add configuration support for user prompts and other access control options

2010-11-18  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/SecurityDesc.java: Remove window banner
    permissions from sandboxPermissions and j2eePermissions.
    (getSandBoxPermissions): Dynamically add window banner permissions
    if allowed by configuration.
    * netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java:
    Add KEY_SECURITY_PROMPT_USER,
    KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING,
    KEY_SECURITY_PROMPT_USER_FOR_JNLP, and
    KEY_SECURITY_INSTALL_AUTHENTICATOR.
    (loadDefaultProperties): Use the new constants.
    * netx/net/sourceforge/jnlp/security/SecurityWarning.java
    (showAccessWarningDialog): Check if the user should be prompted
    before prompting the user.
    (showNotAllSignedWarningDialog): Likewise.
    (showCertWarningDialog): Likewise.
    (showAppletWarning): Likewise.
    (shouldPromptUser): New method. Check if configuration allows
    showing user prompts.
    * netx/net/sourceforge/jnlp/services/ServiceUtil.java
    (checkAccess(AccessType,Object...)): Clarify javadocs.
    (checkAccess(ApplicationInstance,AccessType,Object...)): Clarify
    javadocs. Only prompt the user if showing JNLP prompts is ok.
    (shouldPromptUser): New method. Returns true if configuration allows
    for showing JNLP api prompts.
    * plugin/icedteanp/java/sun/applet/PluginMain.java
    (init): Only install custom authenticator if allowed by
    configuration.

1 files changed, 8 insertions, 2 deletions

diff --git a/netx/net/sourceforge/jnlp/SecurityDesc.java b/netx/net/sourceforge/jnlp/SecurityDesc.java
index d2ccde6..e7a9706 100644
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java
@@ -23,6 +23,9 @@ import java.util.*;
 import java.security.*;
 import java.awt.AWTPermission;
 
+import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+
 /**
  * The security element.
  *
@@ -67,7 +70,6 @@ public class SecurityDesc {
         // queues, or even prevent access to security dialog queues.
         //
         // new AWTPermission("accessEventQueue"),
-        new AWTPermission("showWindowWithoutWarningBanner"),
         new RuntimePermission("exitVM"),
         new RuntimePermission("loadLibrary"),
         new RuntimePermission("queuePrintJob"),
@@ -105,7 +107,6 @@ public class SecurityDesc {
         new PropertyPermission("javaws.*", "read,write"),
         new RuntimePermission("exitVM"),
         new RuntimePermission("stopThread"),
-        new AWTPermission("showWindowWithoutWarningBanner"),
         // disabled because we can't at this time prevent an
         // application from accessing other applications' event
         // queues, or even prevent access to security dialog queues.
@@ -187,6 +188,11 @@ public class SecurityDesc {
         for (int i=0; i < sandboxPermissions.length; i++)
             permissions.add(sandboxPermissions[i]);
 
+        String key = DeploymentConfiguration.KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING;
+        if (Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(key)) == Boolean.TRUE) {
+            permissions.add(new AWTPermission("showWindowWithoutWarningBanner"));
+        }
+
         if (file.isApplication())
             for (int i=0; i < jnlpRIAPermissions.length; i++)
                 permissions.add(jnlpRIAPermissions[i]);