-
- String expandedMainClassName = url.toString();
- if (expandedMainClassName.startsWith(JAR_PROTOCOL) ) {
- setJarBase(expandedMainClassName);
- } else {
- setDevBase(expandedMainClassName);
+ if (securityPolicyProperty == null) {
+ // Specify app's security policy in the
+ // system property.
+ ClassLoader cl = appMainClass.getClassLoader();
+ URL policyURL = cl.getResource(securityPolicy);
+
+ if (policyURL == null) {
+ throw new NullPointerException
+ (Messages.formatMessage(EXCEPTION_NO_POLICY_FILE,
+ new Object[]{securityPolicy}));
+ }
+
+ System.setProperty(PROPERTY_JAVA_SECURITY_POLICY,
+ policyURL.toString());
+
+ //
+ // The following detects whether the application is running in the
+ // development environment, in which case it will set the
+ // app.dev.base property or if it is running in the binary
+ // distribution, in which case it will set the app.jar.base
+ // property. These properties are expanded in the security
+ // policy files.
+ // Property expansion is used to provide portability of the
+ // policy files between various code bases (e.g., file base,
+ // server base, etc..).
+ //
+ URL mainClassURL = cl.getResource(appMainClassRelativeURL);
+ if (mainClassURL == null){
+ // Something is really wrong: we would be running a class
+ // which can't be found....
+ throw new Error(appMainClassRelativeURL);
+ }
+
+ String expandedMainClassName = mainClassURL.toString();
+ if (expandedMainClassName.startsWith(JAR_PROTOCOL) ) {
+ setJarBase(expandedMainClassName);
+ } else {
+ setDevBase(expandedMainClassName);
+ }
+
+ // Install new security manager
+ System.setSecurityManager(securityManager);
+ lastSecurityManagerInstalled = securityManager;
+
+ // Forces re-loading of the security policy
+ policy.refresh();
}
-
- // Install new security manager
- System.setSecurityManager(securityManager);
- lastSecurityManagerInstalled = securityManager;
-
- // Forces re-loading of the security policy
- policy.refresh();
}
private void setJarBase(String expandedMainClassName){
- expandedMainClassName =
expandedMainClassName.substring(JAR_PROTOCOL.length());
-
- int codeBaseEnd =
- expandedMainClassName.indexOf(appJarFile +
- JAR_URL_FILE_SEPARATOR +
- appMainClassRelativeURL);
-
- if (codeBaseEnd == -1){
- // Something is seriously wrong. This should *never* happen
- // as the APP_SECURITY_POLICY_URL is such that it will be
- // a substring of its corresponding URL value
- throw new Error();
+ //
+ // Only set the app.jar.base if it is not already defined
+ //
+ String curAppJarBase = System.getProperty(PROPERTY_APP_JAR_BASE);
+ if (curAppJarBase == null) {
+ expandedMainClassName =
expandedMainClassName.substring(JAR_PROTOCOL.length());
+
+ int codeBaseEnd =
+ expandedMainClassName.indexOf(appJarFile +
+ JAR_URL_FILE_SEPARATOR +
+ appMainClassRelativeURL);
+
+ if (codeBaseEnd == -1){
+ // Something is seriously wrong. This should *never* happen
+ // as the APP_SECURITY_POLICY_URL is such that it will be
+ // a substring of its corresponding URL value
+ throw new Error();
+ }
+
+ String appCodeBase = expandedMainClassName.substring(0, codeBaseEnd);
+ System.setProperty(PROPERTY_APP_JAR_BASE, appCodeBase);
}
-
- String appCodeBase = expandedMainClassName.substring(0, codeBaseEnd);
- System.setProperty(PROPERTY_APP_JAR_BASE, appCodeBase);
}
/**
@@ -236,19 +252,26 @@
* development version
*/
private void setDevBase(String expandedMainClassName){
- int codeBaseEnd =
- expandedMainClassName.indexOf(APP_MAIN_CLASS_DIR +
- appMainClassRelativeURL);
-
- if (codeBaseEnd == -1){
- // Something is seriously wrong. This should *never* happen
- // as the APP_SECURITY_POLICY_URL is such that it will be
- // a substring of its corresponding URL value
- throw new Error();
+ //
+ // Only set the app.code.base property if it is not already
+ // defined.
+ //
+ String curAppCodeBase = System.getProperty(PROPERTY_APP_DEV_BASE);
+ if (curAppCodeBase == null) {
+ int codeBaseEnd =
+ expandedMainClassName.indexOf(APP_MAIN_CLASS_DIR +
+ appMainClassRelativeURL);
+
+ if (codeBaseEnd == -1){
+ // Something is seriously wrong. This should *never* happen
+ // as the APP_SECURITY_POLICY_URL is such that it will be
+ // a substring of its corresponding URL value
+ throw new Error();
+ }
+
+ String appCodeBase = expandedMainClassName.substring(0, codeBaseEnd);
+ System.setProperty(PROPERTY_APP_DEV_BASE, appCodeBase);
}
-
- String appCodeBase = expandedMainClassName.substring(0, codeBaseEnd);
- System.setProperty(PROPERTY_APP_DEV_BASE, appCodeBase);
}
1.3 +0 -4
xml-batik/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy
Index: rasterizer.bin.policy
===================================================================
RCS file:
/home/cvs/xml-batik/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- rasterizer.bin.policy 14 May 2002 08:57:32 -0000 1.2
+++ rasterizer.bin.policy 14 May 2002 09:42:23 -0000 1.3
@@ -1,7 +1,3 @@
-grant codeBase "${app.jar.base}/classes/" {
- permission java.security.AllPermission;
-};
-
grant codeBase "${app.jar.base}/lib/crimson-parser.jar" {
permission java.security.AllPermission;
};
1.5 +0 -4
xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy
Index: svgbrowser.bin.policy
===================================================================
RCS file:
/home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- svgbrowser.bin.policy 14 May 2002 08:57:32 -0000 1.4
+++ svgbrowser.bin.policy 14 May 2002 09:42:23 -0000 1.5
@@ -1,7 +1,3 @@
-grant codeBase "${app.jar.base}/classes/" {
- permission java.security.AllPermission;
-};
-
grant codeBase "${app.jar.base}/lib/crimson-parser.jar" {
permission java.security.AllPermission;
};
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
