cvs commit: xml-batik/sources/org/apache/batik/util ApplicationSecurityEnforcer.java

Wed, 29 May 2002 07:02:32 -0700 

vhardy      02/05/29 07:20:43

  Modified:    sources/org/apache/batik/util
                        ApplicationSecurityEnforcer.java
  Log:
  Fixed regressions on ApplicationSecurityEnforcer following fix for no override of 
existing java.security.policy property
  
  Revision  Changes    Path
  1.7       +40 -35    
xml-batik/sources/org/apache/batik/util/ApplicationSecurityEnforcer.java
  
  Index: ApplicationSecurityEnforcer.java
  ===================================================================
  RCS file: 
/home/cvs/xml-batik/sources/org/apache/batik/util/ApplicationSecurityEnforcer.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- ApplicationSecurityEnforcer.java  14 May 2002 09:42:23 -0000      1.6
  +++ ApplicationSecurityEnforcer.java  29 May 2002 14:20:43 -0000      1.7
  @@ -25,7 +25,7 @@
    * <br />
    *
    * @author <a mailto="[EMAIL PROTECTED]">Vincent Hardy</a>
  - * @version $Id: ApplicationSecurityEnforcer.java,v 1.6 2002/05/14 09:42:23 vhardy 
Exp $
  + * @version $Id: ApplicationSecurityEnforcer.java,v 1.7 2002/05/29 14:20:43 vhardy 
Exp $
    */
   public class ApplicationSecurityEnforcer {
       /**
  @@ -136,6 +136,7 @@
        */
       public void enforceSecurity(boolean enforce){
           SecurityManager sm = System.getSecurityManager();
  +
           if (sm != null && sm != lastSecurityManagerInstalled) {
               // Throw a Security exception: we do not want to override
               // an 'alien' SecurityManager with either null or 
  @@ -169,13 +170,13 @@
           // it takes precedence over the one passed to this object.
           // Otherwise, we default to the one passed to the constructor
           //
  +        ClassLoader cl = appMainClass.getClassLoader();
           String securityPolicyProperty 
               = System.getProperty(PROPERTY_JAVA_SECURITY_POLICY);
   
  -        if (securityPolicyProperty == null) {
  +        if (securityPolicyProperty == null || securityPolicyProperty.equals("")) {
               // Specify app's security policy in the
               // system property. 
  -            ClassLoader cl = appMainClass.getClassLoader();
               URL policyURL = cl.getResource(securityPolicy);
               
               if (policyURL == null) {
  @@ -186,38 +187,42 @@
               
               System.setProperty(PROPERTY_JAVA_SECURITY_POLICY,
                                  policyURL.toString());
  -            
  -            // 
  -            // The following detects whether the application is running in the
  -            // development environment, in which case it will set the 
  -            // app.dev.base property or if it is running in the binary
  -            // distribution, in which case it will set the app.jar.base
  -            // property. These properties are expanded in the security 
  -            // policy files.
  -            // Property expansion is used to provide portability of the 
  -            // policy files between various code bases (e.g., file base,
  -            // server base, etc..).
  -            //
  -            URL mainClassURL = cl.getResource(appMainClassRelativeURL);
  -            if (mainClassURL == null){
  -                // Something is really wrong: we would be running a class
  -                // which can't be found....
  -                throw new Error(appMainClassRelativeURL);
  -            }
  -            
  -            String expandedMainClassName = mainClassURL.toString();
  -            if (expandedMainClassName.startsWith(JAR_PROTOCOL) ) {
  -                setJarBase(expandedMainClassName);
  -            } else {
  -                setDevBase(expandedMainClassName);
  -            }
  -            
  -            // Install new security manager
  -            System.setSecurityManager(securityManager);
  -            lastSecurityManagerInstalled = securityManager;
  -            
  -            // Forces re-loading of the security policy
  -            policy.refresh();
  +        }
  +        
  +        // 
  +        // The following detects whether the application is running in the
  +        // development environment, in which case it will set the 
  +        // app.dev.base property or if it is running in the binary
  +        // distribution, in which case it will set the app.jar.base
  +        // property. These properties are expanded in the security 
  +        // policy files.
  +        // Property expansion is used to provide portability of the 
  +        // policy files between various code bases (e.g., file base,
  +        // server base, etc..).
  +        //
  +        URL mainClassURL = cl.getResource(appMainClassRelativeURL);
  +        if (mainClassURL == null){
  +            // Something is really wrong: we would be running a class
  +            // which can't be found....
  +            throw new Error(appMainClassRelativeURL);
  +        }
  +        
  +        String expandedMainClassName = mainClassURL.toString();
  +        if (expandedMainClassName.startsWith(JAR_PROTOCOL) ) {
  +            setJarBase(expandedMainClassName);
  +        } else {
  +            setDevBase(expandedMainClassName);
  +        }
  +        
  +        // Install new security manager
  +        System.setSecurityManager(securityManager);
  +        lastSecurityManagerInstalled = securityManager;
  +        
  +        // Forces re-loading of the security policy
  +        policy.refresh();
  +
  +        if (securityPolicyProperty == null || securityPolicyProperty.equals("")) {
  +            System.setProperty(PROPERTY_JAVA_SECURITY_POLICY, "");
           }
       }
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to